Nick wants to analyze a potentially malicious software package using an open-source, locally hosted tool. Which of the following tools is best suited to his need if he wants to run the tool as part of the process?

Cynthia wants to build scripts to detect malware beaconing behavior. Which of the following is not a means of identifying malware beaconing behavior for building scripts on a network?

A beacon protocol is not a means of identifying malware beaconing behavior for building scripts on a network. Unless Cynthia already knows the protocol that a particular beacon uses, filtering out beacons by protocol may cause her to miss beaconing behavior. Attackers want to dodge common analytical tools and will use protocols that are less likely to attract attention.

Henry wants to identify potentially unauthorized scheduled tasks on a Linux system. What Linux command is most useful to identify scheduled tasks?

The cron command is used to set, view, and maintain scheduled tasks in Linux. Scheduled tasks, or cron jobs in Linux, are also a popular method for attackers to maintain persistent access to systems. Checking for unexpected scheduled tasks (or cron jobs) is a common part of incident response processes.

Angela wants to search for rogue devices on her network. Which of the following techniques will best help her identify systems if she has a complete hardware and systems inventory?

Since Angela already knows the media access control (MAC) addresses of all the devices due to her systems inventory, she can simply search for associated MAC addresses that do not match the list.

Ian wants to provide additional email security for his organization. Which of the following is not used to enhance email security?

Which of the following is not a common network issue?