As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82). The system drive is very large but does not contain the sensitive data. The technician has limited time to complete this task. Which of the following is the BEST command for the technician to run? A. tar cvf - / | ssh 192.168.45.82 ג€cat - > /images/image.tarג€ B. dd if=/dev/mem | scp - 192.168.45.82:/images/image.dd C. memdump /dev/sda1 | nc 192.168.45.82 3000 D. dd if=/dev/sda | nc 192.168.45.82 3000  Suggested Answer: D This question is in CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam For getting CompTIA Advanced Security Practitioner (CASP+) Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by CompTIA. Trademarks, certification & product names are used for reference only and belong to CompTIA. The website does not contain actual questions and answers from CompTIA's Certification Exams.
Please login or Register to submit your answer
