CompTIA Security+ (SY0-501) — Question 596

A malicious actor recently penetrated a company's network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know what was in the memory on the compromised server. Which of the following files should be given to the forensics firm?

Answer options

• A. Security
• B. Application
• C. Dump
• D. Syslog

Correct answer: C

Explanation

The correct file to provide is the Dump, as it contains a snapshot of the server's memory, which is crucial for forensic analysis. The other options, such as Security, Application, and Syslog, do not contain the memory data needed for this type of investigation.