312-49v11 Exam Question 91

During a security audit of a web application, suspicious activity indicative of a directory traversal attack is detected in the server logs. The attack appears to exploit vulnerabilities to gain unauthorized access to sensitive files and directories.
In digital forensics, what is the primary objective of investigating a directory traversal attack?
  • 312-49v11 Exam Question 92

    The cybersecurity team of a leading software company is investigating an intricate network of infected systems in their infrastructure. Their research leads to a single file suspected to be the root cause of the infection. The malware in question is thought to be a novel one, and no prior information about it is available.
    What would be the most viable initial step to understanding its potential capabilities and mode of operation?
  • 312-49v11 Exam Question 93

    A company experiences a major data breach within its cloud infrastructure after a critical failure on the part of its cloud service provider (CSP). The breach occurs because the CSP ' s infrastructure fails to adequately segregate and safeguard the data of different customers in a multi-tenant environment. The attacker exploits this weakness, gaining unauthorized access to sensitive data from multiple clients sharing the same cloud systems. As a result, customer data is revealed across several accounts, with the attacker using this access to move laterally through the system, escalating privileges, and accessing additional confidential information.
    The breach remained undetected for an extended period, allowing the attacker to cover their tracks and exfiltrate large volumes of data. What threat is most likely to be the cause of this issue?
  • 312-49v11 Exam Question 94

    In a multinational corporation, there have been increasing reports of system crashes and data leaks from the intranet. Forensic investigators discovered a highly polymorphic worm propagating across the network. The worm quickly changes its structure, making it difficult to analyze its behavior and create signatures. Susan, a cybersecurity analyst, needs to conduct a behavioral analysis of the worm in a secure and controlled environment. Which of the following tools should she use for this purpose?
  • 312-49v11 Exam Question 95

    Following a cybersecurity incident at an organization, a forensic investigator is tasked with collecting Electronically Stored Information (ESI) as part of the investigation. To streamline the data collection process, the investigator restricts the range and size of ESI from custodians, limiting the collection to specific file types and directories on a computer. This approach ensures that only relevant information is collected while minimizing the impact on other devices. Which eDiscovery collection methodology is being used in this scenario?