Which of the following were missed?

– by 8

First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated. Which of the following were missed? (Choose two.)
A. CPU, process state tables, and main memory dumps
B. Essential information needed to perform data restoration to a known clean state
C. Temporary file system and swap space
D. Indicators of compromise to determine ransomware encryption
E. Chain of custody information needed for investigation

How to PASS CAS-004 in First Attempt?

FULL Printable PDF and Software. VALID exam to help you PASS.
comptia-exams

8 thoughts on “Which of the following were missed?

  3. AD – hosts were shut down immediately… Which of the following were missed?
    A. CPU, process state tables, and main memory dumps (Yes, loss this right after power off.)
    B. Essential information needed to perform data restoration to a known clean state (No, the longer you let ransomware run, the more data will be loss.)
    C. Temporary file system and swap space (no, hibernate file or paging file will remain in the hard drive.)
    D. Indicators of compromise to determine ransomware encryption (yes, could find out more about the ransomware by leaving host on.)
    E. Chain of custody information needed for investigation (no, the chain of custody is a detail record/log of what evidence was collected and how. You can start the log after the dust settled.)

    1
    1
    Reply

    1. hiberfil.sys file is only created when you “hibernate” a system, not when you shut it down. It will only be created when shut it down by choosing the hibernation option. Dont provide explanations if you dont know what youre talking about

      1
      Reply

      1. hiberfil.sys file is only created when you “hibernate” a system, not when you shut it down. It will only be created when shut it down by choosing the hibernation option. Dont provide explanations if you dont know what youre talking about.

        Answer is AC 10000%

        2
        Reply

  4. AD
    Shutting the computer down means complete loss of forensic evidence within the “A”
    This means likely loss of indicators of compromise to determine ransomware encryption “D”

    3
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.