Which of the following may be considered as insider threat(s):

A.

An employee having no clashes with supervisors and coworkers

B.

Disgruntled system administrators

C.

An employee who gets an annual 7% salary raise

D.

An employee with an insignificant technical literacy and business process knowledge

An active vulnerability scanner featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis is called:

A.

Nessus

B.

CyberCop

C.

EtherApe

D.

nmap

The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost. Which of the following does NOT constitute a goal of incident response?

A.

Dealing with human resources department and various employee conflict behaviors.

B.

Using information gathered during incident handling to prepare for handling future incidents in a better way and to provide stronger protection for systems and data

C.

Helping personal to recover quickly and efficiently from security incidents, minimizing loss or theft and disruption of services.

D.

Dealing properly with legal issues that may arise during incidents.

A risk mitigation strategy determines the circumstances under which an action has to be taken to minimize and overcome risks. Identify the risk mitigation strategy that focuses on minimizing the probability of risk and losses by searching for vulnerabilities in the system and appropriate controls:

A.

Risk Assumption

B.

Research and acknowledgment

C.

Risk limitation

D.

Risk absorption

Which of the following is an incident tracking, reporting and handling tool:

A.

CRAMM

B.

RTIR

C.

NETSTAT

D.

EAR/ Pilar

The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven language, performs real-time traffic analysis and packet logging is known as:

A.

Snort

B.

Wireshark

C.

Nessus

D.

SAINT

A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control the victim’s system is called:

A.

Trojan

B.

Worm

C.

Virus

D.

RootKit

Which of the following can be considered synonymous:

A.

Hazard and Threat

B.

Threat and Threat Agent

C.

Precaution and countermeasure

D.

Vulnerability and Danger

Which of the following is NOT a digital forensic analysis tool:

A.

Access Data FTK

B.

EAR/ Pilar

C.

Guidance Software EnCase Forensic

D.

Helix

One of the goals of CSIRT is to manage security problems by taking a certain approach towards the customers’ security vulnerabilities and by responding effectively to potential information security incidents.
Identify the incident response approach that focuses on developing the infrastructure and security processes
before the occurrence or detection of an event or any incident:

A.

Interactive approach

B.

Introductive approach

C.

Proactive approach

D.

Qualitative approach

Which of the following is NOT one of the Computer Forensic types:

A.

USB Forensics

B.

Email Forensics

C.

Forensic Archaeology

D.

Image Forensics

Which of the following is an appropriate flow of the incident recovery steps?

A.

System Operation-System Restoration-System Validation-System Monitoring

B.

System Validation-System Operation-System Restoration-System Monitoring

C.

System Restoration-System Monitoring-System Validation-System Operations

D.

System Restoration-System Validation-System Operations-System Monitoring