DFIR Exam

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following should be monitored during dynamic malware analysis? (Choose all correct answers.)

File system changes,Network activity,Registry changes

Which of the following is not a tool that is used for data carving?

DumpIt

Which of the following is the most common file system used in Linux distributions?

Ext4

Which of the following is not CPU architecture?

Pi

Which of the following is not a feature of Wireshark?

Replace network traffic

Which of the following is not included in the digital forensics process?

Penetration Testing

What is the correct incident response lifecycle per the NIST incident response methodology?

Preparation, Detection and Analysis, Containment, Eradication and Recovery, and Post-Incident Activity

Which of the following are commonly used for malware persistence?(Choose all correct answers.)

Scheduled tasks Correct! Registry keys Correct! Services

What is the responsibility of a CISO?

To create a strategy for data and IT asset protection and maintain it

What is a sandbox used for?

To test malware in an isolated environment

What is the difference between Wireshark and tcpdump?

tcpdump is command-based; Wireshark has a GUI interface.

Which of the following tools can be used to find persistent malware?

Autoruns

Which of the following tools can be used to research RAM dumps?

Volatility

Which of the following statements is true?

When data is erased from the operating system, it remains on the HDD until it is overwritten.

How is a file hidden using steganography?

By hiding a file within another file

Which of the following tools can be used for drive cloning? (Choose all correct answers.)

dd Correct! FTK Imager

Which of the following tools can be used to obfuscate malware code?

UPX Tools that can be used to obfuscate malware code are PEID and UPX. Both tools are used to pack executable files, making them harder to detect by antivirus software. PEID, also known as PEiD, is a program that can analyze portable executable (PE) files and detect if they are packed with a particular type of packer.

Which of the following is not a containment strategy for a cybersecurity incident?

Updating IDS rules Updating IDS rules is not a containment strategy for a cybersecurity incident. Read:Containment strategies for a cybersecurity incident

Which of the following is a Windows Event Viewer classification?(Choose all correct answers.)

Debug Correct! Alert Correct! Error

Which tool should an investigator use to dynamically investigate malware?

Debugger


Conjuntos de estudio relacionados

IELTS Advanced vocab - Animals/Pets

View Set

El solenodonte (Preguntas y respuestas)

View Set

Chapter 19 - Intraoperative Care

View Set

Acquired Immune Deficiency Syndrome (AIDS)

View Set

Deep Learning with Python by Francois Chollet, Deep Learning, New ML

View Set