Multiple Choice
A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company's server. Which of the following is the FIRST step the analyst should take?
A) Create a full disk image of the server's hard drive to look for the file containing the malware.
B) Run a manual antivirus scan on the machine to look for known malicious software.
C) Take a memory snapshot of the machine to capture volatile information stored in memory.
D) Start packet capturing to look for traffic that could be indicative of command and control from the miner.
Correct Answer:
Verified
Correct Answer:
Verified
Q19: A custom script currently monitors real-time logs
Q20: A storage area network (SAN) was inadvertently
Q21: An executive assistant wants to onboard a
Q22: An analyst performs a routine scan of
Q23: Which of the following would a security
Q25: An analyst is participating in the solution
Q26: A Chief Information Security Officer (CISO) wants
Q27: Which of the following BEST articulates the
Q28: During a review of vulnerability scan results,
Q29: Which of the following sources would a