Organizations considered “covered entities” are required to adhere to which compliance requirement?

1. A. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
2. B. Payment Card Industry Data Security Standard (PCI DSS)
3. C. Sarbanes-Oxley Act (SOX)
4. D. International Organization for Standardization (ISO) 27001

Correct Answer: A

During a security investigation, a suspicious Linux laptop is found in the server room. The laptop is processing information and indicating network activity. The investigator is preparing to launch an investigation to determine what is happening with this laptop. Which of the following is the MOST appropriate set of Linux commands that should be executed to conduct the investigation?

1. A. iperf, traceroute, whois, ls, chown, cat
2. B. iperf, wget, traceroute, dc3dd, ls, whois
3. C. lsof, chmod, nano, whois, chown, ls
4. D. lsof, ifconfig, who, ps, ls, tcpdump

Correct Answer: B

During the forensic analysis of a compromised computer image, the investigator found that critical files are missing, caches have been cleared, and the history and event log files are empty. According to this scenario, which of the following techniques is the suspect using?

1. A. System hardening techniques
2. B. System optimization techniques
3. C. Defragmentation techniques
4. D. Anti-forensic techniques

Correct Answer: D

A first responder notices a file with a large amount of clipboard information stored in it. Which part of the MITRE ATT&CK matrix has the responder discovered?

1. A. Collection
2. B. Discovery
3. C. Lateral movement
4. D. Exfiltration

Correct Answer: D

Various logs are collected for a data leakage case to make a forensic analysis. Which of the following are MOST important for log integrity? (Choose two.)

1. A. Hash value
2. B. Time stamp
3. C. Log type
4. D. Modified date/time
5. E. Log path

Correct Answer: AB