Before re-assigning a computer to a new employee, what data security technique does the IT department use to make sure no data is left behind by the previous user?

A. Fingerprinting

B. Digital watermarking

C. Baselining

D. Wiping

What feature of Wireshark allows the analysis of one HTTP conversation?

A. Follow UDP Stream

B. Follow TCP Stream

C. Conversation list > IPV4

D. Setting a display filter to `tcp'

Which of the following tools is the most capable for removing the unwanted add-on in the screenshot below?

A. ProcessExplorer

B. Taskkill

C. Paros

D. Hijack This

An analyst will capture traffic from an air-gapped network that does not use DNS. The analyst is looking for unencrypted Syslog data being transmitted. Which of the following is most efficient for this purpose?

A. tcpdump –s0 –i eth0 port 514

B. tcpdump –nnvvX –i eth0 port 6514

C. tcpdump –nX –i eth0 port 514

D. tcpdump –vv –i eth0 port 6514

Although the packet listed below contained malware, it freely passed through a layer 3 switch. Why didn't the switch detect the malware in this packet?

A. The packet was part of a fragmentation attack

B. The data portion of the packet was encrypted

C. The entire packet was corrupted by the malware

D. It didn't look deeply enough into the packet

The matrix in the screen shot below would be created during which process?

A. Risk Assessment

B. System Hardening

C. Data Classification

D. Vulnerability Scanning

What does the following WMIC command accomplish?

process where name='malicious.exe' delete

A. Removes the `malicious.exe' process form the Start menu and Run registry key

B. Stops current process handles associated with the process named `malicious.exe'

C. Removes the executable `malicious.exe' from the file system

D. Stops the `malicious.exe' process from running and being restarted at the next reboot

You are responding to an incident involving a Windows server on your company's network. During the investigation you notice that the system downloaded and installed two files, iexplorer.exe and iexplorer.sys. Based on the behavior of the system you suspect that these files are part of a rootkit. If this is the case what is the likely purpose of the .sys file?

A. It is a configuration file used to open a backdoor

B. It is a logfile used to collect usernames and passwords

C. It is a device driver used to load the rootkit

D. It is an executable used to configure a keylogger

Which of the following would be used in order to restrict software form performing unauthorized operations, such as invalid access to memory or invalid calls to system access?

A. Perimeter Control

B. User Control

C. Application Control

D. Protocol Control

E. Network Control

What would the output of the following command help an incident handler determine? cscript manage-bde . wsf –status

A. Whether scripts can be run from the command line

B. Which processes are running on the system

C. When the most recent system reboot occurred

D. Whether the drive has encryption enabled