312-49v11 Exam Question 126

As a forensic analyst in a cybersecurity firm, you ' ve been tasked with investigating a breach at a client ' s office. The breach involves multiple servers, each having its own set of logs and events. To make the analysis more efficient and identify the root cause of the breach, which type of event correlation should you employ?
  • 312-49v11 Exam Question 127

    A security research team is creating a dedicated testbed for malware analysis. The team ensures that the test environment is isolated from the functional network, preventing the malware from impacting business operations. The testbed includes virtual machines, victim machines with different configurations (patched and unpatched), and necessary tools such as imaging tools, file analysis tools, and network capture tools. What is the primary benefit of using a sandbox environment in the malware analysis lab?
  • 312-49v11 Exam Question 128

    Mateo, a forensic investigator, is analyzing a cyber-attack carried out against a target organization. During his investigation, he discovers that several important files are missing on a Linux system. Further examination reveals that one of the files, which was an executable, had erased its own content during the attack. Mateo realizes that in order to recover this file, he needs to use a Linux command that can help him retrieve the contents of this erased executable. Given the situation, which of the following commands should Mateo use to recover the lost executable file on the Linux system?