An organization was recently hit with a ransomware attack that encrypted critical documents and files that were stored on the corporate file server.
Which of the following provides the organization with the BEST chance for recovering their data?
A computer forensics analyst suspects that some of the pictures recovered from the suspect's hard drive may contain metadata pertinent to the criminal investigation. Which of the following tools is BEST suited to retrieving any available metadata?
An incident responder has collected network capture logs in a text file, separated by five or more data fields.
Which of the following is the BEST command to use if the responder would like to print the file (to terminal/ screen) in numerical order?
While reviewing some audit logs, an analyst has identified consistent modifications to the sshd_config file for an organization’s server. The analyst would like to investigate and compare contents of the current file with
archived versions of files that are saved weekly. Which of the following tools will be MOST effective during the investigation?
A common formula used to calculate risk is:+ Threats + Vulnerabilities = Risk. Which of the following represents the missing factor in this formula?
Which of the following tools can help to detect suspicious or unauthorized changes to critical system configuration files?
A system administrator pulls records from a database that only requires the use of their general user vs. domain admin account. Use of the general user account demonstrates which of the following concepts?
Which of the following are well-known methods that are used to protect evidence during the forensics process? (Choose three.)
An attacker intercepts a hash and compares it to pre-computed hashes to crack a password. Which of the following methods has been used?
TESTED 01 Apr 2025
