While performing routing maintenance on a Windows Server, a technician notices several unapproved Windows Updates and that remote access software has been installed. The technician suspects that a malicious actor has gained access to the system. Which of the following steps in the attack process does this activity indicate?
An incident handler is assigned to initiate an incident response for a complex network that has been affected
by malware. Which of the following actions should be taken FIRST?
Which of the following are part of the hardening phase of the vulnerability assessment process? (Choose two.)
An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO’s account has been
compromised. Which of the following anomalies MOST likely contributed to the incident responder’s suspicion?
Which of the following types of digital evidence is considered the MOST volatile?
According to SANS, when should an incident retrospective be performed?
A user receives an email about an unfamiliar bank transaction, which includes a link. When clicked, the link redirects the user to a web page that looks exactly like their bank’s website and asks them to log in with their username and password. Which type of attack is this?
Network infrastructure has been scanned and the identified issues have been remediated. What is the next step in the vulnerability assessment process?
Recently, a cybersecurity research lab discovered that there is a hacking group focused on hacking into the computers of financial executives in Company A to sell the exfiltrated information to Company B. Which of the
following threat motives does this MOST likely represent?
A security administrator is investigating a compromised host. Which of the following commands could the investigator use to display executing processes in real time?
TESTED 05 Dec 2025