Multiple Choice
As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82) . The system drive is very large but does not contain the sensitive data. The technician has limited time to complete this task. Which of the following is the BEST command for the technician to run?
A) tar cvf - / | ssh 192.168.45.82 "cat - > /images/image.tar"
B) dd if=/dev/mem | scp - 192.168.45.82:/images/image.dd
C) memdump /dev/sda1 | nc 192.168.45.82 3000
D) dd if=/dev/sda | nc 192.168.45.82 3000
Correct Answer:
Verified
Correct Answer:
Verified
Q83: An online bank has contracted with a
Q84: A security technician receives a copy of
Q85: A security administrator wants to implement two-factor
Q86: A Chief Information Security Officer (CISO) needs
Q87: A Chief Information Security Officer (CISO) is
Q89: A security analyst is reviewing the corporate
Q90: The results of an external penetration test
Q91: A systems administrator receives an advisory email
Q92: Which of the following describes a contract
Q93: An organization has recently deployed an EDR