Which technology on a host is used to isolate a running application from other applications?
A. sandbox
B. application allow list
C. application block list
D. host-based firewall
What is a difference between tampered and untampered disk images?
A. Tampered images have the same stored and computed hash.
B. Untampered images are deliberately altered to preserve as evidence.
C. Tampered images are used as evidence.
D. Untampered images are used for forensic investigations.
At which layer is deep packet inspection investigated on a firewall?
A. internet
B. transport
C. application
D. data link
What is an incident response plan?
A. an organizational approach to events that could lead to asset loss or disruption of operations
B. an organizational approach to security management to ensure a service lifecycle and continuous improvements
C. an organizational approach to disaster recovery and timely restoration of operational services
D. an organizational approach to system backup and data archiving aligned to regulations
Which event is user interaction?
A. gaining root access
B. executing remote code
C. reading and writing file permission
D. opening a malicious file
An engineer needs to fetch logs from a proxy server and generate actual events according to the data received. Which technology should the engineer use to accomplish this task?
A. Firepower
B. Email Security Appliance
C. Web Security Appliance
D. Stealthwatch
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?
A. examination
B. investigation
C. collection
D. reporting
Which type of attack uses a botnet to reflect requests off of an NTP server to overwhelm a target?
A. replay
B. distributed denial of service
C. denial of service
D. man-in-the-middle