An attacker disables Windows functionality such as last access timestamp, hibernation, virtual memory, system restore points, etc. to cover tracks. Which action is described?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

An attacker disables Windows functionality such as last access timestamp, hibernation, virtual memory, system restore points, etc. to cover tracks. Which action is described?

Explanation:
Disabling Windows functionality is the best fit because the attacker is not just deleting logs or turning auditing off; they are turning off parts of the operating system that can produce or preserve evidence. Features like last access timestamps determine when a file was read, hibernation saves the system’s memory state, virtual memory handles paging data, and system restore points capture snapshots of the system. If these are disabled, traces are less likely to be left behind and it becomes harder for investigators to reconstruct actions. Clearing logs would only affect log files, and disabling auditing is a narrower tactic focused on logs rather than the broader set of evidentiary controls being turned off. By targeting multiple functionalities, the attacker aims to reduce available traces, which fits the idea of disabling Windows functionality.

Disabling Windows functionality is the best fit because the attacker is not just deleting logs or turning auditing off; they are turning off parts of the operating system that can produce or preserve evidence. Features like last access timestamps determine when a file was read, hibernation saves the system’s memory state, virtual memory handles paging data, and system restore points capture snapshots of the system. If these are disabled, traces are less likely to be left behind and it becomes harder for investigators to reconstruct actions. Clearing logs would only affect log files, and disabling auditing is a narrower tactic focused on logs rather than the broader set of evidentiary controls being turned off. By targeting multiple functionalities, the attacker aims to reduce available traces, which fits the idea of disabling Windows functionality.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy