Joe a user upon arriving to work on Monday morning noticed several files were deleted from the
system. There were no records of any scheduled network outages or upgrades to the system. Joe
notifies the security department of the anomaly found and removes the system from the network.
Which of the following is the NEXT action that Joe should perform?
A.
Screenshots of systems
B.
Call the local police
C.
Perform a backup
D.
Capture system image
D.
Capturing system image takes first priority over screenshots
0
0
Capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it. Very much as helpful in same way that a virus sample is kept in laboratories to study later after a breakout. Also you should act in the order of volatility which states that the system image capture is first on the list of a forensic analysis.
Capturing an image of the system is the process of making an exact copy of the contents of the hard drive in the system.
According to the CompTIA book, capture system image is step 1. So the answer is D.
0
0
answer is A
Joe is user not a security specialist
0
0
He disconnected the machine from the network tho. Also, as it previously talked with the Sec dept it is likely that he was given the appropriate instructions.
D is the correct answer.
0
0
User doesn’t have permission to image the system. Only effort he can do is screen shot
0
0
When you don’t read the question fully and get shown up #rekt
0
0
This is one of many badly written questions doing the rounds.
The first question that springs to mind is: what do they mean by -system-?
Based on the context of the question, I assume that we are talking about a -file system- which is the way in which files are named and where they are placed logically for storage and retrieval. Or perhaps they are talking about a server or a Desktop?
Whichever way, they made the point to stress that Joe is a bog standard -user-.
As pointed out by Mido and Clindamycin respectively
• Joe is a user not a security specialist
• User doesn’t have permission to image the system. Only effort he can do is to perform screen shots.
Yet Joe must be a -user- on steroids, since he can do so many things such as -removing the system from the network-.
Mind you, the above can be achieved with no rights and permissions at all by simply pulling the plug or disconnecting the network cable.
I stick therefore with the fact that Joe is a user, and as such all he can do is A- Take screenshots of the system.
0
0