nerdexam
ExamsCAS-002Questions#818
CompTIA

CAS-002 · Question #818

CAS-002 Question #818: Real Exam Question with Answer & Explanation

Sign in or unlock CAS-002 to reveal the answer and full explanation for question #818. The question stem and answer options stay visible for context.

Question

Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE).

Options

  • ACheck log files for logins from unauthorized IPs.
  • BCheck /proc/kmem for fragmented memory segments.
  • CCheck for unencrypted passwords in /etc/shadow.
  • DCheck timestamps for files modified around time of compromise.
  • EUse lsof to determine files with future timestamps.
  • FUse gpg to encrypt compromised data files.
  • GVerify the MD5 checksum of system binaries.
  • HUse vmstat to look for excessive disk I/O.

Unlock CAS-002 to see the answer

You've previewed enough free CAS-002 questions. Unlock CAS-002 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CAS-002 - $49.99 / 30 daysSign in
Full CAS-002 Practice