Messy, a network defender, was hired to secure an organization's internal network. He deployed an IDS in

which the detection process depends on observing and comparing the observed events with the normal

behavior and then detecting any deviation from it.

Identify the type of IDS employed by Messy in the above scenario.

Identify the backup mechanism that is performed within the organization using external devices such as hard

disks and requires human interaction to perform the backup operations, thus, making it suspect able to theft or

natural disasters.

Robert, a security specialist, was appointed to strengthen the security of the organization's network. To prevent

multiple login attempts from unknown sources, Robert implemented a security strategy of issuing alerts or

warning messages when multiple failed login attempts are made.

Which of the following security risks is addressed by Robert to make attempted break-ins unsuccessful?

Michael, a forensic expert, was assigned to investigate an incident that involved unauthorized intrusion

attempts. In this process, Michael identified all the open ports on a system and disabled them because these

open ports can allow attackers to install malicious services and compromise the security of the system or

network.

Which of the following commands assisted Michael in identifying open ports in the above scenario?

Bob, a forensic investigator, is investigating a live Windows system found at a crime scene. In this process,

Bob extracted subkeys containing information such as SAM. Security, and software using an automated tool

called FTK Imager.

Which of the following Windows Registry hives' subkeys provide the above information to Bob?