A forensic team investigates a server breach. The attacker deleted logs, but evidence is needed for court. What should have been maintained, and why?

A DNS query redirects users to a fake login page. Logs show no local tampering. What should have been enabled, and what does it do?

A user logs into a banking app over public Wi-Fi, and their account is drained. Logs show a stolen session token. What should have been used, and what protocol?

A company adopts a SaaS CRM tool. After a breach, they learn the provider failed to patch it. Who is MOST responsible, and what should be reviewed?

A gaming server crashes after receiving massive traffic from thousands of IPs worldwide. No hardware issues are found. What should the admin suspect, and what should be deployed?

A CFO receives an email with a payroll update attachment from an unknown sender claiming urgency. Opening it locks their system. What attack occurred, and what should have been done?

A developer’s workstation slows dramatically, and logs reveal a process altering system binaries undetected by antivirus. What is the MOST likely threat, and what should be inspected?

A hospital’s patient records are exposed online after a misconfiguration. Regulators investigate compliance failures. What law applies, and what should have been audited?

A payroll database is stolen during a breach, but the data is unreadable to the attacker. What security measure saved the company, and what should be verified?

A corporate Wi-Fi network is breached after an attacker guesses a weak password. Logs show repeated login attempts succeeded. What should have been implemented, and what standard should be used?