Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam CS0-002 topic 1 question 50 discussion

Actual exam question from CompTIA's CS0-002
Question #: 50
Topic #: 1
[All CS0-002 Questions]

An incident responder successfully acquired application binaries off a mobile device for later forensic analysis.
Which of the following should the analyst do NEXT?

  • A. Decompile each binary to derive the source code.
  • B. Perform a factory reset on the affected mobile device.
  • C. Compute SHA-256 hashes for each binary.
  • D. Encrypt the binaries using an authenticated AES-256 mode of operation.
  • E. Inspect the permissions manifests within each application.
Show Suggested Answer Hide Answer

Suggested Answer: D

Comments

elfaz
Highly Voted 3 months ago
C. SHA-256 (Also known as SHA-2) would create a hash of the binaries and allow you to establish integrity over the biniaries.
upvoted 6 times
Agree on C. Always make a hash of the data you copy for forensics.
upvoted 5 times
who__cares123456789___
2 weeks, 2 days ago
Agree!, Second step would be to de-compile.I jumped on that til I read your comments, then felt like an idiot lol lol
upvoted 1 times
...
...
...
somsom
Most Recent 1 month, 2 weeks ago
the answer is C hashing
upvoted 4 times
...
Obi_Wan_Jacoby
2 months, 3 weeks ago
I also agree with answer C. As hashing is mentioned specifically to be often used to validate binaries and other application related files to detect changes in the binaries.
upvoted 4 times
...
btoopalow
2 months, 4 weeks ago
Gotta be C
upvoted 3 times
...

SaveCancel