Reference no: EM133440413
Questions
1. The Contoso organization has a very limited budget to purchase their new system that they will use to sell widgets online. They want to ensure that this system continues operating even if one of their servers goes offline as a result of an incident. According to what principle(s) should they design it for? Select the BEST answer.
a) Continuous availability
b) Continuous operation
c) High availability
d) a) and b)
2. Which of the following is a DIRECT benefit associated with doing business impact analysis on existing systems within an organisation?
a) Optimizing the allocation of limited recovery resources when dealing with a disruption
b) Understanding how to efficiently recover your information systems
c) Designing systems that are more resilient
d) Being better prepared to face disruptive events
e) Documenting the dependencies between your systems
3. In a Windows environment, from which of the following sources would I typically find the MOST artifacts for a forensic investigation?
a) Event logs
b) Shellbags
c) Registry
d) Prefetch files
e) Shortcut files
4. Which of these statements best explains the VALUE provided by documenting a chain of custody?
a) It is an essential requirement from the court
b) It ensures that evidence will not be tampered with
c) It prevents evidence manipulation errors
d) It provides traceability throughout the evidence lifecycle
e) it guarantees that only vetted individuals will be in contact with the evidence
5. Which of these statements apply to businesses continuity?
a) Can apply to incidents affecting the availability of datacenters
b) It must always be performed be performed in less than 24 hours
c) Ensures that all systems can be recovered quickly
d) Focusses on ensuring that the business is not affected by disruptive events
e) Deals specifically with what happens right after a disaster
6. Contoso is thinking about signing a contract with a supplier for a hot site located across the country. Which of these statements could be BEST associated to such a site?
a) It could take multiple weeks to resume operations at a hot site
b) The upfront costs for a hot site are very high
c) The hot site might also become unavailable as a direct result of the disaster affecting you
d) it could be challenging to quickly procure IT equipment to fully equip the hot site if there is a disaster
e) The hot site will be oversubscribed and might not be available if there is serious disaster that happens.
7. Which of the following are reasons why you should use a hardware write-blocker when acquiring evidence?
a) They will flag suspicious data elements on which the investigator should focus
b) They are designed to prevent manipulation errors that could lead to compromising your evidence
c) They ensure that you have sterile media
d) They have typically been independently evaluated by third parties.
a) They will provide you with a perfectly valid forensic copy on which to perform your investigation.
8. Which of these characteristics could be associated with thick email client?
a) This email client could be used on a phone
b) There can be a large footprint of emails found on a device where a thick email client is used
c) Using this type of email client is likely to leave no forensic artifacts on the device
d) The credentials used to access the email account could potentially be found on the device accessing the emails
e) This email client could leave artifacts within the cache a browser
9. Organisation Contoso is fairly mature. They have already performed some trainings, exercises and tests related to BCDR. They are very concerned about a potential ransomware incident where some of their key servers could get encrypted. What type of exercise or test would be the most appropriate for them to do? Please select the BEST answer.
a) A tabletop exercise on a ransomware incident
b) A functional exercise on a ransomware incident
c) A full interruption test simulating a ransomware incident
d) a) b) or c) would provide a very similar value to Contoso
e) They should not be doing anything before having prepared a playbook.
10. Explain how the lack of proper forensic equipment could prevent a trained and experienced digital forensic examiner from successfully conducting an investigation. Please write.
11. Which of these statements about threat intelligence (TI) is FALSE?
a) Using external TI allows an organization to build upon the experience of others
b) Using external TI can allow an organization to be protected faster against known threats
c) Using external TI would allow an organization to detect any threat very quickly
d) Using external TI can prevent many cyber incidents from happening.
e) TI can also come from within your own organization.
12. Organisation Contoso is getting ready to launch a new artificial intelligence interactive service that will be called chatCONTOSO. They are currently trialling the service from their own IT infrastructure in one physical data center located in Montreal. They will soon be opening their service over the internet but they don't know how successful it will be. Could leveraging the cloud be an interesting proposition instead of investing in additional hardware for their own physical data center? explain.
13. From the 3 incident prioritization schemes that we've seen in this course, which one would be the most appropriate for an organization that is a critical infrastructure operator? Please write.
14. What type of site to be used for disaster recovery would be best suited for university having an extremely low budget?
a) Hot site.
b) Mobile site
c) Reciprocal agreement site
d) Fully mirrored site
e) Cold site.
15. Identify the devices whose hash values could potentially be altered even if you follow all recognized forensic best practices.
a) Solid-state device (SSD)
b) DVD
c) MicroSD card
d) USB key
e) Hard-disk drives (HDD)
16. Which of the following sources of RAM memory data would be the most USELESS from a forensic perspective?
a) RAM memory dump
b) Swapfile
c) Hibernation file
d) Crash dump
e) Pagefile
17. Explain the usefulness of data that could be contained in allocated space within the context of a forensic investigation. Please provide examples.
18. How could a security information and event management (SIEM) tool be leveraged for detecting an incident?
a) It could identify data exfiltration
b) It could identify event patterns that associated with a potential incident
c) It could identify that one of your storage devices is 100% full
d) a), b) and c)
e) A SIEM tool can only be used for analyzing events and would not detect an incident.
18. As a cybersecurity professional, what is the FIRST thing that you should do when someone contacts you to report an incident?
a) Perform a severity assessment of the incident
b) Determine the priority level associated with that incident
c) Perform verifications to assess the information provided by the incident reporter
d) Evaluate how much downtime this incident could cause to the business
e) There is no first thing. You should perform all the steps in parallel since time is of the essence when responding to an incident.