What is the first place to check if you believe your system has been hacked?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Certified Ethical Hacker (CEH) Exam. Use flashcards and multiple-choice questions with hints and explanations. Enhance your cyber security knowledge and get ready for the exam!

Multiple Choice

What is the first place to check if you believe your system has been hacked?

Explanation:
When you suspect a hack, the first place to check is the system log files. Logs capture what happened on the system: who logged in, from where, and when; which accounts were created or changed; which services started or stopped; and what network connections or processes appeared. This gives you a timeline of events and concrete evidence of any suspicious activity, helping you identify if an intrusion occurred and where to focus your investigation. BIOS/UEFI settings could reveal a highly sophisticated firmware compromise, but such changes are less common and require specialized analysis; they’re not the typical starting point for initial triage. Documents and USB drives might be involved in an attack, but they don’t provide the immediate, system-wide evidence of compromise that logs do, so they aren’t the best first check.

When you suspect a hack, the first place to check is the system log files. Logs capture what happened on the system: who logged in, from where, and when; which accounts were created or changed; which services started or stopped; and what network connections or processes appeared. This gives you a timeline of events and concrete evidence of any suspicious activity, helping you identify if an intrusion occurred and where to focus your investigation.

BIOS/UEFI settings could reveal a highly sophisticated firmware compromise, but such changes are less common and require specialized analysis; they’re not the typical starting point for initial triage. Documents and USB drives might be involved in an attack, but they don’t provide the immediate, system-wide evidence of compromise that logs do, so they aren’t the best first check.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy