In which of the following types of insider threats an insider who is uneducated on potential security threats or simply bypasses general security procedures to meet workplace efficiency?

A. Compromised insider

B. Negligent insider

C. Professional insider

D. Malicious insider

Bran is an incident handler who is assessing the network of the organization. In the process, he wants to detect ping sweep attempts on the network using Wireshark tool.
Which of the following Wireshark filter he must use to accomplish this task?

A. icmp.seq

B. icmp.redir_gw

C. icmp.type==8

D. icmp.ident

Michael is a part of the computer incident response team of a company. One of his responsibilities is to handle email incidents. The company receives an email from an unknown source, and one of the steps that he needs to take is to check the validity of the email. Which of the following tools should he use?

A. Zendio

B. Email Dossier

C. Yesware

D. G Suite Toolbox

Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.

Which of the following key indicators of compromise does this scenario present?

A. Unusual outbound network traffic

B. Unexpected patching of systems

C. Unusual activity through privileged user account

D. Geographical anomalies

Jason is an incident handler dealing with malware incidents. He was asked to perform memory dump analysis in order to collect the information about the basic functionality of any program. As a part of his assignment, he needs to perform string search analysis to search for the malicious string that could determine harmful actions that a program can perform. Which of the following string-searching tools Jason needs to use to do the intended task?

A. PEView

B. BinText

C. Dependency Walker

D. Process Explorer

Lizzy, an analyst, wants to recognize the level of risks to the organization so as to plan countermeasures against cyber attacks. She used a threat modelling methodology where she performed the following stages:

Stage 1: Build asset-based threat profiles
Stage 2: Identify infrastructure vulnerabilities
Stage 3: Develop security strategy and plans

Which of the following threat modelling methodologies was used by Lizzy in the aforementioned scenario?

A. TRIKE

B. VAST

C. OCTAVE

D. DREAD

Walter and Sons Company has faced major cyber attacks and lost confidential data. The company has decided to concentrate more on the security rather than other resources. Therefore, they hired Alice, a threat analyst, to perform data analysis. Alice was asked to perform qualitative data analysis to extract useful information from collected bulk data.
Which of the following techniques will help Alice to perform qualitative data analysis?

A. Regression analysis, variance analysis, and so on

B. Numerical calculations, statistical modeling, measurement, research, and so on.

C. Brainstorming, interviewing, SWOT analysis, Delphi technique, and so on

D. Finding links between data and discover threat-related information

A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization.
Which of the following attacks is performed on the client organization?

A. DHCP attacks

B. MAC spoofing attack

C. Distributed Denial-of-Service (DDoS) attack

D. Bandwidth attack

Eric is an incident responder and is working on developing incident-handling plans and procedures. As part of this process, he is performing an analysis on the organizational network to generate a report and develop policies based on the acquired results. Which of the following tools will help him in analyzing his network and the related traffic?

A. Whois

B. Burp Suite

C. FaceNiff

D. Wireshark

Which of the following is a standard framework that provides recommendations for implementing information security controls for organizations that initiate, implement, or maintain information security management systems (ISMSs)?

A. ISO/IEC 27002

B. ISO/IEC 27035

C. PCI DSS

D. RFC 219G

An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery locations in the rapidly changing network of compromised bots. In this particular technique, a single domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?

A. DNS zone transfer

B. Dynamic DNS

C. DNS interrogation

D. Fast-Flux DNS

Which of the following types of digital evidence is temporarily stored in a digital device that requires constant power supply and is deleted if the power supply is interrupted?

A. Slack space

B. Process memory

C. Event logs

D. Swap file