CompTIA Security+ (SY0-701) — Question 110

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following actions would most likely give the security analyst the information required?

Answer options

• A. Obtain the file's SHA-256 hash.
• B. Use hexdump on the file's contents.
• C. Check endpoint logs.
• D. Query the file's metadata.

Correct answer: D

Explanation

Querying the file's metadata will typically reveal information such as the creation date and the creator of the file, making it the most direct method to obtain the required details. In contrast, obtaining the SHA-256 hash does not provide any contextual information about the file, using hexdump only reveals raw data without metadata, and checking endpoint logs may not specifically track file creation details.