A suspicious laptop is found in a datacenter. The laptop is on and processing data, although
there is no application open on the screen. Which of the following BEST describes a Windows tool and technique that an investigator should use to analyze the laptop's RAM for working applications?
A. Net start and Network analysis
B. Regedit and Registry analysis
C. Task manager and Application analysis
D. Volatility and Memory analysis
Answer: B
A DMZ web server has been compromised. During the log review, the incident responder wants
to parse all common internal Class A addresses from the log. Which of the following commands should the responder use to accomplish this?
A. grep -x"(10.[0-9]+.[0-9]+.[0-9]+)" etc/rc.d/apache2/access.log I output.txt
B. grep -x"(192.168.[0.9]+[0-9])" bin/apache2/access.log I output.txt
C. grep -v"(10.[0-9]+.[0-9]+.[0-9]+)" /var/log/apache2/access.log > output.txt
D. grep -v"(192.168.[0.9]+[0-9]+)" /var/log/apache2/access.log > output.txt
Answer: C
