During an investigation, an incident responder intends to recover multiple pieces of digital media. Before removing the media, the responder should initiate:

A security analyst wants to confirm a finding from a penetration test report on the internal web server. To do so, the analyst logs into the web server using SSH to send the request locally. The report provides a link to https://hrserver.internal/../../etc/passwd, and the server IP address is
10.10.10.15. However, after several attempts, the analyst cannot get the file, despite attempting to get it using different ways, as shown below.

Which of the following would explain this problem? (Choose two.)

A company's Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user's activity session.
Which of the following is the BEST technique to address the CISO's concerns?

Massivelog log has grown to 40GB on a Windows server At this size, local tools are unable to read the file, and it cannot be moved off the virtual server where it is located. Which of the following lines of PowerShell script will allow a user to extract the last 10.000 lines of the loq for review?

An analyst Is reviewing a web developer's workstation for potential compromise. While examining the workstation's hosts file, the analyst observes the following:

Which of the following hosts file entries should the analyst use for further investigation?