ExamTopics Logo
Mail Usteam@examtopics.com
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 574 discussion

Actual exam question from CompTIA's CAS-004
Question #: 574
Topic #: 1
[All CAS-004 Questions]

An analyst is working to address a potential compromise of a corporate endpoint and discovers the attacker accessed a user’s credentials. However, it is unclear if the system baseline was modified to achieve persistence. Which of the following would most likely support forensic activities in this scenario?

  • A. Side-channel analysis
  • B. Bit-level disk duplication
  • C. Software composition analysis
  • D. SCAP scanner
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Community vote distribution
B (100%)
by Bright07 at Dec. 25, 2024, 12:31 a.m.

Comments

Chosen Answer:
This is a voting comment. You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Steel16
3 weeks, 3 days ago
Selected Answer: B
o Bit-level disk duplication creates an exact, sector-by-sector copy of a hard drive, preserving all data, including hidden files, deleted files, and system metadata. This allows the analyst to examine the entire disk for any changes made by the attacker, even if they attempted to cover their tracks. This is crucial for determining if the system baseline was modified, as subtle changes in the filesystem or registry entries could indicate persistence mechanisms.
upvoted 1 times
...
Bright07
3 months, 1 week ago
Selected Answer: B
Bit-level disk duplication
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
PL-200
Ashburn, 1 minute ago