> Zaidisc2 (Viewer) posted a new topic in Member Support on 11-13-2018 12:50 PM in
> Dears, Am.studying the Cisco official practice test preparing to my exam
Uhhh, Cisco?
> Questions number 71
> which is as the following: As part of his incident response process ,charles
> securely wipes the drive of compromised machine and reinstall the operating
> system from original media .once the is done, he patches the machine fully and
> applies his organization security templates before re connecting the system to
> the network. almost immediately after the system is returned to service,he
> discovers that it has reconnected to the same botnet it was part of before.
> Where should Charles look for malware that is.causing this.behaviour.
> A.THE
> operating systems partition
I think the reason this is not considered correct is because of the assumption that
the OS is more likely to be protected by the vendor or developer. (As an old
malware researcher, I'm not sure this is a completely safe assumption, but, in
relative terms, I'd probably agree.)
> B.THE BIOS or FIRMWARE
While there have been malware entities that have gone after the BIOS or
firmware, they are relatively rare or specialized.
> C.THE SYSTEM MEMORY
While there are "fileless" malware items, they are, again, relatively rare.
> D.THE
> installation media.
Given the assertion that the system shows the aberrant behaviour immediately
after restoration, I would agree that this is the most likely source of the infection,
or, at least, the first place to check.
> I choose B and I think B should be the correct answer, but
> in the answers page I found.THE answer was D. I checked Wiley.com and I found
> that the correct answer is B. Can you please confirm the correct answers to be
> sure
Wiley? OK, I assume that you have some kind of study guide from Wiley.
At any rate, I would rate this as a rather poor question. It is of the "four wrong
answers: which is least bad" type, and you will find those on the exam. And there
is a justification for the choice of D. But the margin between correct and
incorrect on this one is pretty close.
====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Each little fault of temper and each social defect
In my erring fellow-creatures, I endeavour to correct.
To all their little weaknesses I open people's eyes;
And little plans to snub the self-sufficient I devise;
I love my fellow-creatures - I do all the good I can -
Yet everybody says I'm such a disagreeable man!
And I can't think why! - King Gama, `Princess Ida'
victoria.tc.ca/techrev/rms.htm
http://twitter.com/rsladehttp://blogs.securiteam.com/index.php/archives/author/p1/https://is.gd/RotlWB
............
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
