Q79. Which of the following encoding techniques replaces unusual ASCII characters with “%” followed by the character’s two-digit ASCII code expressed in hexadecimal?

Q80. Ikeo Corp, hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current security policies implemented by the enterprise. The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any application, and access a computer or network from a remote location. Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers. Which of the following security policies is the IR team planning to modify?

Q81. QualTech Solutions is a leading security services enterprise. Dickson, who works as an incident responder with this firm, is performing a vulnerability assessment to identify the security problems in the network by using automated tools for identifying the hosts, services, and vulnerabilities in the enterprise network. In the above scenario, which of the following types of vulnerability assessment is Dickson performing?

Q82. Rica works as an incident handler for an international company. As part of her role, she must review the present security policy implemented. Upon inspection, Rica finds that the policy is wide open, and only known dangerous services/attacks or behaviors are blocked.
Which of the following is the current policy that Rica identified?

Q83. The following steps describe the key activities in forensic readiness planning:
1. Train the staff to handle the incident and preserve the evidence
2. Create a special process for documenting the procedure
3. Identify the potential evidence required for an incident
4. Determine the source of the evidence
5. Establish a legal advisory board to guide the investigation process
6. Identify if the incident requires full or formal investigation
7. Establish a policy for securely handing and storing the collected evidence
8. Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption
Identify the correct sequence of steps involved in forensic readiness planning.

Q84. One of your coworkers just sent you an email. She wonders if it is real, a part of your phishing campaign, a real phishing attack, or a mistake. One of the things you want to know is where the email originated from.
Where would you check in the email message to find that information?

Q85. Alexa downloaded a movie file. However, upon execution, it unleashed a dangerous program that sent Alexa’s credit-card information to an attacker.
What is this malicious program masked as a movie file?

Q86. Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any
digital media device. Of the following, who is responsible for examining the evidence acquired and separating
the useful evidence?

Q87. Francis received a spoof email asking for his bank information. He decided to use a tool to analyze the email headers. Which of the following should he use?

Q88. Shiela is working at night as an incident handler. During a shift, servers were affected by a massive cyberattack. After she classified and prioritized the incident, she must report the incident, obtain necessary permissions, and perform other incident response functions. What list should she check to notify other responsible personnel?

Q89. Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case, he needs to collect volatile information such as running services, their process IDs, start mode, state, and status.
Which of the following commands will help Clark to collect such information from running services?

Q90. Tibson works as an incident responder for MNC based in Singapore. He is investigating a web application security incident recently faced by the company. The attack is performed on a MS SQL Server hosted by the company. In the detection and analysis phase, he used regular expressions to analyze and detect SQL meta-characters that led to SQL injection attack.
Identify the regular expression used by Tibson to detect SQL injection attack on MS SQL Server.

Q91. Insiders may be:

Q92. A malicious, security-breaking program is disguised as a useful program. Such executable programs, which are installed when a file is opened, allow others to control a user’s system. What is this type of program called?

Q93. Which of the following GPG18 and Forensic readiness planning (SPF) principles states that “organizations should adopt a scenario based Forensic Readiness Planning approach that learns from experience gained within the business”?