WGU C842 Cyber Defense and Counter Measures EXAM STUDY BUNDLE 2023 – 2024 (COMPLETE PACKAGE)(Verified)
1 / 15
C842 Cyber Defense and Counter measures EC Council CertifiedIncident Handler CIH Tools and Commands
1.PILAR: Risk analysis and Management tool
2.Pilar: Assess risk against critical assets. Qualitative and quantitative.
Generate risk assessment reports
3.Group Policy Management console: Security policy Tools
4.Manageengine … plus: Ticketing system Tools
5.Alien vault: Ticketing system Tools
6.Busk-security: Incident analysis and validation Tools
7.Busk-security: Collection of security checks for Linux. Identify securitystatus.
8.kiwi syslog: Incident analysis and validation Tools
9.Splunk light: Incident analysis and validation Tools
10.kiwi syslog: message Management tool across servers and network
2 / 15
devices. Syslog messages, SNMP traps, event log, real time
11.Splunk light: Collecting monitoring analyzing low from servers
applications and other sources.
12.Microsoft Baseline Security Analyzer (MBSA): Tools for detecting
missing security patches
13.Microsoft Baseline Security Analyzer (MBSA): Determine security
State. Scan for missing patches and misconfigs.
14.Magic tree: Report writing tools
15.Keepnote: Report writing tools
16.FTK…: Data Imaging Tools
17.FTK Imager: data preview and imaging tool that enables analysis of
files and folders on local hard drives, CDs/DVDs, network drives, and
examination of the content of forensic images or memory dumps
18.R-Drive…: Data Imaging Tools
19.R-Drive…: provides creation of disk image files for backup or
duplication purposes. restores the images on the original disks, on
any other partitions, or even on a hard drive’s free space. one can
3 / 15
restore the system after heavy data loss caused by an operating
system crash, virus attack, or hardware failure
20.· EnCase Forensic
Data Acquisition
Toolbox
· RAID Recovery for Windows
4 / 15
· R-Tools R-Studio
F-Response Imager: Data Imaging Tools
21.HashCalc: Image Integrity Tools
22.HashCalc: compute multiple hashes, checksums, and HMACs for
files, text, and hex strings.
23.MD5 Calculator: Image Integrity Tools
24.MD5 Calculator: calculating the MD5 hash value of the selected file
25.HashMyFiles: Image Integrity Tools
26.HashMyFiles: small utility that allows to calculate the MD5 and
SHA1 hashes of one or more files in the system. It allows copying of
the MD5/SHA1 hashes list into the clipboard or save them into
text/html/xml file
27.PsUptime (Windows): · Shows system uptime
28.Net Statistics (Windows): · Shows system uptime
29.Uptime and W (Linux): · Shows system uptime
30.Netstat -ab (Windows): determine all the executable files for running
process- es
1 /
107
WGU C842 – Cyber Defense and Counter Measures
TEST BANK 2023
1.Which of the following information security elements ensures that the
information is accessible only to those who are authorized to have
access?
A authenticity
B confidentiality
C integrity
D availability: B
2.Identify the information security element that determines
trustworthiness of data or resources in terms of preventing improper and
unauthorized changes.
A integrity
B availability
C authenticity
D non-repudiation: A
3.John, a security professional working for Xdoc Corporation, is imple-
2 /
107
menting a security strategy that uses multilayered protection throughout
an information system to help minimize any adverse impact from attacks
on organizational assets.
Identify the security strategy John has implemented.
A covert channel
B defense-in-depth
C likelihood analysis
D three-way handshake: B
4.Identify the security policy that doesn’t keep any restrictions on the
usage of system resources.
A promiscuous policy
B prudent policy
C paranoid policy
D permissive policy: A
5.Carl is trying to violate the acceptable use of a network and computer
use policy. Under which category of the incident handling criteria does
this scenario fall?
3 /
107
A CAT 4
B CAT 2
C CAT 1
D CAT 3: A
6.In which of the following stages of incident handling does
classification and prioritization of incidents take place?
A incident recording and assignment
B incident containment
C post-incident activities
D incident triage: D
7.Which of the following terms reflects an organization’s mid-term
and long-term goals for incident management capabilities?
A IH&R team models
B IH&R mission
C IH&R staffing
D IH&R vision: D
8.Which of the following terms defines the purpose and scope of the
planned incident handling and response capabilities?
4 /
107
A IH&R mission
B IH&R staffing
C IH&R team models
D IH&R vision: A
9.Which of the following backup strategies provides daily status of the
backup situation, such as successful, unsuccessful, not run, out of
space, etc.?
A security
B guarantee
C data availability
D notifications: D
10.John is an incident response manager at XYZ Inc. As a part of IH&R
policy of his organization, he signed a contract between the organization
and a third-party insurer to protect organization individuals from different
threats
1 /
Cyber Defense and Counter measures – C842
1.ISO/IEC 27001:2013: Requirements for establishing, implementing,
maintain- ing and continually improving an information security
management system
2.ISO/IEC 27002: Guidelines for organizational information security
standards and information security management practices
3.ISO/IEC 27035: Defines recommendations and best practices for
developing an efficient incident management plan.
4.FIPS (Federal Information Processing Standards) 200: Defines
computer systems usage for the US federal government.
5.NIST Special Publication 800 Series: information regarding computer
security: best practices, guidelines, recommendations, technical
details, and annual reports of NIST’s cybersecurity activities.
6.NERC 1300 Cyber Security: Standard to reduce risks to the reliability
2 /
of bulk electric systems from any compromise of their critical cyber
assets
7.RFC 2196: Computer security policies and procedures for sites that
have sys- tems on the internet.
8.CIS Critical Security Controls: Actions that form a defense-in-depth
set of practices that mitigate common attacks against systems /
networks.
9.Sarbanes-Oxley Act (SOX): Protects investors and public by
increasing accu- racy / reliability of corporate disclosures
10.Health Insurance Portability and Accountability Act (HIPAA):
Protections for individually identifiable health information
11.Federal Information Security Management Act (FISMA): Framework for
ensuring effectiveness of InfoSec controls over information resources
that support federal operations and assets.
12.Gramm-Leach-Bliley Act (GLBA): Financial companies required to
explain information-sharing practices to customers & safeguard
sensitive data
13.Data Protection Act 2018: Provisions for GDPR
1 / 10
WGU C842 OBJECTIVE ASSESSMENT 2023
1.A security committee at an organization develops a security plan.
Numer- ous security control types are in place. The organization utilizes a
training program to provide best practices training to all employees. The
committee uses which category to define the program ANS Operational
2.Too often, employees use the datacenter for overflow storage of office
sup- plies. Management uses warning signs to prevent employees from
entering a datacenter. Management has implemented which control type to
tighten security ANS Physical
3.It is important to assess sources when adding information to a data
set. Considering threat intelligence, this data is likely to derive from
external sources. Which factor is key in disseminating updates ANS
Relevancy
4.Numerous energy companies experience cyber attacks in a short period
of time. Analysts that investigate the attacks categorize the threats as
coming from which actor type ANS Nation-state
2 / 10
5.A company abruptly terminates an employee. The employee harbors a
known grievance as a result of the company’s actions. Considering
threat types, which two classify the ex-employee? Select all that apply
ANS Insider Outsider
6.Engineers analyze previous hacks and intrusions to produce definitions
of the tactics, techniques, and procedures (TTP) used to perform attacks.
When evaluating data, the engineers classify which attack based on the
behavior of increased network traffic ANS Data exfiltration
7.Threat intelligence reveals a new type of malware is infecting Windows
desktops in many companies. Security specialists at a company initiate
threat hunting activities to investigate a potential infection. Which areas
do the engineers investigate in implementing the hunt? Select all that
apply ANS – Network traffic
Process Lists
8.A systems engineer at an organization tightens security by enabling
sandboxing on a crucial system. This measure is in place to help prevent
ransomware. Which valid features does the engineer enable on the
system? Select all that apply ANS Monitor network sockets
Periodic snapshots
3 / 10
9.In contrast to traditional packet sniffing, Zeek, a packet capture tool,
offers which benefits? Select all that apply ANS Log only data of potential
interests Reduce storage requirements
1 / 25
WGU C842 – Cyber Defense and Counter Measures TEST
- Which of the following information security elements ensures that the
information is accessible only to those who are authorized to have
access?
A authenticity
B confidentiality
C integrity
D availability ANS : B - Identify the information security element that determines
trustworthiness of data or resources in terms of preventing improper and
unauthorized changes.
A integrity
B availability
C authenticity
D non-repudiation ANS : A - John, a security professional working for Xdoc Corporation, is implementing a security strategy that uses multilayered protection throughout
an information system to help minimize any adverse impact from attacks
2 / 25
on organizational assets.
Identify the security strategy John has implemented.
A covert channel
B defense-in-depth
C likelihood analysis
D three-way handshake ANS : B
- Identify the security policy that doesn’t keep any restrictions on the
usage of system resources.
A promiscuous
policy B prudent
policy
C paranoid policy
D permissive policy ANS : A - Carl is trying to violate the acceptable use of a network and computer
use policy. Under which category of the incident handling criteria does
this scenario fall?
3 / 25
A CAT 4
B CAT 2
C CAT 1
D CAT 3 ANS : A
- In which of the following stages of incident handling does
classification and prioritization of incidents take place?
A incident recording and
assignment B incident containment
C post-incident activities
D incident triage ANS : D - Which of the following terms reflects an organization’s mid-term
and long-term goals for incident management capabilities?
A IH&R team models
B IH&R mission
C IH&R staffing
D IH&R vision
ANS : D - Which of the following terms defines the purpose and scope of the
planned incident handling and response capabilities?
4 / 25
A IH&R mission
B IH&R staffing
C IH&R team models
D IH&R vision ANS :
A
- Which of the following backup strategies provides daily status of the
backup situation, such as successful, unsuccessful, not run, out of
space, etc.?
A security
B guarantee
C data
availability D
notifications ANS
: D - John is an incident response manager at XYZ Inc. As a part of IH&R
policy of his organization, he signed a contract between the organization
and a third-party insurer to protect organization individuals from different
threats and risks.
1 / 25
WGU C842 – Cyber Defense and Counter Measures TEST
- Which of the following information security elements ensures that the
information is accessible only to those who are authorized to have
access?
A authenticity
B confidentiality
C integrity
D availability ANS : B - Identify the information security element that determines
trustworthiness of data or resources in terms of preventing improper and
unauthorized changes.
A integrity
B availability
C authenticity
D non-repudiation ANS : A - John, a security professional working for Xdoc Corporation, is implementing a security strategy that uses multilayered protection throughout
an information system to help minimize any adverse impact from attacks
2 / 25
on organizational assets.
Identify the security strategy John has implemented.
A covert channel
B defense-in-depth
C likelihood analysis
D three-way handshake ANS : B
- Identify the security policy that doesn’t keep any restrictions on the
usage of system resources.
A promiscuous
policy B prudent
policy
C paranoid policy
D permissive policy ANS : A - Carl is trying to violate the acceptable use of a network and computer
use policy. Under which category of the incident handling criteria does
this scenario fall?
3 / 25
A CAT 4
B CAT 2
C CAT 1
D CAT 3 ANS : A
- In which of the following stages of incident handling does
classification and prioritization of incidents take place?
A incident recording and
assignment B incident containment
C post-incident activities
D incident triage ANS : D - Which of the following terms reflects an organization’s mid-term
and long-term goals for incident management capabilities?
A IH&R team models
B IH&R mission
C IH&R staffing
D IH&R vision
ANS : D - Which of the following terms defines the purpose and scope of the
planned incident handling and response capabilities?
4 / 25
A IH&R mission
B IH&R staffing
C IH&R team models
D IH&R vision ANS :
A
- Which of the following backup strategies provides daily status of the
backup situation, such as successful, unsuccessful, not run, out of
space, etc.?
A security
B guarantee
C data
availability D
notifications ANS
: D - John is an incident response manager at XYZ Inc. As a part of IH&R
policy of his organization, he signed a contract between the organization
and a third-party insurer to protect organization individuals from different
threats and risks.