CompTIA Security+ (SY0-601) — Question 236

A malicious actor recently penetrated a company's network and moved laterally to the data center. Upon investigation, a forensics firm wants to know what was in the memory on the compromised server. Which of the following files should be given to the forensics firm?

Answer options

• A. Security
• B. Application
• C. Dump
• D. Syslog

Correct answer: C

Explanation

The correct answer is C, as a memory dump file contains a snapshot of the server's memory at a specific point in time, which is crucial for forensic analysis. The other options, such as Security, Application, and Syslog files, do not provide the same level of detail about the server's memory state.