GIAC
GCFA · Question #17
GCFA Question #17: Real Exam Question with Answer & Explanation
Sign in or unlock GCFA to reveal the answer and full explanation for question #17. The question stem and answer options stay visible for context.
Question
Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?
Options
- AVolatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
- BVolatile data, file slack, registry, system state backup, internet traces, file system, memory dumps
- CVolatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
- DVolatile data, file slack, file system, registry, memory dumps, system state backup, internet traces
Unlock GCFA to see the answer
You've previewed enough free GCFA questions. Unlock GCFA for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.