It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete?


A. Discovery
B. Recovery
C. Containment
D. Eradication

Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?


A. 123
B. 161
C. 69
D. 113

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?


A. Event logs on the PC
B. Internet Firewall/Proxy log
C. IDS log
D. Event logs on domain controller

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?


A. Confront the client in a respectful manner and ask her about the data.
B. Copy the data to removable media and keep it in case you need it.
C. Ignore the data and continue the assessment until completed as agreed.
D. Immediately stop work and contact the proper legal authorities.

Which regulation defines security and privacy controls for Federal information systems and organizations?


A. HIPAA
B. EU Safe Harbor
C. PCI-DSS
D. NIST-800-53

In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?


A. Privilege Escalation
B. Shoulder-Surfing
C. Hacking Active Directory
D. Port Scanning

When tuning security alerts, what is the best approach?


A. Tune to avoid False positives and False Negatives
B. Rise False positives Rise False Negatives
C. Decrease the false positives
D. Decrease False negatives

Which of the following is a low-tech way of gaining unauthorized access to systems?


A. Scanning
B. Sniffing
C. Social Engineering
D. Enumeration

Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends many IP packets, based on the average number of packets sent by all origins and using some thresholds.
In concept, the solution developed by Bob is actually:


A. Just a network monitoring tool
B. A signature-based IDS
C. A hybrid IDS
D. A behavior-based IDS

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?


A. Black-box
B. Announced
C. White-box
D. Grey-box