Exam4Training

Which of the following initial actions and tools would provide the BEST approach to determining what is happening?

Ann, a user, reports to the security team that her browser began redirecting her to random sites while using her Windows laptop. Ann further reports that the OS shows the C: drive is out of space despite having plenty of space recently. Ann claims she not downloaded anything.

The security team obtains the laptop and begins to investigate, noting the following:

✑ File access auditing is turned off.

✑ When clearing up disk space to make the laptop functional, files that appear to be cached web pages are immediately created in a temporary directory, filling up the available drive space.

✑ All processes running appear to be legitimate processes for this user and machine.

✑ Network traffic spikes when the space is cleared on the laptop.

✑ No browser is open.

Which of the following initial actions and tools would provide the BEST approach to determining what is happening?
A . Delete the temporary files, run an Nmap scan, and utilize Burp Suite.
B . Disable the network connection, check Sysinternals Process Explorer, and review netstat output.
C . Perform a hard power down of the laptop, take a dd image, and analyze with FT
E . Review logins to the laptop, search Windows Event Viewer, and review Wireshark captures.

Answer: B

Latest CS0-002 Dumps Valid Version with 220 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version