In a packet capture, an analyst observes that a system sent a frequent,

small, outbound communication to a known bad IP over a seven-day

span. What type of behavior is possibly occurring?

Which Sysinternals tool can be used to collect detailed log event

information for security information and event monitoring and

analysis?

What tool is used to record the state of the registry before and after

malware is executed on an analysis system?

What are two basic approaches commonly employed when

investigating malware?

Which of these tools is available online to run a malware specimen

through a sandbox to record activities performed by the malware in a

virtual environment?

What step should always be taken first during an incident?

During the remediation phase of incident response, you remove a file

from your infected web server. What is the most important additional

thing to do to prevent being compromised again?

Which type of system is most commonly used to investigate malware?

Why is performing memory analysis on RAM images a staple of

investigations?

What method could be used to ensure that an asset under

investigation is not put back into production without approval before

the investigation is complete?