DFIR - Short List

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which of the following tools can be used to find persistent malware?

Autoruns

Which SOC role is responsible for creating a strategy for data and IT asset protection?

CISO

NetScan

Can be used in more recent versions of Windows

To test company software and analyze its behavior in real-time, which of the following should be used?

Dynamic analysis

UPX is what type of tool?

Packer

Which of the following is NOT CPU architecture?

Pi

What are the stages of NIST methodologies?

Preparation, detection & analysis, containment, eradication & recovery, post-incident Activity

Which of the following tools can be used to obfuscate malware code?

UPX

Which of the following is NOT a containment strategy for a cybersecurity incident?

Updating IDS rules

Which tool should an investor use to dynamically investigate malware?

Debugger

Which of the following systems contains metadata for each stored file?

NTFS

Which of the following tools can check network connections? To investigate if any network connections were established.

Netstat

Which of the following tools can be used to research RAM dumps?

Volatility

How is a file hidden using steganography?

By hiding a file within another file

Which of the following can be examined during static malware analysis?

Executable file strings

Which of the following is NOT a feature of Wireshark?

Replace network traffic

What is a sandbox used for?

To test malware in an isolated environment

Which of the following are commonly used for malware persistence?

-Services -Registry Keys

Which of the following is a Windows Rvent Viewer classification?

-Error -Debug -Alert

Updating IDS rules is a containment strategy for a cybersecurity incident.

False

What is DumpIt used for?

Memory Captures

Which of the following is NOT included in the digital forensics process?

Penetration testing

Which of the following is NOT a tool that is used for data carving?

DumpIt

Which of the following is the most common file system used in Linux distributions?

Ext4

What tool is used to make a copy of a hard drive?

FTK Imager

You can recover a computer's RAM only when it is turned.

Off

Which of the following can help examine a process like a file named code.exe?

Process Dump

What can we not get when the computer is turned off?

RAM

What is the responsibility of a CISO?

To create a strategy for data and IT asset protection and maintain it

Which of the following statements is true?

When data is erased from the operating system, it remains on the HDD until it is overwritten

Which does NOT contain memory artifacts that can be analyzed?

RAM disk

Which of the following are commonly used for malware persistence?

Registry keys, Run Once registry keys, startup folder, schedule tasks

Which of the following is a network sniffing tool?

tcpdump

What is the difference between Wireshark and tcpdump?

tcpdump is command-based; Wireshark has a GUI interface

Which of the following should be monitored during dynamic malware analysis?

-Network activity -Registry changes -File system changes

Which of the following tools can be used for drive cloning?

-dd -FTK Imager


Ensembles d'études connexes

CON 2370 Simplified Acquisition Procedures Take 14

View Set

Chapter 13 mastering biology assignment

View Set

08-03-04 Dictionaries - dctionary-traversal

View Set

Texas Pre-License - Promulgated Contracts

View Set