312-49v11 Exam Question 26

A well-known e-commerce company is under investigation after a series of suspicious activities reported by multiple users. One user reported unauthorized purchases, and another reported changes in personal details.
The company ' s internal security team discovered that some sessions were overlapping, hinting that more than one user was using the same session at different geographical locations. The team concluded that the session cookies must have been intercepted and used by an attacker. As a forensic investigator, what type of attack is the most probable cause for this security incident?
  • 312-49v11 Exam Question 27

    After completing a thorough forensic investigation into a corporate data breach, the forensic investigator prepares a detailed and comprehensive report for the client. This report includes all the findings from the investigation, along with a clear explanation of the methods used. The investigator also provides well- structured recommendations to help the client prevent similar incidents from happening in the future. The investigator ensures the client fully understands the findings and can act on the recommendations. Which best practice is the investigator fulfilling in this case?
  • 312-49v11 Exam Question 28

    In a financial institution ' s computer forensic investigation, suspicious activity reveals unauthorized access to GLBA (Gramm-Leach-Bliley Act)-protected customer data, raising concerns for customer safety. However, identifying the breach ' s source and extent poses significant challenges, complicating compliance with GLBA guidelines.
    What steps should be taken in a GLBA-covered computer forensic investigation when unauthorized access to sensitive customer data is discovered?
  • 312-49v11 Exam Question 29

    In the aftermath of a sophisticated cyber-attack on a financial institution, forensic investigators are tasked with retrieving critical evidence from a compromised server. However, upon examination, they encounter encrypted files and password-protected directories, indicating attempts to thwart forensic analysis through password protection.
    To counter these anti-forensic measures effectively, which of the following strategies would be most effective?
  • 312-49v11 Exam Question 30

    As a forensic analyst in a cybersecurity firm, you ' ve been tasked with investigating a breach at a client ' s office. The breach involves multiple servers, each having its own set of logs and events. To make the analysis more efficient and identify the root cause of the breach, which type of event correlation should you employ?