312-49v11 Exam Question 101

A regional bank, operating across several cities, recently discovered discrepancies in account balances following routine audits. The issues were noticed across various branches, prompting an internal investigation. Upon deeper analysis, it was revealed that someone with prior authorization had altered financial records. The investigation uncovered that a former employee, whose credentials had not been deactivated after leaving the company, had retained full control over critical systems. This oversight allowed the individual to modify transactional data, leading to inaccurate financial reports and potential harm to the bank ' s reputation. The adjustments made by the former employee were intentional and impacted customer accounts. Despite the employee no longer being employed, the lack of action to revoke their permissions allowed these changes to occur without any barriers. What classification of cybercrimes best fits this event?
  • 312-49v11 Exam Question 102

    During an investigation, an examiner opens an Excel file with a .xlsm extension, indicating that the document is capable of containing malicious code. Upon closer inspection, the investigator must determine if the file poses a threat. What should the investigator focus on to identify potential risks?
  • 312-49v11 Exam Question 103

    During a forensic investigation into a recent security incident within an organization, the investigator is tasked with documenting every action taken with the evidence to ensure proper chain of custody. The investigator carefully documents every action taken with the evidence in a logbook. The evidence is tagged with unique identifiers to prevent confusion. A detailed chain of custody record is also created to track the evidence ' s movement and handling throughout the investigation. Which investigation step is the investigator performing in this scenario?
  • 312-49v11 Exam Question 104

    Sarah, a security analyst, is reviewing the security audit logs from a Windows machine to detect unauthorized activities. She comes across an event with the ID 4663 in the Windows Event Viewer, which corresponds to a specific type of system interaction. After further analysis, she determines that this event is related to an activity involving critical system objects.
    What does Event ID 4663 specifically indicate in relation to Windows security?
  • 312-49v11 Exam Question 105

    A cybersecurity analyst at a leading technology firm has discovered a suspicious file in the company ' s network. Concerned that it may be malware, the analyst decides to conduct both static and dynamic analysis to assess the potential threat posed by the file.
    In the scenario described, what would be the primary purpose of conducting static analysis on the suspicious file?