June 2024

Article

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Gavin has been tasked with collecting several types of forensic information from a system involved in a security incident.  Which one of the choices below lists the preferred order in which he should collect this evidence, from first to last? A.  RAM first, then virtual memory, then SSD, and finally backups B. Virtual memory come first followed by RAM, SSD, and backups C. RAM first, then virtual memory, then backups, and wrapping up with SSD D. Virtual memory, then move to RAM, then backups, and then SSD Correct Answer: A The order of volatility says that you should first collect the evidence most likely to be destroyed first. The proper ordering of these evidence sources in order of volatility is RAM first, as the contents of RAM are deleted when the system is turned off. The next step is to collect the virtual memory paging file, as this file is frequently modified. Next, Gavin should collect other files stored on the SSD disk. Backups are the least volatile item and they can be collected last.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. What Linux command allows you to view the contents of the system journal that are currently stored in memory? A. Sysview B. Syslogd C. Journalview D. Journalctl Correct Answer: D Sysview and journalview are not Linux commands, making them incorrect answers .The journalctl command is used to view the contents of the system journal, which is stored in memory. This is the correct answer. Syslogd is the daemon used to write syslog entries to disk, making it an incorrect answer as well.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Randi is conducting a penetration test on behalf of one of his organization's clients and is using the Internet to gather email addresses of employees at the client organization.  What phase of the Cyber Kill Chain includes Randi's activity? A. Actions on Objectives B. Reconnaissance C. Weaponization D. Delivery Correct Answer: B Harvesting email addresses from the Internet is passive reconnaissance that takes place during the early stages of a penetration test. This is the correct answer.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...