- (Exam Topic 6)
What are the common data hiding techniques used by criminals?

1. A. Unallocated space and masking
2. B. Website defacement and log manipulation
3. C. Disabled Logging and admin elevation
4. D. Encryption, Steganography, and Changing Metadata/Timestamps

Correct Answer: D
Reference: https://cisomag.eccouncil.org/challenges-and-applications-of-digital-forensics/

- (Exam Topic 5)
A system is designed to dynamically block offending Internet IP-addresses from requesting services from a secure website. This type of control is considered

1. A. Zero-day attack mitigation
2. B. Preventive detection control
3. C. Corrective security control
4. D. Dynamic blocking control

Correct Answer: C

- (Exam Topic 5)
SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
After determining the audit findings are accurate, which of the following is the MOST logical next activity?

1. A. Begin initial gap remediation analyses
2. B. Review the security organization’s charter
3. C. Validate gaps with the Information Technology team
4. D. Create a briefing of the findings for executive management

Correct Answer: A

- (Exam Topic 2)
You have implemented the new controls. What is the next step?

1. A. Document the process for the stakeholders
2. B. Monitor the effectiveness of the controls
3. C. Update the audit findings report
4. D. Perform a risk assessment

Correct Answer: B

- (Exam Topic 1)
The alerting, monitoring and life-cycle management of security related events is typically handled by the

1. A. security threat and vulnerability management process
2. B. risk assessment process
3. C. risk management process
4. D. governance, risk, and compliance tools

Correct Answer: A