nerdexam
ExamsCAS-003Questions#698
CompTIA

CAS-003 · Question #698

CAS-003 Question #698: Real Exam Question with Answer & Explanation

The correct answer is B: The drive was cloned for forensic analysis.. The command dd if=/dev/sda of=/dev/sdb uses the Unix dd (disk dump) utility to create a bit-for-bit, sector-by-sector clone of the source drive (/dev/sda) to a destination drive (/dev/sdb). This is a standard forensic imaging technique used to preserve original evidence by workin

Question

A security engineer is looking at a DNS server following a known incident. The engineer sees the following command as the most recent entry in the server's shell history: id ^f=iev/sda of=/dev/sdb Which of the following MOST likely occurred?

Options

  • AA tape backup of the server was performed.
  • BThe drive was cloned for forensic analysis.
  • CThe hard drive was formatted after the incident.
  • DThe DNS log files were rolled daily as expected

Explanation

The command dd if=/dev/sda of=/dev/sdb uses the Unix dd (disk dump) utility to create a bit-for-bit, sector-by-sector clone of the source drive (/dev/sda) to a destination drive (/dev/sdb). This is a standard forensic imaging technique used to preserve original evidence by working from an exact copy. if is the input file (source) and of is the output file (destination). Tape backup (A) would reference a tape device (e.g., /dev/st0). Formatting (C) would use a tool like mkfs. Log rotation (D) would not involve raw disk operations.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice