312-49v10 Exam - Question 177

A. Security Administrator

The phrase or role "security administrator" does not occur in the official CHFI v10 manual. Network, systems, and windows are the only examples. Network Administrator is the best answer here.

The other options are not directly responsible for incident response and security: B. Network Administrator: Focuses on maintaining and managing network infrastructure C. Director of Information Technology: Oversees the overall IT strategy and direction D. Director of Administration: Typically responsible for non-technical administrative tasks

The correct answer is A. Security Administrator. The Security Administrator is typically responsible for handling computer-related incidents and ensuring the security of the organization's IT systems. Their duties include: Recovery: Restoring systems and data after an incident Containment: Isolating affected systems to prevent further damage Prevention: Implementing measures to prevent similar incidents from occurring in the future The Security Administrator plays a critical role in incident response and is responsible for communicating with constituents, such as users, management, and stakeholders, to ensure they are informed and protected.

The correct answer is C. Copy the running memory to a file. The command dd if=/dev/mem of=/home/sam/mem.bin bs=1024 copies the contents of the system's memory (RAM) to a file named mem.bin in the /home/sam directory. Here's a breakdown of the command: dd: a command that converts and copies data if: input file (in this case, /dev/mem, which represents the system's memory) of: output file (the file where the memory contents will be saved, /home/sam/mem.bin) bs: block size (set to 1024 bytes, which determines the amount of data copied at a time) By copying the memory contents to a file, this command can be used for memory analysis, debugging, or forensics purposes.

sorry wrong question ignore my previous post on memory file