Policies are designed to protect the organizational resources on the network by establishing the set rules and procedures. Which of the following policies authorizes a group of users to perform a set of actions on a set of resources?

A.

Access control policy

B.

Audit trail policy

C.

Logging policy

D.

Documentation policy

An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the incident recovery plan?

A.

Creating new business processes to maintain profitability after incident

B.

Providing a standard for testing the recovery plan

C.

Avoiding the legal liabilities arising due to incident

D.

Providing assurance that systems are reliable

What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP
addresses on a victim computer to identify the established connections on it:

A.

“arp” command

B.

“netstat –an” command

C.

“dd” command

D.

“ifconfig” command

What command does a Digital Forensic Examiner use to display the list of all IP addresses and their associated MAC addresses on a victim computer to identify the machines that were communicating with it:

A.

“arp” command

B.

“netstat –an” command

C.

“dd” command

D.

“ifconfig” command

A US Federal agency network was the target of a DoS attack that prevented and impaired the normal
authorized functionality of the networks. According to agency’s reporting timeframe guidelines, this incident
should be reported within two (2) HOURS of discovery/detection if the successful attack is still ongoing and
the agency is unable to successfully mitigate the activity. Which incident category of the US Federal Agency
does this incident belong to?

A.

CAT 5

B.

CAT 1

C.

CAT 2

D.

CAT 6

CSIRT can be implemented at:

A.

Internal enterprise level

B.

National, government and military level

C.

Vendor level

D.

All the above

In which of the steps of NIST’s risk assessment methodology are the boundary of the IT system, along with the resources and the information that constitute the system identified?

A.

Likelihood Determination

B.

Control recommendation

C.

System characterization

D.

Control analysis

The main feature offered by PGP Desktop Email is:

A.

Email service during incidents

B.

End-to-end email communications

C.

End-to-end secure email service

D.

None of the above

The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:

A.

A Precursor

B.

An Indication

C.

A Proactive

D.

A Reactive

A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:

A.

Decrease in network usage

B.

Established connection attempts targeted at the vulnerable services

C.

System becomes instable or crashes

D.

All the above

A payroll system has a vulnerability that cannot be exploited by current technology. Which of the following is correct about this scenario:

A.

The risk must be urgently mitigated

B.

The risk must be transferred immediately

C.

The risk is not present at this time

D.

The risk is accepted

The most common type(s) of intellectual property is(are):

A.

Copyrights and Trademarks

B.

Patents

C.

Industrial design rights & Trade secrets

D.

All the above