• Home
  • Articles
  • 2024 New CPTIA Dumps - Real CREST Exam Questions [Q11-Q32]

2024 New CPTIA Dumps - Real CREST Exam Questions [Q11-Q32]

Share

2024 New CPTIA Dumps - Real CREST Exam Questions

Dependable CPTIA Exam Dumps to Become CREST Certified

NEW QUESTION # 11
Andrews and Sons Corp. has decided to share threat information among sharing partners. Garry, a threat analyst, working in Andrews and Sons Corp., has asked to follow a trust model necessary to establish trust between sharing partners. In the trust model used by him, the first organization makes use of a body of evidence in a second organization, and the level of trust between two organizations depends on the degree and quality of evidence provided by the first organization.
Which of the following types of trust model is used by Garry to establish the trust?

  • A. Mediated trust
  • B. Validated trust
  • C. Direct historical trust
  • D. Mandated trust

Answer: B

Explanation:
In the trust model described, where trust between two organizations depends on the degree and quality of evidence provided by the first organization, the model in use is 'Validated Trust.' This model relies on the validation of evidence or credentials presented by one party to another to establish trust. The validation process assesses the credibility, reliability, and relevance of the information shared, forming the basis of the trust relationship between the sharing partners. This approach is common in threat intelligence sharing where the accuracy and reliability of shared information are critical.References:
* "Building a Cybersecurity Culture," ISACA
* "Trust Models in Information Security," Journal of Internet Services and Applications


NEW QUESTION # 12
The following steps describe the key activities in forensic readiness planning:
1. Train the staff to handle the incident and preserve the evidence
2. Create a special process for documenting the procedure
3. Identify the potential evidence required for an incident
4. Determine the source of the evidence
5. Establish a legal advisory board to guide the investigation process
6. Identify if the incident requires full or formal investigation
7. Establish a policy for securely handling and storing the collected evidence
8. Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption Identify the correct sequence of steps involved in forensic readiness planning.

  • A. 1-->2-->3-->4-->5-->6-->7-->8
  • B. 3-->4-->8-->7-->6-->1-->2-->5
  • C. 2-->3-->1-->4-->6-->5-->7-->8
  • D. 3-->1-->4-->5-->8-->2-->6-->7

Answer: B

Explanation:
The correct sequence of steps involved in forensic readiness planning, based on the activities described, is as follows:
* Identify the potential evidence required for an incident.
* Determine the source of the evidence.
* Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption.
* Establish a policy for securely handling and storing the collected evidence.
* Identify if the incident requires full or formal investigation.
* Train the staff to handle the incident and preserve the evidence.
* Create a special process for documenting the procedure.
* Establish a legal advisory board to guide the investigation process.This sequence ensures that an organization is prepared to handle incidents efficiently, with a focus on identifying relevant evidence and the legal context of its collection, followed by staff training and the establishment of guiding policies and advisory boards.References:Incident Handler (CREST CPTIA) courses and study guides include discussions on forensic readiness planning, highlighting the importance of preparing organizations for effective legal and technical handling of incidents.


NEW QUESTION # 13
During the vulnerability assessment phase, the incident responders perform various steps as below:
1. Run vulnerability scans using tools
2. Identify and prioritize vulnerabilities
3. Examine and evaluate physical security
4. Perform OSINT information gathering to validate the vulnerabilities
5. Apply business and technology context to scanner results
6. Check for misconfigurations and human errors
7. Create a vulnerability scan report
Identify the correct sequence of vulnerability assessment steps performed by the incident responders.

  • A. 4-->1-->2-->3-->6-->5-->7
  • B. 2-->1-->4-->7-->5-->6-->3
  • C. 3-->6-->1-->2-->5-->4-->7
  • D. 1-->3-->2-->4-->5-->6-->7

Answer: A

Explanation:
The correct sequence of steps performed by incident responders during the vulnerability assessment phase is as follows:
* Perform OSINT information gathering to validate the vulnerabilities (4):Initially, Open Source Intelligence (OSINT) is used to gather information about the organization's digital footprint and potential vulnerabilities.
* Run vulnerability scans using tools (1):Next, specialized tools are employed to scan the organization's networks and systems for vulnerabilities.
* Identify and prioritize vulnerabilities (2):The identified vulnerabilities are then analyzed and prioritized based on their severity and potential impact on the organization.
* Examine and evaluate physical security (3):Physical security assessments are also crucial as they can impact the overall security posture and protection of digital assets.
* Check for misconfigurations and human errors (6):This step involves looking for misconfigurations in systems and networks, as well as potential human errors that could lead to vulnerabilities.
* Apply business and technology context to scanner results (5):The results from the scans are evaluated within the context of the business and its technology environment to accurately assess risks.
* Create a vulnerability scan report (7):Finally, a comprehensive report is created, detailing the vulnerabilities, their severity, and recommended mitigation strategies.
This sequence ensures a thorough assessment, prioritizing vulnerabilities that pose the greatest risk and providing actionable insights for mitigation.References:CREST CPTIA courses and study guides elaborate on the vulnerability assessment process, detailing the steps involved in identifying, evaluating, and addressing security vulnerabilities within an organization's IT infrastructure.


NEW QUESTION # 14
Eric is an incident responder and is working on developing incident-handling plans and procedures. As part of this process, he is performing an analysis on the organizational network to generate a report and develop policies based on the acquired results. Which of the following tools will help him in analyzing his network and the related traffic?

  • A. Wireshark
  • B. Burp Suite
  • C. FaceNiff
  • D. Whois

Answer: A

Explanation:
Wireshark is a widely used network protocol analyzer that helps in capturing and interactively browsing the traffic on a network. It is an essential tool for incident responders like Eric who are developing incident- handling plans and procedures. By analyzing network traffic, Wireshark allows users to see what is happening on their network at a microscopic level, making it invaluable for troubleshooting network problems, analyzing security incidents, and understanding network behavior. Whois is used for querying databases that store registered users or assignees of an Internet resource. Burp Suite is a tool for testing web application security, and FaceNiff is used for session hijacking within a WiFi network, which makes Wireshark the best choice for analyzing network traffic.References:CREST materials often reference Wireshark as a fundamental tool for network analysis, crucial for incident handlers in the analysis phase of incident response.


NEW QUESTION # 15
James is working as an incident responder at CyberSol Inc. The management instructed James to investigate a cybersecurity incident that recently happened in the company. As a part of the investigation process, James started collecting volatile information from a system running on Windows operating system.
Which of the following commands helps James in determining all the executable files for running processes?

  • A. cate A &. time ,/t
  • B. top
  • C. netstat -ab
  • D. doskey/history

Answer: C

Explanation:
Thenetstat -abcommand is useful in Windows operating systems for displaying all connections and listening ports, along with the executable involved in creating each connection or listening port. This can be particularly valuable for an incident responder like James when attempting to determine which processes are running on a system and how they are communicating over the network. This information can help identify malicious processes, unauthorized connections, or other signs of compromise on the system. Whilenetstat -ab does not exclusively list executable files for running processes, it ties processes to network activity, which is a critical part of collecting volatile information during a cybersecurity incident investigation.
References:The Certified Incident Handler (CREST CPTIA) course by EC-Council covers various commands and tools that can be used to collect volatile data from systems as part of incident response activities, highlighting the importance of understanding network connections and the processes responsible for them.


NEW QUESTION # 16
Alex is an incident handler for Tech-o-Tech Inc. and is tasked to identify any possible insider threats within his organization. Which of the following insider threat detection techniques can be used by Alex to detect insider threats based on the behavior of a suspicious employee, both individually and in a group?

  • A. Mole detection
  • B. Profiling
  • C. Physical detection
  • D. behaviorial analysis

Answer: D

Explanation:
Behavioral analysis is a technique used to detect insider threats by analyzing the behavior of employees, both individually and in group settings, to identify any actions that deviate from the norm. This method relies on monitoring and analyzing data related to user activities, access patterns, and other behaviors that could indicate malicious intent or a potential security risk from within the organization. Behavioral analysis can detect unusual access to sensitive data, abnormal data transfer activities, and other indicators of insider threats. This approach is proactive and can help in identifying potential insider threats before they result in significant harm to the organization.References:The Incident Handler (CREST CPTIA) certification materials cover various insider threat detection techniques, including the importance of behavioral analysis as a key method for identifying potential security risks posed by insiders.


NEW QUESTION # 17
Which of the following tools helps incident responders effectively contain a potential cloud security incident and gather required forensic evidence?

  • A. Cloud Passage Halo
  • B. CloudPassage Quarantine
  • C. Qualys Cloud Platform
  • D. Alert Logic

Answer: A

Explanation:
Cloud Passage Halo is a security platform designed to provide comprehensive visibility and protection for cloud environments, making it an effective tool for incident responders dealing with potential cloud security incidents. It offers capabilities for detecting, responding to, and containing threats across public, private, and hybrid cloud environments. With features like automated security policies, compliance monitoring, and threat detection, Cloud Passage Halo enables incident responders to quickly contain incidents and gather the required forensic evidence to investigate the scope and impact of a breach or security issue. Tools like Alert Logic and Qualys Cloud Platform also provide security and compliance solutions for cloud environments, but Cloud Passage Halo is specifically recognized for its robust incident response and containment capabilities.
References:The Incident Handler (CREST CPTIA) certification materials and courses discuss various tools and technologies that support cloud security incident response, including the role of platforms like Cloud Passage Halo in effective incident management.


NEW QUESTION # 18
An XYZ organization hired Mr. Andrews, a threat analyst. In order to identify the threats and mitigate the effect of such threats, Mr. Andrews was asked to perform threat modeling. During the process of threat modeling, he collected important information about the treat actor and characterized the analytic behavior of the adversary that includes technological details, goals, and motives that can be useful in building a strong countermeasure.
What stage of the threat modeling is Mr. Andrews currently in?

  • A. Threat determination and identification
  • B. Threat ranking
  • C. System modeling
  • D. Threat profiling and attribution

Answer: D

Explanation:
During the threat modeling process, Mr. Andrews is in the stage of threat profiling and attribution, where he is collecting important information about the threat actor and characterizing the analytic behavior of the adversary. This stage involves understanding the technological details, goals, motives, and potential capabilities of the adversaries, which is essential for building effective countermeasures. Threat profiling and attribution help in creating a detailed picture of the adversary, contributing to a more focused and effective defense strategy.References:
* "The Art of Threat Profiling," by John Pirc, SANS Institute Reading Room
* "Threat Modeling: Designing for Security," by Adam Shostack


NEW QUESTION # 19
Eric works as an incident handler at Erinol software systems. He was assigned a task to protect the organization from any kind of DoS/DDoS attacks.
Which of the following tools can be used by Eric to achieve his objective?

  • A. IDA
  • B. Wireshark
  • C. Incapsula
  • D. Hydra

Answer: C

Explanation:
Incapsula is a cloud-based application delivery platform that offers a comprehensive security solution, including protection against Distributed Denial of Service (DDoS) attacks. By providing DDoS mitigation services, Incapsula helps protect websites and online services from being overwhelmed by traffic intended to make the resource unavailable to its intended users. The platform filters out malicious traffic and allows legitimate traffic through, thus ensuring that the organization's online resources remain available even under attack.
References:The CREST CPTIA curriculum includes discussions on various tools and strategies for protecting organizations against DoS/DDoS attacks, highlighting the importance of incorporating services like Incapsula into an organization's cybersecurity defenses to mitigate the risk and impact of such attacks.


NEW QUESTION # 20
Alice is a disgruntled employee. She decided to acquire critical information from her organization for financial benefit. To acccomplish this, Alice started running a virtual machine on the same physical host as her victim's virtual machine and took advantage of shared physical resources (processor cache) to steal data (cryptographic key/plain text secrets) from the victim machine. Identify the type of attack Alice is performing in the above scenario.

  • A. Side channel attack
  • B. Service hijacking
  • C. SQL injection attack
  • D. Man-in-the-cloud attack

Answer: A

Explanation:
A side channel attack, as described in the scenario, involves an attacker using indirect methods to gather information from a system. In this case, Alice is exploiting the shared physical resources, specifically the processor cache, of a virtual machine host to steal data from another virtual machine on the same host. This type of attack does not directly breach the system through conventional means like breaking encryption but instead takes advantage of the information leaked by the physical implementation of the system, such as timing information, power consumption, electromagnetic leaks, or, as in this case, shared resource utilization, to infer the secret data.
References:The EC-Council's Certified Incident Handler (CREST CPTIA) program covers various types of cyber attacks, including advanced techniques like side channel attacks, highlighting the need for comprehensive security strategies that consider both direct and indirect attack vectors.


NEW QUESTION # 21
Which of the following is not a countermeasure to eradicate inappropriate usage incidents?

  • A. Always store the sensitive data in far located servers and restrict its access
  • B. Register the user activity logs and keep monitoring them regularly
  • C. Install firewall and IDS/IPS to block services that violate the organization's policy
  • D. Avoid VPN and other secure network channels

Answer: D

Explanation:
Avoiding VPN (Virtual Private Network) and other secure network channels is not a countermeasure to eradicate inappropriate usage incidents. On the contrary, using VPNs and secure network channels is a best practice for enhancing security, as these technologies help protectdata in transit, ensuring that it is encrypted and less susceptible to interception or eavesdropping. Countermeasures for inappropriate usage typically involve enhancing security and monitoring, not reducing the security of communications.


NEW QUESTION # 22
In which of the following phases of the incident handling and response (IH&R) process is the identified security incidents analyzed, validated, categorized, and prioritized?

  • A. Notification
  • B. Incident triage
  • C. Incident recording and assignment
  • D. Containment

Answer: B

Explanation:
Incident triage is the phase in the Incident Handling and Response (IH&R) process where identified security incidents are analyzed, validated, categorized, and prioritized. This step is crucial for determining the severity of incidents and deciding on the order in which they should be addressed. During triage, incident handlers assess the impact, urgency, and potential harm of an incident to prioritize their response efforts effectively.
This ensures that resources are allocated efficiently, and the most critical incidents are handled first. Incident recording and assignment involve logging incidents and assigning them to handlers, containment focuses on limiting the extent of damage, and notification involves informing stakeholders about the incident.References:
The Incident Handler (CREST CPTIA) courses and study guides detail the IH&R process, emphasizing the importance of triage in managing and responding to security incidents effectively.


NEW QUESTION # 23
Michael is a part of the computer incident response team of a company. One of his responsibilities is to handle email incidents. The company receives an email from an unknown source, and one of the steps that he needs to take is to check the validity of the email. Which of the following tools should he use?

  • A. Zendio
  • B. G Suite Toolbox
  • C. Email Dossier
  • D. Yesware

Answer: C

Explanation:
Email Dossier is a tool designed to assist in the investigation of email incidents by analyzing and validating email headers and providing detailed information about the origin, routing, and authenticity of an email.
When Michael is tasked with handling an email incident and needs to check the validity of an email received from an unknown source, Email Dossier can be utilized to trace the email's path, assess its credibility, and identify potential red flags associated with phishing or other malicious email-based attacks.
References:The CREST CPTIA curriculum emphasizes the importance of tools and techniques for email incident handling, including the use of Email Dossier for investigating suspicious emails and aiding in the response to email-based threats.


NEW QUESTION # 24
QualTech Solutions is a leading security services enterprise. Dickson, who works as an incident responder with this firm, is performing a vulnerability assessment to identify the security problems in the network by using automated tools for identifying the hosts, services, and vulnerabilities in the enterprise network. In the above scenario, which of the following types of vulnerability assessment is Dickson performing?

  • A. Active assessment
  • B. Passive assessment
  • C. External assessment
  • D. Internal assessment

Answer: A

Explanation:
In the scenario described, Dickson is performing an active assessment. This type of vulnerability assessment involves using automated tools to actively scan and probe the network for identifying hosts, services, and vulnerabilities. Unlike passive assessments, which rely on monitoring network traffic without direct interaction with the targets, active assessments engage directly with the network infrastructure to discover vulnerabilities, misconfigurations, and other security issues by sending data to systems and analyzing the responses. This approach provides a more immediate and detailed view of the security posture but can also generate detectable traffic that might be noticed by defensive systems or affect the performance of live systems.
References:The CREST CPTIA curriculum by EC-Council includes discussions on various methods of conducting vulnerability assessments, highlighting the differences between active and passive techniques, as well as the contexts in which each is most appropriately used.


NEW QUESTION # 25
Jim works as a security analyst in a large multinational company. Recently, a group of hackers penetrated into their organizational network and used a data staging technique to collect sensitive data. They collected all sorts of sensitive data about the employees and customers, business tactics of the organization, financial information, network infrastructure information and so on.
What should Jim do to detect the data staging before the hackers exfiltrate from the network?

  • A. Jim should monitor network traffic for malicious file transfers, file integrity monitoring, and event logs.
  • B. Jim should identify the attack at an initial stage by checking the content of the user agent field.
  • C. Jim should identify the web shell running in the network by analyzing server access, error logs, suspicious strings indicating encoding, user agent strings, and so on.
  • D. Jim should analyze malicious DNS requests, DNS payload, unspecified domains, and destination of DNS requests.

Answer: A

Explanation:
In the scenario described, where attackers have penetrated the network and are staging data for exfiltration, Jim should focus on monitoring network traffic for signs of malicious file transfers, implement file integrity monitoring, and scrutinize event logs. This approach is crucial for detecting unusual activity that could indicate data staging, such as large volumes of data being moved to uncommon locations, sudden changes in file integrity, or suspicious entries in event logs. Early detection of these indicators can help in identifying the staging activity before the data is exfiltrated from the network.References:
* NIST Special Publication 800-61 Rev. 2, "Computer Security Incident Handling Guide"
* SANS Institute Reading Room, "Detecting Malicious Activity with DNS and NetFlow"


NEW QUESTION # 26
Racheal is an incident handler working in InceptionTech organization. Recently, numerous employees are complaining about receiving emails from unknown senders. In order to prevent employees against spoofing emails and keeping security in mind, Racheal was asked to take appropriate actions in this matter. As a part of her assignment, she needs to analyze the email headers to check the authenticity of received emails.
Which of the following protocol/authentication standards she must check in email header to analyze the email authenticity?

  • A. DKIM
  • B. ARP
  • C. POP
  • D. SNMP

Answer: A

Explanation:
Racheal should check for DKIM (DomainKeys Identified Mail) in the email headers to analyze the authenticity of received emails. DKIM is an email authentication method designed to detect email spoofing. It provides a way for the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email message. The recipient can verify this signature to confirm that the email was not altered during its transmission and that it indeed comes from the specified domain, thereby helping to prevent email spoofing. Other options like SNMP (Simple Network Management Protocol), POP (Post Office Protocol), and ARP (Address Resolution Protocol) are not directly related to email authenticity checks.References:Incident Handler (CREST CPTIA) certification materials cover various protocols and standards for ensuring the security and authenticity of communications, including email security protocols like DKIM.


NEW QUESTION # 27
Which of the following characteristics of APT refers to numerous attempts done by the attacker to gain entry to the target's network?

  • A. Multiphased
  • B. Attack origination points
  • C. Timeliness
  • D. Risk tolerance

Answer: A

Explanation:
Advanced Persistent Threats (APTs) are characterized by their 'Multiphased' nature, referring to the various stages or phases the attacker undertakes to breach a network, remain undetected, and achieve their objectives.
This characteristic includes numerous attempts to gain entry to the target's network, often starting with reconnaissance, followed by initial compromise, and progressing through stages such as establishment of a backdoor, expansion, data exfiltration, and maintaining persistence. This multiphased approach allows attackers to adapt and pursue their objectives despite potential disruptions or initial failures in their campaign.
References:
* "Understanding Advanced Persistent Threats and Complex Malware," by FireEye
* MITRE ATT&CK Framework, detailing the multiphased nature of adversary tactics and techniques


NEW QUESTION # 28
Which of the following types of threat attribution deals with the identification of the specific person, society, or a country sponsoring a well-planned and executed intrusion or attack over its target?

  • A. Intrusion-set attribution
  • B. True attribution
  • C. Nation-state attribution
  • D. Campaign attribution

Answer: B

Explanation:
True attribution in the context of cyber threats involves identifying the actual individual, group, or nation- state behind an attack or intrusion. This type of attribution goes beyond associating an attack with certain tactics, techniques, and procedures (TTPs) or a known group and aims to pinpoint the real-world entity responsible. True attribution ischallenging due to the anonymity of the internet and the use of obfuscation techniques by attackers, but it is crucial for understanding the motive behind an attack and for forming appropriate responses at diplomatic, law enforcement, or cybersecurity levels.References:
* "Attribution of Cyber Attacks: A Framework for an Evidence-Based Analysis" by Jason Healey
* "The Challenges of Attribution in Cyberspace" in the Journal of Cyber Policy


NEW QUESTION # 29
Which of the following tools helps incident handlers to view the file system, retrieve deleted data, perform timeline analysis, web artifacts, etc., during an incident response process?

  • A. Process Explorer
  • B. Autopsy
  • C. netstat
  • D. nblslal

Answer: B

Explanation:
Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. Autopsy enables incident handlers to view the file system, retrieve deleted data, perform timeline analysis, and analyze web artifacts, among other functionalities. This tool is particularly useful during the incident response process for conducting in-depth investigations into the nature of a security incident, identifying the methods used by attackers, and recovering lost or compromised data.
References:The EC-Council's Certified Incident Handler (CREST CPTIA) program covers digital forensic tools and techniques, highlighting the capabilities of Autopsy for supporting comprehensive incident investigations and response activities.
Top of Form


NEW QUESTION # 30
An organization named Sam Morison Inc. decided to use cloud-based services to reduce the cost of maintenance. The organization identified various risks and threats associated with cloud service adoption and migrating business-critical data to thirdparty systems. Hence, the organization decided to deploy cloud-based security tools to prevent upcoming threats.
Which of the following tools help the organization to secure the cloud resources and services?

  • A. Alert Logic
  • B. Burp Suite
  • C. Wireshark
  • D. Nmap

Answer: A

Explanation:
Alert Logic is a cloud-based security tool that provides Security-as-a-Service solutions including threat management, vulnerability assessment, and improved security outcomes. It is designed specifically to secure cloud resources and services, making it an ideal choice for organizations like Sam Morison Inc. that are moving their operations to the cloud and are concerned about the security of their data. Tools like Nmap, Burp Suite, and Wireshark, while valuable in certain contexts, do not offer the same cloud-focused security capabilities as Alert Logic.


NEW QUESTION # 31
An attack on a network is BEST blocked using which of the following?

  • A. Load balancer
  • B. Web proxy
  • C. IPS device inline
  • D. HIPS

Answer: C

Explanation:
An Intrusion Prevention System (IPS) device placed inline is best suited to block attacks on a network actively. Being inline allows the IPS to analyze and take action on the traffic as it passes through the device, effectively preventing malicious traffic from reaching its target. The IPS can detect and block a wide range of attacks in real-time by using various detection methods, such as signature-based detection, anomaly detection, and policy-based detection. Unlike Host-based Intrusion Prevention Systems (HIPS), web proxies, or load balancers, an inline IPS is specifically designed to inspect and act on incoming and outgoing network traffic to prevent attacks before they reach network devices or applications.References:The Incident Handler (CREST CPTIA) certification materials discuss network security controls and emphasize the role of intrusion prevention systems in protecting networks against threats.


NEW QUESTION # 32
......

Get Ready with CPTIA Exam Dumps (2024): https://www.itexamsimulator.com/CPTIA-brain-dumps.html

Realistic CPTIA Dumps are Available for Instant Access: https://drive.google.com/open?id=1_2TQppfVKYQiWmyi1qKk4BrqjOGZ_den

Related Articles

more
CREST CPTIA Certification Practice Exam

ITExamSimulator is a reliable and professional company providing exam Simulator and exam dumps. With the exam simulator, you can do the exam prep. as you are at the real exam. Our exam Simulator will give you an excellent experience and high passing rate.

Latest Exam Simulator

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ITExamSimulator NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy