Microsoft (MS-500) Exam Questions And Answers page 11
In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?
Network Administrator
Director of Information Technology
Director of Administration
Implement and manage identity and access
Manage governance and compliance features in Microsoft 365
In Microsoft file structures, sectors are grouped together to form:
Clusters
Drives
Bitstreams
Partitions
Implement and manage identity and access
Implement and manage information protection
What is a Known-stego attack in Steganalysis?
Single Choice
In Steganalysis, which of the following describes a Known-stego attack?
The hidden message and the corresponding stego-image are known
During the communication process, active attackers can change cover
Original and stego-object are available and the steganography algorithm is known
Only the steganography medium is available for analysis
Monitor and troubleshoot Microsoft 365 security
In the context of file deletion process, which of the following statement holds true?
When files are deleted, the data is overwritten and the cluster marked as available
The longer a disk is in use, the less likely it is that deleted files will be overwritten
While booting, the machine may create temporary files that can delete evidence
Secure delete programs work by completely overwriting the file in one go
Implement and manage information protection
Investigators can use the Type Allocation Code (TAC) to find the model and origin of a mobile device. Where is TAC located in mobile devices?
International Mobile Equipment Identifier (IMEI)
Integrated circuit card identifier (ICCID)
International mobile subscriber identity (IMSI)
Equipment Identity Register (EIR)
Implement and manage identity and access
Implement and manage threat protection
In which registry does the system store the Microsoft security IDs?
HKEY_CLASSES_ROOT (HKCR)
HKEY_CURRENT_CONFIG (HKCC)
HKEY_CURRENT_USER (HKCU)
HKEY_LOCAL_MACHINE (HKLM)
Implement and manage identity and access
Monitor and troubleshoot Microsoft 365 security
In Windows Security Event Log, what does an event id of 530 imply?
Logon Failure Unknown user name or bad password
Logon Failure User not allowed to logon at this computer
Logon Failure Account logon time restriction violation
Logon Failure Account currently disabled
Implement and manage identity and access
Monitor and troubleshoot Microsoft 365 security
What is the definition of digital forensics?
Single Choice
____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.
Network Forensics
Computer Forensics
Incident Response
Event Reaction
Implement and manage identity and access
Implement and manage threat protection
Item 2If you come across a sheepdip machine at your client site, what would you infer?
A sheepdip coordinates several honeypots
A sheepdip computer is another name for a honeypot
A sheepdip computer is used only for virus-checking.
A sheepdip computer defers a denial of service attack
Implement and manage information protection
Ivanovich, a forensics investigator, is trying to extract complete information about running processes from a system. Where should he look apart from the RAM and virtual memory?
Swap space
Application data
Files and documents
Slack space
Implement and manage identity and access
Monitor and troubleshoot Microsoft 365 security
Comments