1. An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians.Which of the following items in a forensic tool kit would likely be used FIRST? (Select TWO).(Select 2answers)

A) Crime tape
B) Drive imager
C) Drive adapters
D) Write blockers
E) Chain of custody form
F) Hashing utilities

2. An analyst reviews a recent report of vulnerabilities on a companys financial application server. Which of the following should the analyst rate as being of theHIGHEST importance to the companys environment?

A) Susceptibility to XSS
B) Remote code execution
C) SQL injection
D) Use of old encryption algorithms
E) Banner grabbing


3. A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following shouldhappen NEXT?

A) Start the change control process.
B) Begin the incident response process.
C) Implement continuous monitoring.
D) Rescan to ensure the vulnerability still exists.



4. An incident response report indicates a virus was introduced through a remote host that was connected to corporate resources. A cybersecurity analyst has beenasked for a recommendation to solve this issue. Which of the following should be applied?

A) TAP
B) ACL
C) MAC
D) NAC



5. Which of the following principles describes how a security analyst should communicate during an incident?

A) The communication should be limited to management only.
B) The communication should be limited to trusted parties only.
C) The communication should come from law enforcement.
D) The communication should be limited to security staff only.