CAS-005 · Question #498
CAS-005 Question #498: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-005 to reveal the answer and full explanation for question #498. The question stem and answer options stay visible for context.
Question
During an incident response activity, the response team collected some artifacts from a compromised server, but the following information is missing: - Source of the malicious files - Initial attack vector - Lateral movement activities The next step in the playbook is to reconstruct a timeline. Which of the following best supports this effort?
Options
- AExecuting decompilation of binary files
- BAnalyzing all network routes and connections
- CPerforming primary memory analysis
- DCollecting operational system logs and storage disk data
Unlock CAS-005 to see the answer
You've previewed enough free CAS-005 questions. Unlock CAS-005 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.