During an incident, the following actions have been taken:
-Executing the malware in a sandbox environment
-Reverse engineering the malware
-Conducting a behavior analysis
Based on the steps presented, which of the following incident handling processes has been taken?

1. A. Containment
2. B. Eradication
3. C. Recovery
4. D. Identification

Correct Answer: A
The “Containment, eradication and recovery” phase is the period in which incident response team tries to contain the incident and, if necessary, recover from it (restore any affected resources, data and/or processes).

Which of the following are common areas of vulnerabilities in a network switch? (Choose two.)

1. A. Default port state
2. B. Default credentials
3. C. Default protocols
4. D. Default encryption
5. E. Default IP address

Correct Answer: AB

During a log review, an incident responder is attempting to process the proxy server’s log files but finds that they are too large to be opened by any file viewer. Which of the following is the MOST appropriate technique to open and analyze these log files?

1. A. Hex editor, searching
2. B. tcpdump, indexing
3. C. PE Explorer, indexing
4. D. Notepad, searching

Correct Answer: A

Malicious code designed to execute in concurrence with a particular event is BEST defined as which of the following?

1. A. Logic bomb
2. B. Rootkit
3. C. Trojan
4. D. Backdoor

Correct Answer: A

When attempting to determine which system or user is generating excessive web traffic, analysis of which of the following would provide the BEST results?

1. A. Browser logs
2. B. HTTP logs
3. C. System logs
4. D. Proxy logs

Correct Answer: D