2. A security analyst has created an image of a drive from an incident. Which of the following describes what the analyst should do NEXT?

A) The analyst should create a hash of the image and compare it to the original drives hash.
B) The analyst should begin analyzing the image and begin to report findings.
C) The analyst should create a backup of the drive and then hash the drive.
D) The analyst should create a chain of custody document and notify stakeholders.



3. Which of the following commands would a security analyst use to make a copy of an image for forensics use?

A) rm
B) wget
C) dd
D) touch



4. An analyst was tasked with providing recommendations of technologies that are PKI X.509 compliant for a variety of secure functions. Which of the followingtechnologies meet the compatibility requirement? (Select three.)(Select 3answers)

A) IDEA
B) AES
C) PGP
D) 3DES
E) PKCS
F) SSL/TLS

5. A technician recently fixed a computer with several viruses and spyware programs on it and notices the Internet settings were set to redirect all traffic through anunknown proxy. This type of attack is known as which of the following?

A) Social engineering
B) Shoulder surfing
C) Phishing
D) Man-in-the-middle