112-57Preview

Jennifer, a forensics investigation team member, was inspecting a compromised system. After gathering all the evidence related to the compromised system, she disconnected the system from the network to stop the spread of the incident to other systems.
Identify the role played by Jennifer in the forensics investigation.

An organization decided to strengthen the security of its network by studying and analyzing the behavior of attackers. For this purpose, Steven, a security analyst, was instructed to deploy a device to bait attackers. Steven selected a solution that appears to contain very useful information to lure attackers and find their locations and techniques.
Identify the type of device deployed by Steven in the above scenario.

Which of the following acts was passed by the U.S. Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations?

Below is the syntax of a command-line utility that displays active TCP connections and ports on which the computer is listening. netstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]
Identify the netstat parameter that displays active TCP connections and includes the process ID (PID) for each connection.

Which of the following network protocols creates secure tunneling through which content obfuscation can be achieved?

Sandra, a hacker, targeted Johana, a software professional, to steal her banking details. She started sending frequent, random pop-up messages with malicious links to her social media page. Johana accidentally clicked on a link, causing a malicious program to get installed in her system. Subsequently, when Johana attempted to access her banking website, the URL directed her to a malicious website controlled by Sandra. Johana entered her banking credentials on the fake website, which Sandra than captured.
Identify the type of attack performed by Sandra on Johana.

Clark, a security professional, identified that one of the systems in the organization is infected with malware and was used for creating a backdoor. Clark employed an automated tool to analyze the system's memory and detect malicious activities performed on the system.
In the above scenario, which of the following tools did Clark employ to detect malicious activities performed on the system?

Which of the following tools helps forensic experts analyze user activity in the Microsoft Edge browser?

Which of the following layers of the TCP/IP model serves as the backbone for data flow between two devices in a network and enables peer entities on the source and destination devices to communicate with each other?

In which of the following malware distribution techniques does the attacker use tactics such as keyword stuffing, doorway pages, page swapping, and adding unrelated keywords to improve the search-engine ranking of their malware pages?

Which of the following techniques is defined as the art of hiding data "behind" other data without the target's knowledge, thereby hiding the existence of the message itself?

Which of the following Tor relay nodes in the Tor circuit is designed to transfer data in an encrypted format?

James, a forensic specialist, was appointed to investigate an incident in an organization. As part of the investigation, James is attempting to identify whether any external storage devices are connected to the internal systems. For this purpose, he employed a utility to capture the list of all devices connected to the local machine and removed suspicious devices.
Identify the tool employed by James in the above scenario.

Kelly, a professional hacker, used her laptop to perform illegal cyber activities for monetary gain on many victims. She securely locked her laptop using BitLocker software. Using this tool, she locked an entire volume using a secret key to deny access to the system.
Identify the anti-forensic technique used by Don in the above scenario.

Identify the investigation team member who is responsible for evidence gathered at the crime scene and maintains a record of the evidence, making it admissible in a court of law.

Williams, a forensic specialist, was tasked with performing a static malware analysis on a suspect system in an organization. For this purpose, Williams used an automated tool to perform a string search and saved all the identified strings in a text file. After analyzing the strings, he determined all the harmful actions that were performed by malware.
Identify the tool employed by Williams in the above scenario.

Given below is a regex signature used by security professionals for detecting an XSS attack:
/((%3C)|<)[^\n]+((%3E)|>)/|
Which of the following types of XSS attack does the above regex expression detect?

While investigating a web attack on a Windows-based server, Jessy executed the following command on her system:
C:&gt; net view <10.10.10.11>
What was Jessy's objective in running the above command?

Which of the following NTFS system files contains a record of every file present in the system?

Alice and John are close college friends. Alice frequently sends emails to John attaching her pies with friends. One day, Alice sent an email to John describing all the details related to the final year project without specifying the actual purpose. John missed the message as he frequently receives emails from her and did not arrive for a project seminar.
Which of the following email fields could Alice have used in the above scenario to highlight the importance of the email?

Sam, a digital forensic expert, is working on a case related to file tampering in a system at the administrative department of an organization. In this process, Sam started performing the following steps to analyze the acquired data to draw conclusions related to the case.

1. Analyze the file content for data usage.
2. Analyze the date and time of file creation and modification.
3. Find the users associated with file creation, access, and file modification.
4. Determine the Physical storage location of the file.
5. Generate a timeline.
6. Identify the root cause of the incident.
   Identify the type of analysis performed by Sam in the above scenario.

Bob, a forensic investigator, was instructed to review a Windows machine and identify any anonymous activities performed using it. In this process, Bob used the command "netstat -ano" to view all the active connections in the system and determined that the connections established by the Tor browser were closed.
Which of the following states of the connections established by Tor indicates that the Tor browser is closed?

Bob, a forensic investigator, is investigating a live Windows system found at a crime scene. In this process, Bob extracted subkeys containing information such as SAM, Security, and software using an automated tool called FTK Imager.
Which of the following Windows Registry hives' subkeys provide the above information to Bob?

Jack, a forensic investigator, was appointed to investigate a Windows-based security Incident. In this process, he employed an Autopsy tool to recover the deleted files from unallocated space, which helps in gathering potential evidence.
Which of the following functions of Autopsy helped Jack recover the deleted files?