100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
SANS 500 Questions And Answers With Verified Study Solutions $13.99   Add to cart

Exam (elaborations)

SANS 500 Questions And Answers With Verified Study Solutions

 2 views  0 purchase
  • Course
  • SANS 500
  • Institution
  • SANS 500

SANS 500 Questions And Answers With Verified Study Solutions

Preview 3 out of 19  pages

  • November 7, 2024
  • 19
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • sans 500
  • SANS 500
  • SANS 500
avatar-seller
Labtech
SANS 500 Questions And Answers With Verified
Study Solutions
Alternate Data Streams (ADS) ANS Alternative content for a file that exists by creating
additional data pointers within the same NTFS file. Basically the presence of a second or subsequent
data stream. Zone. Identifier is an example of an ADS.



AMCACHE.HVE ANS Utilized for the internal application compatibility capability that allows
for Windows to run older executables found from earlier iterations of their OS.



AppCompatCache ANS Tracks the executable file's last modification date, file path, and if it was
executed. Windows looks at this key to figure out if a program needs shimming for compatibility.



App Data Folder ANS Contains custom settings and other information needed by applications.
Contains your Local, LocalLow, Roaming folders. For example, Web browser bookmarks and cache.



AppID ANS Each application has a unique id, but they are not unique to the system. Used to
ensure that the application's preferences are not going to conflict with similar applications. Used in
jumplists, in both Custom and Automatic.



Application Log ANS Records events logged by applications. ex: failure of MS SQL to access a
database



Audit Removable Storage ANS Logs every interaction with removable device by user.



Automatic Destinations ANS Contains a list of application sorted by AppID. Can be used to map
the history of the application from its first use.



Autostart ANS Lists the programs that run at system boot. Useful to find malware on a machine
that installs on boot, such as a rootkit.

,Background Activity Monitor (BAM) ANS This key is used in conjunction with the DAM key to
record the path of the executable and the last date/time executed.



BagMRU ANS Based on the keys that are here, you can tell which directories were
opened/closed during a time period.



Bookmarks ANS Created by the user and are shortcuts to websites that are frequently visited or
saved for later. They can also contain user account, URL, URL parameters, page title, creation date,
and last used date.



Browser Forensics ANS History files, browser cache, and cookies make up the bulk of browser
artifacts. You can find the websites a user visited and how many times they visited and when, saved
websites, downloaded files, usernames, and what the user searched for.



BSSID ANS (Basic Service Set ID) the MAC address of a base station, used to identify it to host
stations.



Compliance Search ANS Powershell cmdlet used for eDiscovery for nearly any kind of search.



Connected Standby ANS In Windows 8, systems with a SSD could take advantage of this new
low-power mode. Was expanded upon in Windows 10 with Modern Standby.



CurrentControlSet ANS Identifies which control set is considered the Current one. Contains
system config settings needed to control system boot, like the driver and service information.
ControlSet001 is typically the set you just booted into the computer with. It is usually the most up to
date. ControlSet002 is the "Last Known Good" version, if something drastic happened.



Custom Destinations ANS Created by each application and there is custom. Intended to present
content that the application has deemed significant based on either previous usage of the app or
through an action that has indicated that an item is of importance to the user.

, Data Stream Carving ANS The carving of small fragments of a file, not the whole file. Fragments
can be pulled from memory, unallocated space, and allocated database files. Ex: URLs, chat sessions,
emails, encryption keys,...



DEAD System - Memory Acquisition ANS You can analysis the hiberfil.sys by copying it from
the root of the system drive. memory.dmp is a crash dump file that can also be used if a full crash
dump was taken. pagefile.sys is not a complete copy of RAM, but can still provide parts of memory
that were paged out to disk.



Desktop Activity Monitor (DAM) ANS Used in conjunction with the BAM key to record the
path of the executable and the last date/time executed. The DAM is present on system that have
Connected Standby present.



DOMStore ANS This is where Web Store files are stored in IE/Edge. Set up in a similar fashion
to cache. WebCacheV*.dat file manages the DOMStore filenames and the owning sites. It includes
creation and last access timestamps for Web Storage artifacts.



Exchange Database (EDB) ANS Container for user Microsoft Exchange mailboxes. Stored in
ESE format.



Email Header ANS Required component. Provides the envelope that a message relies on for
getting it to the destination. Only completely reliable information from the Mail Transfer Agent that
you own or trust.



EMDMgmt ANS Traditionally used for ReadyBoost to remember whether it passed inspection.
Each key in it provides the USB device manufacturer, ID, Serial Number, Volume Name, and Volume
Serial Number.



ESE Database ANS A proprietary Microsoft database format. Can be broken up into multiple
storage groups, each able to contain multiple database files.



Exif Data ANS Also called metadata, this is information electronically attached to each image
file, such as shutter speed, aperture, ISO, lens length, white balance, and other settings used when
taking the picture.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Labtech. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79223 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.99
  • (0)
  Add to cart