Question

**PLEASE ANSWER ALL QUESTIONS**

Calliope is a forensics detective with a law enforcement agency. She discovers that an attacker who has just been caught was using a dead-drop method of controlling the bots in a botnet. Which of the following might have been a clue that the attacker was using this method?

	a.	Finding devices that the attacker had hidden on multiple victims’ company networks
	b.	Finding a directional antenna and Wi-Fi setup that allowed the bot herder to beam communications directly to the target computers
	c.	Finding an e-mail account with multiple saved drafts that were never sent but contained instructions the bots were to follow
	d.	Reading log files that contained constant encrypted communications from the attacker’s IP address to some of the identified bots

Belvais performing an audit of the e-mail server when she discovers that one of the accounts is sending a lot of e-mails all day that contain attachments. After a bit more research, she finds that the attachments contain extensive proprietary and confidential information. Which of the following should she consider implementing to prevent a reoccurrence?

	a.	Buffer filtering
	b.	DLP
	c.	PoS
	d.	Access point probe

Alika has just finished eradicating a piece of malware from a computer system. Which of the following might she do next as part of the validation process?

	a.	Secure erase
	b.	Patching
	c.	Reconstruction
	d.	Reimaging

Jaden has received an alert from a system that has identified potential malware on itself. Upon looking through the log files, he sees a list of error messages where an executable tried to write data to a range of memory addresses that did not exist for the system. Which of the following has most likely occurred?

	a.	Space overflow
	b.	Decimal overflow
	c.	Buffer overflow
	d.	Integer overflow

Victoria, a cybersecurity analyst, has just disconnected a computer from the network after finding that it was infected with malware. Which of the following is the next task that she should attempt to perform with the system?

	a.	Containment
	b.	Patching
	c.	Eradication
	d.	Validation

Answer 1

a.Finding devices that the attacker had hidden on multiple victims’ company network

• The dead-drop method is related to indirect communication.
• Instruction will be at another place.
• The bot will take that instruction from there.
• Here the attacker is directly communicating with the bot.
• So the answer is finding devices that the attacker had hidden on multiple victims’ company networks.

b.DLP

• It stands for Data Loss Prevention.
• It detects data breaches.
• Also, monitor the transmission and then detect and block the sensitive data during the transmission.

b.Patching

• She must do patching.
• Because it will help to reduce system crashes and security breaches.

c.Buffer overflow

• Web application’s execution stack is corrupted using the buffer overflow by the attacker.
• They are very harder to exploit.

c.Eradication

• If malware is affected in a system, we should take care of spreading it to other systems. She already did it.
• After that, she should eradicate in the next step.
• So that the answer is eradication.