nerdexam
GIAC

GCFE · Question #108

GCFE Question #108: Real Exam Question with Answer & Explanation

The correct answer is A. Analyze server log files B. Compare hash values of critical files E. Examine USB device connection logs. See the full explanation below for the reasoning.

Question

You are investigating a case of data theft from a corporate server. The suspect accessed the server using a shared account. Which forensic techniques should you use to prove the suspect's involvement? (Choose three)

Options

  • AAnalyze server log files
  • BCompare hash values of critical files
  • CReview NTFS permissions on the server
  • DTrack software installation times
  • EExamine USB device connection logs

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCFE Practice