Exam SY0-601 topic 1 question 444 discussion

CHANGING MY ANSWER TO B The best option to review first would be the system log. The system log contains information about the system's activities and can provide insight into what happened on the compromised host before it shut down. This log may contain information such as error messages, system events, and warnings that can help the analyst determine the cause of the issue and the extent of the compromise. The dump file may also contain useful information, but it would typically be reviewed after the system log. The web application log and security log may be relevant, but they are less likely to provide the initial insights needed to determine the cause of the compromise. My friend is a pen tester and he also agrees that it is B

If the system shuts down directly after the infection, a dump file may not be generated, as it is typically created during a crash or error. If a dump file exists, it can provide detailed information about the system's memory state, but it may not be available after a shutdown.

I think the key word here is FIRST, so I select B.

A dump file, also known as a crash dump or memory dump, contains information about the state of the system at the time of a system crash or error.

the computer is swtiched off with a malware. do u think its a good idea to switch back on. or just get into the hard drive and grab the dump file to get an idea of the malware. unless its not encrypted(well still can have access if you have a os encyption key.. ) you als0 can view the system logs offline though.... hmmmmm.

A dump file, also known as a memory dump or crash dump, contains a snapshot of the system memory at the time of a crash or error. Analyzing the dump file can provide valuable information about the state of the system, including details about the error that occurred, which can help in understanding the nature of the compromise and identifying the malware responsible for the incident.

When a computer crashes and displays an error screen (often referred to as a ‘Blue Screen of Death’ in Windows systems), it usually creates a dump file. This file contains information about what the system was doing at the time of the crash.

From the All in One Sec+ exam Guide, Dump files are copies of what was in memory at a point in time—typically a point when some failure occurred. Dump files can be created by the operating system (OS) when the OS crashes, and these files can be analyzed to determine the cause of the crash. System Logs: The decision to log has to happen before an event occurs; in other words, you can’t go back and have a do-over if you fail to log a crucial piece of evidence. I have no experience in the field but from the context of the text, I'd say it's Dump

Even though I think B is the right answer, exam objectives don't cover system logs and do include dump files. Therefore, A is right, but based on exam objectives, B is the correct answer.

Going to go with Dump File. They stated an error message appeared on the screen and the computer shut down. While the system logs will have that, I feel like this is the answer CompTIA wants. Sticking with A for the exam.

Dump File First, after system log.

Answer is B While potentially valuable, dump files usually capture the state of the system memory at a specific point in time, often related to a crash or bug. In this case, the shutdown might not have triggered a dump, and even if it did, it might not directly correlate to the initial malware infection.

A Dump file is a file that contains the state of the memory and the processor registers at the time of a system crash or error. This way a security analyst determine the details of the malware itself

DUMP FILE They are already reviewing the other logs.

A dump file, also known as a core dump or memory dump, contains a snapshot of the memory at the time of a system crash or error. Analyzing the dump file can provide insights into the state of the system leading up to the crash, including details about the malware or any other issues that may have caused the error. Dump files are particularly useful for post-incident analysis and debugging.

B. Because the question states "reviewing a computer logs" and a dump file is not a log.

D. Security log