ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 281 discussion

Actual exam question from CompTIA's CS0-002
Question #: 281
Topic #: 1
[All CS0-002 Questions]

An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issued mobile device while connected to the network. Which of the following actions would help during the forensic analysis of the mobile device? (Choose two.)

  • A. Resetting the phone to factory settings
  • B. Rebooting the phone and installing the latest security updates
  • C. Documenting the respective chain of custody
  • D. Uninstalling any potentially unwanted programs
  • E. Performing a memory dump of the mobile device for analysis
  • F. Unlocking the device by blowing the eFuse
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️
by gnnggnnggnng at Feb. 4, 2023, 3:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gnnggnnggnng
Highly Voted 2 years, 2 months ago
Selected Answer: CE
C and E are the best actions to help during the forensic analysis of the mobile device as they preserve the evidence and make it easier to analyze. C: Documenting the chain of custody helps to establish the authenticity of the evidence and its proper handling. E: Performing a memory dump of the mobile device is important to preserve volatile data that may not be available otherwise, and can be useful for analysis to identify the attack vector and determine the extent of the compromise. Resetting the phone to factory settings (A) would erase all the data, including the evidence that could have helped in the investigation. Rebooting the phone and installing the latest security updates (B) may be helpful, but it would not help preserve the evidence. Uninstalling any potentially unwanted programs (D) may help, but this would not be a priority during a forensic analysis. Unlocking the device by blowing the eFuse (F) is not relevant to the investigation.
upvoted 9 times
2Fish
2 years, 1 month ago
Agree CE, absolutely do not want to make any changes to the device during a forensic investigation.
upvoted 1 times
...
...
CatoFong
Most Recent 2 years, 2 months ago
Selected Answer: CE
CE is correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago