1. During the forensic a phase of a security investigation, it was discovered that an attacker was able to find private keys on a poorly secured team shared drive. Theattacker used those keys to intercept and decrypt sensitive traffic on a web server. Which of the following describes this type of exploit and the potentialremediation?

A) Session hijacking, network intrusion detection sensors
B) Rootkit, controlled storage of public keys
C) Cross-site scripting, increased encryption key sizes
D) Man-in-the-middle, well-controlled storage of private keys



2. A reverse engineer was analyzing malware found on a retailers network and found code extracting track data in memory. Which of the following threats did theengineer MOST likely uncover?

A) POS malware
B) Key logger
C) Rootkit
D) Ransomware



3. An organization is requesting the development of a disaster recovery plan. The organization has grown and so has its infrastructure. Documentation, policies, andprocedures do not exist. Which of the following steps should be taken to assist in the development of the disaster recovery plan?

A) Identify assets.
B) Conduct a risk assessment.
C) Execute vulnerability scanning.
D) Develop a data retention policy.



4. While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator.The threat intelligence analyst states that related sites were not visited but were searched for in a search engine. Which of the following MOST likely happened inthis situation?

A) The analyst has prefetch enabled on the browser in use.
B) The analyst accidently clicked a link related to the indicator.
C) The alert in unrelated to the analysts search.
D) The analyst is not using the standard approved browser.



5. Which of the following is a feature of virtualization that can potentially create a single point of failure?

A) Server consolidation
B) Load balancing hypervisors
C) Faster server provisioning
D) Running multiple OS instances