GIAC
GCIA · Question #361
GCIA Question #361: Real Exam Question with Answer & Explanation
Sign in or unlock GCIA to reveal the answer and full explanation for question #361. The question stem and answer options stay visible for context.
Question
Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?
Options
- AVolatile data, file slack, registry, memory dumps, file system, system state backup, interne t traces
- BVolatile data, file slack, file system, registry, memory dumps, system state backup, interne t traces
- CVolatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
- DVolatile data, file slack, registry, system state backup, internet traces, file system, memory dumps
Unlock GCIA to see the answer
You've previewed enough free GCIA questions. Unlock GCIA for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.