EMT Practice Test

1. Question Content...


Question List

Question1: In an organization, all the servers and database systems are guarded in a sealed room with a single-entry point.
The entrance is protected with a physical lock system that requires typing a sequence of numbers and letters by using a rotating dial that intermingles with several other rotating discs.
Which of the following types of physical locks is used by the organization in the above scenario?

Question2: Kevin, a professional hacker, wants to penetrate CyberTech Inc.'s network. He employed a technique, using which he encoded packets with Unicode characters. The company's IDS cannot recognize the packet, but the target web server can decode them.
What is the technique used by Kevin to evade the IDS system?

Question3: Elliott, a security professional, was tasked with implementing and deploying firewalls in the corporate network of an organization. After planning and deploying firewalls in the network, Elliott monitored the firewall logs to detect evolving threats And attacks; this helped in ensuring firewall security and addressing network issues beforehand.
in which of the following phases of firewall implementation and deployment did Elliott monitor the firewall logs?

Question4: A software company is developing a new software product by following the best practices for secure application development. Dawson, a software analyst, is checking the performance of the application on the client's network to determine whether end users are facing any issues in accessing the application.
Which of the following tiers of a secure application development lifecycle involves checking the performance of the application?

Question5: Tenda, a network specialist at an organization, was examining logged data using Windows Event Viewer to identify attempted or successful unauthorized activities. The logs analyzed by Tenda include events related to Windows security; specifically, log-on/log-off activities, resource access, and also information based on Windows system's audit policies.
Identify the type of event logs analyzed by Tenda in the above scenario.

Question6: As the senior network analyst for a leading fintech organization, you have been tasked with ensuring seamless communication between the firm's global offices. Your network has been built with redundancy in mind, leveraging multiple service providers and a mixture of MPLS and public internet connections.

Question7: A large multinational corporation is In the process of upgrading its network infrastructure to enhance security and protect sensitive data. As part of the upgrade, the IT team is considering implementing stateful multilayer inspection firewalls and application-level gateway firewalls.
How do stateful multilayer inspection firewalls differ from application-level gateway firewalls in terms of their packet filtering capabilities and the layers of the OSI model they inspect?

Question8: Jordan, a network administrator in an organization, was instructed to identify network-related issues and improve network performance. While troubleshooting the network, he received a message indicating that the datagram could not be forwarded owing to the unavailability of IP-related services (such as FTP or web services) on the target host, which of the following network issues did Jordan find in this scenario?

Question9: You have been assigned to perform a vulnerability assessment of a web server located at IP address
20.20.10.26. Identify the vulnerability with a severity score of &A. You can use the OpenVAS vulnerability scanner, available with the Parrot Security machine, with credentials admin/password for this challenge.
(Practical Question)

Question10: As the IT security manager for a burgeoning e-commerce company, you're keen on implementing a formal risk management framework to proactively tackle security risks associated with the company's rapid online expansion. Given your focus one-commerce and the need for scalability, which risk management framework is likely the most relevant?

Question11: ProNet, a leading technology firm, has been dynamically evolving its internal infrastructure to cater to an expanding workforce and changing business needs. The company's current project involves enhancing the overall security of its internal platforms. The company's security team is focusing on a robust access control system. To make the system efficient, it needs to implement a model that would define access based on roles within the organization, where specific roles would have predefined access to certain resources, and the roles can be assigned to multiple users. The aim is to decrease the administrative work involved in assigning permissions and ensure that users gain only the necessary permissions in line with their job functions.
Which access control model best suits ProNet's requirement?

Question12: A global financial Institution experienced a sophisticated cyber-attack where attackers gained access to the internal network and exfiltrated sensitive data over several months. The attack was complex, involving a mix of phishing, malware, and exploitation of system vulnerabilities. Once discovered, the institution initiated its incident response process. Considering the nature and severity of the incident, what should be the primary focus of the incident response team's initial efforts?

Question13: George, a security professional at an MNC, implemented an Internet access policy that allowed employees working from a remote location to access any site, download any application, and access any computer or network without any restrictions. Identify the type of Internet access policy implemented by George in this scenario.

Question14: NetSafe Corp, recently conducted an overhaul of its entire network. This refresh means that the old baseline traffic signatures no longer apply. The security team needs to establish a new baseline that comprehensively captures both normal and suspicious activities. The goal is to ensure real-time detection and mitigation of threats without generating excessive false positives. Which approach should NetSafe Corp, adopt to effectively set up this baseline?

Question15: TechTYendz. a leading tech company, is moving towards the final stages of developing a new cloud-based web application aimed at real-time data processing for financial transactions. Given the criticality of data and the high user volume expected. TechTYendz's security team is keen on employing rigorous application security testing techniques. The team decides to carry out a series of tests using tools that can best mimic potential real-world attacks on the application. The team's main concern Is to detect vulnerabilities In the system, including those stemming from configuration errors, software bugs, and faulty APIs. The security experts have shortlisted four testing tools and techniques. Which of the following would be the MOST comprehensive method to ensure a thorough assessment of the application's security?

Question16: Leilani, a network specialist at an organization, employed Wireshark for observing network traffic. Leilani navigated to the Wireshark menu icon that contains items to manipulate, display and apply filters, enable, or disable the dissection of protocols, and configure user-specified decodes.
Identify the Wireshark menu Leilani has navigated in the above scenario.

Question17: Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical Information to Johnson's machine. What is the social engineering technique Steve employed in the above scenario?

Question18: Alex, a certified security professional, works for both aggressor and defender teams. His team's main responsibility involves enhancing protection and boosting the security standards of the organization. Identify Alex's team in this scenario.

Question19: An organization's risk management team identified the risk of natural disasters in the organization's current location. Because natural disasters cannot be prevented using security controls, the team suggested to build a new office in another location to eliminate the identified risk. Identify the risk treatment option suggested by the risk management team in this scenario.

Question20: Cassius, a security professional, works for the risk management team in an organization. The team is responsible for performing various activities involved in the risk management process. In this process, Cassius was instructed to select and implement appropriate controls on the identified risks in order to address the risks based on their severity level.
Which of the following risk management phases was Cassius instructed to perform in the above scenario?

Question21: As a network security analyst for a video game development company, you are responsible for monitoring the traffic patterns on the development server used by programmers. During business hours, you notice a steady stream of data packets moving between the server and internal programmer workstations. Most of this traffic is utilizing TCP connections on port 22 (SSH) and port 5900 (VNC).
Based on this scenario, what does it describe?

Question22: NovusCorp, a leading healthcare provider, had meticulously designed its BC and DR plans, ensuring every potential risk was covered. Recently, its primary data center experienced a catastrophic flood. It swiftly activated its DR plan, transferring operations to its secondary data center. But within 24 hours, the provider faced an unforeseen challenge: the secondary data center began to receive a huge, unprecedented amount of data requests, causing system overloads and disruptions. This situation was not a part of the provider's initial risk assessment. In the face of this predicament, what should NovusCorp's immediate course of action be to ensure business continuity?

Question23: Cairo, an incident responder. was handling an incident observed in an organizational network. After performing all IH&R steps, Cairo initiated post-incident activities. He determined all types of losses caused by the incident by identifying And evaluating all affected devices, networks, applications, and software. Identify the post-incident activity performed by Cairo in this scenario.

Question24: You are the cybersecurity lead for an International financial institution. Your organization offers online banking services to millions of customers globally, and you have recently migrated your core banking system to a hybrid cloud environment to enhance scalability and cost efficiencies.
One evening, after a routine system patch, there is a surge in server-side request forgery (SSRF) alerts from your web application firewall(WAF). Simultaneously, your intrusion detection system (IDS) flags possible attempts to interact with cloud metadata services from your application layer, which could expose sensitive cloud configuration details and API keys. This Is a clear Indication that attackers might be trying to leverage the SSRF vulnerability to breach your cloud infrastructure. Considering the critical nature of your services and the high stakes involved, how should you proceed to tackle this imminent threat while ensuring minimal disruption to your banking customers?

Question25: TechTonic, a leading software solution provider, is incorporating stringent cybersecurity measures for their Windows-based server farm. Recently, it noticed a series of unauthorized activities within its systems but could not trace back tot he origins. The company Intends to bolster Its monitoring capabilities by comprehensively analyzing Windows system logs. Which strategy should TechTonic prioritize to gain an insightful and effective analysis of its Windows logs, aiming to trace potential intrusions?

Question26: Mark, a security analyst, was tasked with performing threat hunting to detect imminent threats in an organization's network. He generated a hypothesis based on the observations in the initial step and started the threat-hunting process using existing data collected from DNS and proxy logs.
Identify the type of threat-hunting method employed by Mark in the above scenario.

Question27: Perform vulnerability analysis of a web application, www.luxurytreats.com. and determine the name of the alert with WASC ID 9. (Practical Question)

Question28: A web application, www.moviescope.com. hosted on your tarqet web server is vulnerable to SQL injection attacks. Exploit the web application and extract the user credentials from the moviescope database. Identify the UID (user ID) of a user, John, in the database. Note: Vou have an account on the web application, and your credentials are samAest.
(Practical Question)

Question29: Hotel Grande offers luxury accommodations and emphasizes top-notch service for its guests. One such service is secure, high-speed Wi-FI access In every room. The hotel wishes to deploy an authentication method that would give individual guests a seamless experience without compromising security. This method should ideally provide a balance between convenience and strong security. Which of the following should Hotel Grande use?

Question30: Jase. a security team member at an organization, was tasked with ensuring uninterrupted business operations under hazardous conditions. Thus, Jase implemented a deterrent control strategy to minimize the occurrence of threats, protect critical business areas, and mitigate the impact of threats. Which of the following business continuity and disaster recovery activities did Jase perform in this scenario?

Question31: You are the lead cybersecurity specialist at a cutting-edge tech organization that specializes In developing artificial intelligence (Al)products for clients across various sectors. Given the sensitivity and proprietary nature of your products, ensuring top-notch security is of paramount importance. Late one evening, you receive an alert from your threat Intelligence platform about potential vulnerabilities In one of the third-party components your Al products heavily rely upon. This component is known to have integration points with several key systems within your organization. Any successful exploitation of this vulnerability could grant attackers unparalleled access to proprietary algorithms and client-specific modifications, which could be catastrophic in the wrong hands.
While you are analyzing the threat's details, a member of your team identifies several unusual patterns of data access, suggesting that the vulnerability might already have been exploited. The potential breach's initial footprint suggests a highly sophisticated actor, possibly even a nation-state entity. Given the gravity of the situation and the potential consequences of a full-blown breach, what should be your immediate course of action to address the incident and ensure minimal risk exposure?

Question32: Charlie, a security professional in an organization, noticed unauthorized access and eavesdropping on the WLAN. To thwart such attempts, Charlie employed an encryption mechanism that used the RC4 algorithm to encrypt information in the data link layer. Identify the type of wireless encryption employed by Charlie in the above scenario.

Question33: An FTP server has been hosted in one of the machines in the network. Using Cain and Abel the attacker was able to poison the machine and fetch the FTP credentials used by the admin. You're given a task to validate the credentials that were stolen using Cain and Abel and read the file flag.txt

Question34: Rhett, a security professional at an organization, was instructed to deploy an IDS solution on their corporate network to defend against evolving threats. For this purpose, Rhett selected an IDS solution that first creates models for possible intrusions and then compares these models with incoming events to make detection decisions.
Identify the detection method employed by the IDS solution in the above scenario.

Question35: Calvin spotted blazing flames originating from a physical file storage location in his organization because of a Short circuit. In response to the incident, he used a fire suppression system that helped curb the incident in the initial stage and prevented it from spreading over a large area. Which of the following firefighting systems did Calvin use in this scenario?

Question36: DigitalVault Corp., a premier financial institution, has recently seen a significant rise in advanced persistent threats (APTs)targetlng Its mainframe systems. Considering the sensitivity of the data stored, It wants to employ a strategy that deceives attackers into revealing their techniques. As part of its defense strategy, the cybersecurity team is deliberating over-deploying a honeypot system. Given the bank's requirements, the team are evaluating different types of honeypots. DigitalVault's primary goal Is to gather extensive Information about the attackers' methods without putting its actual systems at risk. Which of the following honeypots would BEST serve DigitalVault's intent?

Question37: in a security incident, the forensic investigation has isolated a suspicious file named "security_update.exe".
You are asked to analyze the file in the Documents folder of the"Attacker Machine-1" to determine whether it is malicious. Analyze the suspicious file and identify the malware signature. (Practical Question)

Question38: As a system administrator handling the integration of a recently acquired subsidiary's Linux machines with your company's Windows environment for centralized log management, what is your most significant challenge likely to be?

Question39: GlobalTech, a multinational corporation with over 10.000employees, has seen a surge in mobile device usage among its workforce. The IT department Is tasked with deploying a robust mobile security management solution that caters not only to the security of data but also provides flexibility in device choices and keeps administrative overhead low. Which of the following would be the best solution for GlobalTech?

Question40: Perform vulnerability assessment of an Android device located at IP address 172.30.20.110. Identify the severity score for the device. You can use the OpenVAS vulnerability scanner, available with Parrot Security, with credentials admln/password for this challenge. (Practical Question)

Question41: A software company develops new software products by following the best practices for secure application development. Dawson, a software analyst, is responsible for checking the performance of applications in the client's network to determine any issue faced by end users while accessing the application.
Which of the following tiers of the secure application development lifecycle involves checking the application performance?

Question42: An employee was fired from his security analyst job due to misconduct. While leaving, he installed a Trojan server on his workstation at 172.30.20.75. As an ethical hacker, you are asked to identify and connect to the Trojan server and explore available files. Enter the name of the VBScript file located in the Pictures folder of the workstation. Hint: You can use one of the Ttojan client applications available at "Z:\CCT-Tools\CCT Module 01 Information SecurityThreats and Vulnerabilities\Remote Access Ttojans (RAT)" of Attacker Machine-1. (Practical Question)

Question43: An international bank recently discovered a security breach in its transaction processing system. The breach involved a sophisticated malware that not only bypassed the standard antivirus software but also remained undetected by the intrusion detection systems for months. The malware was programmed to intermittently alter transaction values and transfer small amounts to a foreign account, making detection challenging due to the subtlety of its actions. After a thorough investigation, cybersecurity experts identified the nature of this malware. Which of the following best describes the type of malware used in this breach?

Question44: Walker, a security team member at an organization, was instructed to check if a deployed cloud service is working as expected. He performed an independent examination of cloud service controls to verify adherence to standards through a review of objective evidence. Further, Walker evaluated the services provided by the CSP regarding security controls, privacy impact, and performance.
Identify the role played by Walker in the above scenario.

Question45: Galactic Innovations, an emerging tech start-up. Is developing a proprietary software solution that will be hosted on a cloud platform. The software, designed for real-time communication and collaboration, aims to cater to global users, including top-tier businesses. As the software grows in complexity, the company recognizes the need for a comprehensive security standard that aligns with global best practices. The Intention is to enhance trustworthiness among potential clients and ensure that the application meets industry-accepted criteria, particularly in the face of increasing cyberthreats. Considering the company's requirements and the international nature of its user base, which software security standard, model, or framework should Galactic Innovations primarily focus on adopting?

Question46: An attacker used the ping-of-death (PoD) technique to crash a target Android device. The network traffic was captured by the SOC team and was provided to you to perform a detailed analysis. Analyze the android.pcapng file located In the Documents folder of the Attacker machine-2 and determine the length of PoD packets In bytes. (Practical Question)

Question47: Myles, a security professional at an organization, provided laptops for all the employees to carry out the business processes from remote locations. While installing necessary applications required for the business, Myles has also installed antivirus software on each laptop following the company's policy to detect and protect the machines from external malicious events over the Internet.
Identify the PCI-DSS requirement followed by Myles in the above scenario.

Question48: A government agency's confidential Information is leaked to the public, causing significant embarrassment and damage to its reputation. The leaked data includes sensitive documents related to military operations and diplomatic communications. Considering the scenario, which threat actor group is typically employed by governments to penetrate and gather top-secret information from other government or military organizations?

Question49: TechSolutions, a leading IT consultancy, has been contracted to overhaul the wireless network infrastructure for the city's public libraries. With thousands of users accessing the network daily, there is a critical need for robust encryption that can deter potential threats. TechSolutions must also consider the diverse range of devices used by library-goers and ensure backward compatibility. Which encryption mechanism would best suit this scenario?

Question50: FusionTech, a leading tech company specializing in quantum computing, is based in downtown San Francisco, with its headquarters situated In a multi-tenant skyscraper. Their office spans across three floors. The cutting-edge technology and the proprietary data that FusionTech possesses make it a prime target for both cyber and physical threats. Recently, during an internal security review, it was discovered that an unauthorized individual was spotted on one of the floors. There was no breach, but it raised an alarm. The management wants to address this vulnerability without causing too much inconvenience to its 2000+ employees and the other tenants of the building.
Given FusionTech's unique challenges, which measure should it primarily consider to bolster its workplace security?

Question51: Camden, a network specialist in an organization, monitored the behavior of the organizational network using SIFM from a control room. The SIEM detected suspicious activity and sent an alert to the camer a. Based on the severity of the incident displayed on the screen, Camden made the correct decision and immediately launched defensive actions to prevent further exploitation by attackers.
Which of the following SIEM functions allowed Camden to view suspicious behavior and make correct decisions during a security incident?

Question52: Omar, an encryption specialist in an organization, was tasked with protecting low-complexity applications such as RFID tags, sensor-based applications, and other IbT-based applications. For this purpose, he employed an algorithm for all lower-powered devices that used less power and resources without compromising device security.
identify the algorithm employed by Omar in this scenario.

Question53: Juan, a safety officer at an organization, installed a physical lock at the entrance of each floor. All employees in the organization were allotted a smart card embedded in their ID cards, which had to be swiped to unlock doors and Access any floor. Which of the following types of physical locks did Juan install In this scenario?

Question54: A renowned research institute with a high-security wireless network recently encountered an advanced cyber attack. The attack was not detected by traditional security measures andresulted in significant data exfiltration.
The wireless network was equipped with WPA3 encryption, MAC address filtering, and had disabled SSID broadcasting. Intriguingly. the attack occurred without any noticeable disruption or changes in network performance. After an exhaustive forensic analysis, the cybersecurity team pinpointed the attack method.
Which of the following wireless network-specific attacks was most likely used?

Question55: Richards, a security specialist at an organization, was monitoring an IDS system. While monitoring, he suddenly received an alert of an ongoing intrusion attempt on the organization's network. He immediately averted the malicious actions by implementing the necessary measures.
Identify the type of alert generated by the IDS system in the above scenario.

Question56: An organization divided its IT infrastructure into multiple departments to ensure secure connections for data access. To provide high-speed data access, the administrator implemented a PAID level that broke data into sections and stored them across multiple drives. The storage capacity of this RAID level was equal to the sum of disk capacities in the set. which of the following RAID levels was implemented by the administrator in the above scenario?

Question57: Warren, a member of IH&R team at an organization, was tasked with handling a malware attack launched on one of servers connected to the organization's network. He immediately implemented appropriate measures to stop the infection from spreading to other organizational assets and to prevent further damage to the organization.
Identify the IH&R step performed by Warren in the above scenario.

Question58: Alpha Finance, a leading banking institution, is launching anew mobile banking app. Given the sensitive financial data involved, it wants to ensure that Its application follows the best security practices. As the primary recommendation, which guideline should Alpha Finance prioritize?

Question59: A software company has implemented a wireless technology to track the employees' attendance by recording their in and out timings. Each employee in the company will have an entry card that is embedded with a tag.
Whenever an employee enters the office premises, he/she is required to swipe the card at the entrance. The wirelesstechnology uses radio-frequency electromagnetic waves to transfer data for automatic identification and for tracking tags attached to objects.
Which of the following technologies has the software company implemented in the above scenario?

Question60: Nancy, a security specialist, was instructed to identify issues related to unexpected shutdown and restarts on a Linux machine. To identify the incident cause, Nancy navigated to a directory on the Linux system and accessed a log file to troubleshoot problems related to improper shutdowns and unplanned restarts.
Identify the Linux log file accessed by Nancy in the above scenario.

Question61: A pfSense firewall has been configured to block a web application www.abchacker.com. Perform an analysis on the rules set by the admin and select the protocol which has been used to apply the rule.
Hint: Firewall login credentials are given below:
Username: admin
Password: admin@l23

Question62: An IoT device that has been placed in a hospital for safety measures, it has sent an alert command to the server. The network traffic has been captured and stored in the Documents folder of the Attacker Machine-1.
Analyze the loTdeviceTraffic.pcapng file and select the appropriate command that was sent by the IoT device over the network.

Question63: A web application www.movieabc.com was found to be prone to SQL injection attack. You are given a task to exploit the web application and fetch the user credentials. Select the UID which is mapped to user john in the database table.
Note:
Username: sam
Pass: test

Question64: An MNC hired Brandon, a network defender, to establish secured VPN communication between the company's remote offices. For this purpose, Brandon employed a VPN topology where all the remote offices communicate with the corporate office but communication between the remote offices is denied.
Identify the VPN topology employed by Brandon in the above scenario.

Question65: A John-the-Ripper hash dump of an FTP server's login credentials is stored as "target-file" on the Desktop of Attacker Machine-2. Crack the password hashes in the file to recover the login credentials of the FTP server.
The FTP root directory hosts an exploit file. Read the exploit file and enter the name of the exploit's author as the answer. Hint: Not all the credentials will give access to the FTP. (Practical Question)

Question66: A company decided to implement the cloud infrastructure within its corporate firewall 10 secure sensitive data from external access. The company invested heavily in creating a cloud architecture within its premises to manage full control over its corporate dat a. Which of the following types of cloud deployment models did the company implement in this scenario?

Question67: ApexTech, a cybersecurity consultancy, was approached by a large energy conglomerate to assess the robustness of its energy grid control systems. The conglomerate Is transitioning from traditional systems to a more interconnected smart grid. ApexTech proposed a penetration test to identify potential vulnerabilities in the new setup. The firm provided four methodologies it could employ to assess the system's vulnerabilities comprehensively. The energy conglomerate must select the approach that would be MOST revealing and beneficial in identifying vulnerabilities in the context of its transitioning infrastructure:

Question68: Malachi, a security professional, implemented a firewall in his organization to trace incoming and outgoing traffic. He deployed a firewall that works at the session layer of the OSI model and monitors the TCP handshake between hosts to determine whether a requested session is legitimate.
Identify the firewall technology implemented by Malachi in the above scenario.

Question69: Andre, a security professional, was tasked with segregating the employees' names, phone numbers, and credit card numbers before sharing the database with clients. For this purpose, he implemented a deidentification technique that can replace the critical information in database fields with special characters such as asterisks (*) and hashes (#).
Which of the following techniques was employed by Andre in the above scenario?

Question70: Ashton is working as a security specialist in SoftEight Tech. He was instructed by the management to strengthen the Internet access policy. For this purpose, he implemented a type of Internet access policy that forbids everything and imposes strict restrictions on all company computers, whether it is system or network usage.
Identify the type of Internet access policy implemented by Ashton in the above scenario.

Question71: You are the lead cybersecurity analyst for a multinational corporation that handles sensitive financial data. As part of your network security strategy, you have implemented both an Intrusion Detection System (IDS) and an Intrusion Prevention System(IPS) to safeguard against cyber threats. One day, your IDS alerts you to suspicious activity on the network, indicating a potential intrusion attempt from an external source.
Meanwhile, your IPS springs into action, swiftly blocking the malicious traffic before it can penetrate deeper into the network. Based on this scenario, what primarily distinguishes the role of the IDS from the IPS In your network security architecture?

Question72: Identify a machine in the network with 5SH service enabled. Initiate an SSH Connection to the machine, find the file, ttag.txt. in the machine, and enter the tile's content as the answer. The credentials tor SSH login are sam/adm(admin@123. {Practical Question)

Question73: The SOC department in a multinational organization has collected logs of a security event as
"Windows.events.evtx". Study the Audit Failure logs in the event log file located in the Documents folder of the
-Attacker Maehine-1" and determine the IP address of the attacker. (Note: The event ID of Audit failure logs is
4625.)
(Practical Question)

Question74: You are investigating a data leakage incident where an insider is suspected of using image steganography to send sensitive information to a competitor. You have also recovered a VeraCrypt volume file S3cr3t from the suspect. The VeraCrypt volume file is available In the Pictures folder of the Attacker Machined. Your task Is to mount the VeraCrypt volume, find an image file, and recover the secret code concealed in the file. Enter the code as the answer. Hint: If required, use sniffer@123 as the password to mount the VeraCrypt volume file.(Practical Question)

Question75: Shawn, a forensic officer, was appointed to investigate a crime scene that had occurred at a coffee shop. As a part of investigation, Shawn collected the mobile device from the victim, which may contain potential evidence to identify the culprits.
Which of the following points must Shawn follow while preserving the digital evidence? (Choose three.)

Question76: The IH&R team in an organization was handling a recent malware attack on one of the hosts connected to the organization's network. Edwin, a member of the IH&R team, was involved in reinstating lost data from the backup medi a. Before performing this step, Edwin ensured that the backup does not have any traces of malware.
Identify the IH&R step performed by Edwin in the above scenario.

Question77: Richard, a professional hacker, was hired by a marketer to gather sensitive data and information about the offline activities of users from location data. Richard employed a technique to determine the proximity of a user's mobile device to an exact location using CPS features. Using this technique. Richard placed a virtual barrier positioned at a static location to interact with mobile users crossing the barrier, identify the technique employed by Richard in this scenario.

Question78: A global financial services firm Is revising its cybersecurity policies to comply with a diverse range of international regulatory frameworks and laws. The firm operates across multiple continents, each with distinct legal requirements concerning data protection, privacy, and cybersecurity. As part of their compliance strategy, they are evaluating various regulatory frameworks to determine which ones are most critical to their operations. Given the firm's international scope and the nature of its services, which of the following regulatory frameworks should be prioritized for compliance?

Question79: You are the Lead Cybersecurity Specialist at GlobalTech, a multinational tech conglomerate renowned for its avant-garde technological solutions in the aerospace and defense sector. The organization's reputation stands on the innovative technologies it pioneers, many of which are nation's top secrets.
Late on a Sunday night, you are alerted about suspicious activities on a server holding the schematics and project details for a groundbreaking missile defense system. The indicators suggest a complex, multi-stage cyberattack that managed to bypass traditional security measures. Preliminary investigations reveal that the cybercrlmlnals might have used an Insider's credentials, further complicating the breach. Given the extremely sensitive nature of the data involved, a leak could have severe national security implications and irreparably tarnish the company's reputation. Considering the potential gravity and intricacies of this security incident, what immediate action should you undertake to handle this situation effectively, safeguard crucial data, and minimize potential fallout?

Question80: Martin, a network administrator at an organization, received breaching alerts for an application. He identified that a vulnerability in the application allowed attackers to enter malicious input. Martin evaluated the threat severity and extent of damage that could be caused by this vulnerability. He then escalated the issue to the security management team to determine appropriate mitigation strategies. In which of the following threat-modeling steps did Martin evaluate the severity level of the threat?