Exam SY0-601 topic 1 question 487 discussion

I passed as well.... these questions do help tremendously. Study them. Know why the right answers are the right ones and why the wrong answers are wrong and you'll do well. My test was about 50% new questions and 50% from here. ALL of the questions where the discussion group had split views of what the correct answer was were on my test. So were all of the simulation questions and a couple new ones. I had 6 simulation questions with 76 questions in total. I also recommend memorizing everything on the SYO-601 exam objectives document that CompTIA puts out. Good luck to each of you!

So I passed my exam today! These questions are brilliant for helping with your study, however.... don't rely on them being in the exam. They do pop up on the exam, but the majority (70%) were questions I'd not seen before. So happy I paid for the whole question set on here though. Examtopics is the perfect place to aid your study plan 👌🏼

C. Image volatile memory

I take the exam in 2 hours. LETS DO THIS

The digital forensics team needs to extract the malware binary from memory as it was never written to disk, so the option C "Image volatile memory" would be the best choice. By creating a memory dump, the team can analyze the memory content, including the malicious code, and extract the malware binary for further analysis and investigation. The other options, such as pcap reassembly, SSD snapshot, and extract from checksums, would not be effective in this scenario as they do not address the issue of extracting the malware binary from memory.

If malicious code was downloaded over an HTTPS connection and was running in memory but was never committed to disk, the digital forensics team should use the technique of C. Imaging volatile memory to obtain a sample of the malware binary. Imaging volatile memory involves capturing a snapshot of the system’s RAM, which can contain evidence of running processes and data that has not been saved to disk. By analyzing the memory image, the team can extract a sample of the malware binary for further analysis.

The digital forensics team should use the technique of "Image volatile memory" to obtain a sample of the malware binary. This technique involves creating a memory dump of the system's RAM, which can then be analyzed to extract the malware binary.

-C is correct In this scenario, the malicious code was downloaded over an HTTPS connection and was running in memory but was never saved to disk. Therefore, the digital forensics team should use a technique to obtain a sample of the malware binary from volatile memory. The process of capturing an image of volatile memory is known as memory forensics, and it involves creating a snapshot of the system's volatile memory to analyze the data held in RAM. By analyzing the data stored in memory, the digital forensics team can locate the malicious code and obtain a sample of the malware binary. Option A, pcap reassembly, involves reassembling network traffic captured in a pcap file. Option B, SSD snapshot, is not relevant in this scenario since the malware was never committed to disk. Option D, extract from checksums, is not a valid technique for obtaining a sample of a malware binary.