312-49v11 Exam Question 106

Taylor, a forensic expert, has been assigned to investigate a cyber-attack on an organizational host server. The server has been compromised, and during the investigation, Taylor is tasked with analyzing network traffic to identify the attack ' s point of entry. Using Wireshark, Taylor inspects a packet capture file and notices an unusual pattern of repeated login failure attempts over the FTP protocol. Based on these failed attempts, Taylor suspects a brute-force attack targeting the FTP service. Taylor ' s next step is to confirm whether the attacker was able to successfully log into the FTP server after these failures. To verify the success of the attack, Taylor needs to identify the specific response code from the FTP server that would indicate a successful login. Which of the following Wireshark filters will help Taylor confirm successful FTP login attempts?
  • 312-49v11 Exam Question 107

    During a cybersecurity investigation involving a data breach at a financial institution, an investigator is tasked with identifying the root cause of the breach and generating a timeline of events that led to the incident. The investigator needs to determine which step in the forensic process will help uncover the sequence of activities, including the vulnerabilities exploited, the time of attack, and the specific actions taken by the attacker.
    Which of the following forensic techniques is most effective for achieving this goal?
  • 312-49v11 Exam Question 108

    Sarah, a forensic investigator, is conducting a post-compromise investigation on a company's server that contains sensitive data. To ensure the deleted files do not fall into the wrong hands, she follows a media sanitization procedure . The process involves overwriting the deleted data 6 times with alternating sequences of 0x00 and 0xFF, followed by a final overwrite using the pattern 0xAA .
    Which of the following media sanitization standards has Sarah followed in this scenario?
  • 312-49v11 Exam Question 109

    Ethan, a forensic investigator, has been assigned to investigate a computer system suspected of being used for malicious online activities. As part of his investigation, he needs to determine which applications have been executed on the system. By reviewing this data, he can identify whether any malicious software has been installed. To gather this information, Ethan needs to examine the correct system directory where traces of the executed applications are stored. Which of the following directories should Ethan examine to find traces of the applications that have been run on the system?
  • 312-49v11 Exam Question 110

    Mark, a forensic investigator, is tasked with investigating a disk image acquired from a suspect machine. He needs to access the files and directories within the disk image to gather evidence. To do so, Mark uses a Python-based tool that integrates with SleuthKit, allowing him to access and analyze the contents of the disk image. Which Python-based tool should Mark use to examine the disk image and view its associated files and directories?