exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam

Exam CAS-004 topic 1 question 574 discussion

Actual exam question from CompTIA's CAS-004
Question #: 574
Topic #: 1
[All CAS-004 Questions]

An analyst is working to address a potential compromise of a corporate endpoint and discovers the attacker accessed a user’s credentials. However, it is unclear if the system baseline was modified to achieve persistence. Which of the following would most likely support forensic activities in this scenario?

  • A. Side-channel analysis
  • B. Bit-level disk duplication
  • C. Software composition analysis
  • D. SCAP scanner
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Steel16
6 days, 19 hours ago
Selected Answer: B
o Bit-level disk duplication creates an exact, sector-by-sector copy of a hard drive, preserving all data, including hidden files, deleted files, and system metadata. This allows the analyst to examine the entire disk for any changes made by the attacker, even if they attempted to cover their tracks. This is crucial for determining if the system baseline was modified, as subtle changes in the filesystem or registry entries could indicate persistence mechanisms.
upvoted 1 times
...
Bright07
2 months, 3 weeks ago
Selected Answer: B
Bit-level disk duplication
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago