最新的CREST Practitioner Threat Intelligence Analyst - CPTIA免費考試真題
問題1
The following steps describe the key activities in forensic readiness planning:
1. Train the staff to handle the incident and preserve the evidence
2. Create a special process for documenting the procedure
3. Identify the potential evidence required for an incident
4. Determine the source of the evidence
5. Establish a legal advisory board to guide the investigation process
6. Identify if the incident requires full or formal investigation
7. Establish a policy for securely handling and storing the collected evidence
8. Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption Identify the correct sequence of steps involved in forensic readiness planning.
1. Train the staff to handle the incident and preserve the evidence
2. Create a special process for documenting the procedure
3. Identify the potential evidence required for an incident
4. Determine the source of the evidence
5. Establish a legal advisory board to guide the investigation process
6. Identify if the incident requires full or formal investigation
7. Establish a policy for securely handling and storing the collected evidence
8. Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption Identify the correct sequence of steps involved in forensic readiness planning.
正確答案: C
說明:(僅 VCESoft 成員可見)
問題2
Michael, a threat analyst, works in an organization named TechTop, was asked to conduct a cyber-threat intelligence analysis. After obtaining information regarding threats, he has started analyzing the information and understanding the nature of the threats.
What stage of the cyber-threat intelligence is Michael currently in?
What stage of the cyber-threat intelligence is Michael currently in?
正確答案: A
說明:(僅 VCESoft 成員可見)
問題3
Rinni is an incident handler and she is performing memory dump analysis.
Which of following tools she can use in order to perform memory dump analysis?
Which of following tools she can use in order to perform memory dump analysis?
正確答案: D
說明:(僅 VCESoft 成員可見)
問題4
During the process of detecting and containing malicious emails, incident responders should examine the originating IP address of the emails.
The steps to examine the originating IP address are as follow:
1. Search for the IP in the WHOIS database
2. Open the email to trace and find its header
3. Collect the IP address of the sender from the header of the received mail
4. Look for the geographic address of the sender in the WHOIS database
Identify the correct sequence of steps to be performed by the incident responders to examine originating IP address of the emails.
The steps to examine the originating IP address are as follow:
1. Search for the IP in the WHOIS database
2. Open the email to trace and find its header
3. Collect the IP address of the sender from the header of the received mail
4. Look for the geographic address of the sender in the WHOIS database
Identify the correct sequence of steps to be performed by the incident responders to examine originating IP address of the emails.
正確答案: D
說明:(僅 VCESoft 成員可見)
問題5
Jim works as a security analyst in a large multinational company. Recently, a group of hackers penetrated into their organizational network and used a data staging technique to collect sensitive data. They collected all sorts of sensitive data about the employees and customers, business tactics of the organization, financial information, network infrastructure information and so on.
What should Jim do to detect the data staging before the hackers exfiltrate from the network?
What should Jim do to detect the data staging before the hackers exfiltrate from the network?
正確答案: B
說明:(僅 VCESoft 成員可見)
問題6
Investigator Ian gives you a drive image to investigate. What type of analysis are you performing?
正確答案: B
說明:(僅 VCESoft 成員可見)
問題7
In which of the following forms of bulk data collection are large amounts of data first collected from multiple sources in multiple formats and then processed to achieve threat intelligence?
正確答案: C
說明:(僅 VCESoft 成員可見)
問題8
Jason is setting up a computer forensics lab and must perform the following steps: 1. physical location and structural design considerations; 2. planning and budgeting; 3. work area considerations; 4. physical security recommendations; 5. forensic lab licensing; 6. human resource considerations. Arrange these steps in the order of execution.
正確答案: C
說明:(僅 VCESoft 成員可見)
問題9
Which of the following is a technique used by attackers to make a message difficult to understand through the use of ambiguous language?
正確答案: D
說明:(僅 VCESoft 成員可見)
問題10
Bob, an incident responder at CyberTech Solutions, is investigating a cybercrime attack occurred in the client company. He acquired the evidence data, preserved it, and started performing analysis on acquired evidentiary data to identify the source of the crime and the culprit behind the incident.
Identify the forensic investigation phase in which Bob is currently in.
Identify the forensic investigation phase in which Bob is currently in.
正確答案: C
說明:(僅 VCESoft 成員可見)
