CompTIA Security+ SY0-601 – Question160

Which of the following would be the BEST way to analyze diskless malware that has infected a VDI?


A.
Shut down the VDI and copy off the event logs.
B. Take a memory snapshot of the running system.
C. Use NetFlow to identify command-and-control IPs.
D. Run a full on-demand scan of the root volume.

Correct Answer: B