While reviewing some audit logs, an analyst has identified consistent modifications to the sshd_config file for an organization's server. The analyst would like to investigate and compare contents of the current file with
archived versions of files that are saved weekly. Which of the following tools will be MOST effective during the investigation?
After imaging a disk as part of an investigation, a forensics analyst wants to hash the image using a tool that supports piecewise hashing. Which of the following tools should the analyst use?
During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?
An incident at a government agency has occurred and the following actions were taken:
- Users have regained access to email accounts
- Temporary VPN services have been removed
- Host-based intrusion prevention system (HIPS) and antivirus (AV) signatures have been updated
- Temporary email servers have been decommissioned
Which of the following phases of the incident response process match the actions taken?
Which of the following technologies would reduce the risk of a successful SQL injection attack?
