Multiple Choice
After a recent malware incident, the forensic investigator is gathering details to identify the breach and causes. The investigator has isolated the affected workstation. What is the next step that should be taken in this investigation?
A) Analyze the applications and services running on the affected workstation.
B) Compare workstation configuration and asset configuration policy to identify gaps.
C) Inspect registry entries for recently executed files.
D) Review audit logs for privilege escalation events.
Correct Answer:
Verified
Correct Answer:
Verified
Q14: An analyst is alerted for a malicious
Q15: The incident response team receives information about
Q16: Refer to the exhibit. What is occurring
Q17: A SIEM tool fires an alert about
Q18: An employee abused PowerShell commands and script
Q20: An analyst wants to upload an infected
Q21: Refer to the exhibit. Which asset has
Q22: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q23: An engineer is investigating several cases of
Q24: Employees report computer system crashes within the