EC-Council
312-39 · Question #57
312-39 Question #57: Real Exam Question with Answer & Explanation
Sign in or unlock 312-39 to reveal the answer and full explanation for question #57. The question stem and answer options stay visible for context.
Question
The SOC analyst at a national cybersecurity agency detected unusual system behavior on critical infrastructure servers. Initial scans flagged potential malware activity. Due to the sophisticated nature of the suspected attack, including registry modifications, process injection, and unauthorized tasks, the case was escalated to the forensic team. The forensic team suspects the malware is designed for stealthy data exfiltration. To assess the compromise, they captured system snapshots before and after suspected infection to identify unauthorized changes and anomalies. Which process are they following by capturing and comparing system snapshots to detect unauthorized changes?
Options
- ADigital forensics
- BSignature-based detection
- CThreat intelligence gathering
- DHost integrity monitoring
Unlock 312-39 to see the answer
You've previewed enough free 312-39 questions. Unlock 312-39 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.