What determines the source, nature, and time of an attack on a compromised system?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

What determines the source, nature, and time of an attack on a compromised system?

Explanation:
Analyzing log files is how you uncover where an attack came from, what was done, and when it happened. Logs from the operating system, applications, security tools, and network devices record events with timestamps, user accounts, and the sources of access. By inspecting these entries, you can identify the origin of the intrusion—such as a specific IP address or remote host—and trace the path the attacker took, including failed logins, unusual privilege escalations, new user creation, and unusual file access or data transfers. The sequence and timing of these events across different systems let you reconstruct a timeline of the attack, showing both the nature of the intrusion (for example, brute-force attempts, malware installation, or lateral movement) and the exact moments actions occurred. Other options don’t provide this combination of source, action type, and timing. The SAM file stores local account credentials and password hashes, useful for password-related investigations but not for detailing how an attack unfolded on a compromised system. Rainbow tables are a tool for reversing password hashes and don’t describe attack activity or timing. Hard disk boot records pertain to the system’s startup sequence and won’t reliably reveal post-compromise activity or timelines.

Analyzing log files is how you uncover where an attack came from, what was done, and when it happened. Logs from the operating system, applications, security tools, and network devices record events with timestamps, user accounts, and the sources of access. By inspecting these entries, you can identify the origin of the intrusion—such as a specific IP address or remote host—and trace the path the attacker took, including failed logins, unusual privilege escalations, new user creation, and unusual file access or data transfers. The sequence and timing of these events across different systems let you reconstruct a timeline of the attack, showing both the nature of the intrusion (for example, brute-force attempts, malware installation, or lateral movement) and the exact moments actions occurred.

Other options don’t provide this combination of source, action type, and timing. The SAM file stores local account credentials and password hashes, useful for password-related investigations but not for detailing how an attack unfolded on a compromised system. Rainbow tables are a tool for reversing password hashes and don’t describe attack activity or timing. Hard disk boot records pertain to the system’s startup sequence and won’t reliably reveal post-compromise activity or timelines.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy