1. A user is suspected of potentially illegal activities. Law enforcement requested the user to continue working with the network as normal. Still, she would like a copy of any communication of the user with regard to several important conditions. In addition, the police requested that the account of the user of the user's ongoing communication are kept for future surveys. Which of the following best meet the objectives of the law?

A) Enter an email discovered by the applicable terms. Then back up e-mail user for future research.
B) Place a legal hold on the email account user. Then perform eDiscovery searches to collect appropriate emails.
C) Perform a backup email account user. Then you export the application emails that match the search terms.
D) Start with a chain-of-custody for the communication of the user. Then place a legal hold on the email account user.
E) None


2. Since the introduction of IPv6 on the company, the security administrator is able to identify the user associated with certain devices utilizing IPv6 addresses, even if the devices are managed centrally. en1: flags = 8863 mtu 1500 f8 ether: 1: af: ab: 10: a3 inet6 fw80 :: fa1e: DFFF: fee6: 9d8% en1 prefixlen 64 ScopeID 0x5 inet 192.168.1.14 192.168.1.255 netmask 0xffffff00 broadcast inet6 2001: 200 5: 922: 1035: DFFF: fee6: 9dfe prefixlen 64 autoconf inet6 2001: 200: 5: 922: 10ab: 5e21: aa9a: 6393 prefixlen 64 autoconf temporary Nd6 options = 1 media: autoselect status: active Given this output, which the following protocols used by the company and what can the system to users positively charting with IPv6 addresses in the future? (Choose two).(Select 2answers)

A) The routers implement NDP
B) The devices use EUI-64 format
C) The network implements 6to4 tunneling
D) The administrator must IPv6 privacy extensions off
E) The IPv6 router advertisement is off


3. Which of the following would be used in forensic analysis of compromised Linux system? (Choose three.)(Select 3answers)

A) Use vmstat to look for excessive disk I / O
B) Check logs for unauthorized logins IPs
C) Check timestamps for files that have changed around the time of the compromise
D) Check / proc / kmem for fragmented memory segments
E) Check unencrypted passwords in / etc / shadow.


4. The IT director has been the company helpdesk with disinfecting fixed and removable media. The helpdesk manager has to be followed by written helpdesk staff a new procedure. This procedure includes the current standard should be used for data sanitization, as well as the physical location of the degaussing tool. In which of the following cases, the help desk staff to use the new procedure? (Choose three.)(Select 3answers)

A) While the deployment of new assets
B) While reviewing the risk assessment
C) Before asset repurposing
D) When media failed or unusable
E) During the removal of assets


5. The network administrator at a company announced a major data leak. A compromised server was used data from a number of critical application servers and send it to the Internet via HTTPS. Upon investigation, there are no user logins been no reported problems over the last week and endpoint protection software. Which of the following BEST provides insight into the compromised server information gathered?

A) Setup a packet capture on the firewall to collect all server communications.
B) Give your opinion about the current secure data from any server baseline communication profile.
C) None
D) Configure the server logs for unusual activity including failed logins and renewed services to collect.
E) Correlate data loss prevention logs for different communications from the server.