SANS 500 ACTUAL EXAM NEWEST 2026 COMPLETE 200
QUESTIONS AND CORRECT DETAILED ANSWERS (VERIFIED
ANSWERS) |ALREADY GRADED A+||BRAND NEW
VERSION!!
Image Mounting
The benefit to mounting images is that it is seen as a mounted filesystem, so you
can
interact with files with their native or associated application, run antivirus and
malware detection, share with remote computers, and copy files out of the
image. It is also
forensically sound.
Index.dat
Prior to IE10, index.dat files were used to store metadata for browser history,
cache, cookies, and download history.
Journaling
A filesystem function that makes use of a log file to track changes to the
metadata to track the state and integrity of the filesystem at all times.
Jumplist
Allows users to jump to items they frequent. These are the icons you see if you
right click on an app in the taskbar. Provides another location to verify the
opening and/or creation of non-executable files. Helps identify
wiped/deleted files had existed at one point.
,LastVisitedMRU
Tracks the specific executable used by an application to open the files
documented in the OpenSaveMRU key. Each value also tracks the directory
location for the last file that was accessed by that application. This is how
OpenSave dialog box shows where you last opened a file from.
Layout.ini
Contains the original path names of the files located in the Prefetch
Local Security Authority Subsystem Service (LSASS)
Responsible for enforcing the security policy on the system
Low (Low Folder)
A duplicate set of directories is necessary to store files form unprivileged use,
since not all activities using the browser are unprivileged. Most of our internet
usage should be found in the low folders.
Mail Transfer Agent (MTA)
Formal name for mail server software
Extended MAPI Headers
Core component of Exchange and Outlook messaging architecture. Significantly
increases email header properties by adding additional timestamps, unique
identifiers, and information on actions taken on the message itself.
,Master Boot Record (MBR)
The first sector on a hard drive, which contains the partition table and a
program the BIOS uses to boot an OS from the drive.
Memory Aquisition
Necessary to acquire volatile data. Without a memory image, there is a little
chance to bypass whole disk encryption. This is where a massive amount of
useful user-attributed data lives. You can find running processes, open files,
encryption keys and passwords, network connections, configuration
parameters, and memory-only exploits / rootkits.
Message Tracing
Log recording a wealth of details about sent and received messages in the
organization.
Message-ID
Provided by the originating mail server and consists of a unique ID appended
to the server name with an @ symbol. Similar to a tracking number.
, Master File Table (MFT)
NTFS uses this database to store a link to files. It contains information about
access rights, date and time stamps, system attributes, and other information
about files. Makes up the first section of the disk.
MFU
Closely associated with MRU.
MIME
End-to-End protocol and enables users to digitally sign and encrypt messages.
Most common type of encryption encountered in emails. Typically encodes email
attachments too.
Mobile Email
Many smartphones are synced to a corporate mail server and maintain only
copies of emails. The device could have messages on it that would be
difficult to get elsewhere. Consider MDM as well.
Modern Standby (MS)
Makes computers operate more like mobile devices by delivering low-
power consumption and enables low-power communications (Wi-Fi, mobile
broadband, and Ethernet) to receive essential communication while reducing
the time for the computer to wake and be fully operational. This extends the
life of RAM information beyond
reboot and even extended powered-off states because RAM is being saved to the
hibernation file. Improves upon Connected Standby.
QUESTIONS AND CORRECT DETAILED ANSWERS (VERIFIED
ANSWERS) |ALREADY GRADED A+||BRAND NEW
VERSION!!
Image Mounting
The benefit to mounting images is that it is seen as a mounted filesystem, so you
can
interact with files with their native or associated application, run antivirus and
malware detection, share with remote computers, and copy files out of the
image. It is also
forensically sound.
Index.dat
Prior to IE10, index.dat files were used to store metadata for browser history,
cache, cookies, and download history.
Journaling
A filesystem function that makes use of a log file to track changes to the
metadata to track the state and integrity of the filesystem at all times.
Jumplist
Allows users to jump to items they frequent. These are the icons you see if you
right click on an app in the taskbar. Provides another location to verify the
opening and/or creation of non-executable files. Helps identify
wiped/deleted files had existed at one point.
,LastVisitedMRU
Tracks the specific executable used by an application to open the files
documented in the OpenSaveMRU key. Each value also tracks the directory
location for the last file that was accessed by that application. This is how
OpenSave dialog box shows where you last opened a file from.
Layout.ini
Contains the original path names of the files located in the Prefetch
Local Security Authority Subsystem Service (LSASS)
Responsible for enforcing the security policy on the system
Low (Low Folder)
A duplicate set of directories is necessary to store files form unprivileged use,
since not all activities using the browser are unprivileged. Most of our internet
usage should be found in the low folders.
Mail Transfer Agent (MTA)
Formal name for mail server software
Extended MAPI Headers
Core component of Exchange and Outlook messaging architecture. Significantly
increases email header properties by adding additional timestamps, unique
identifiers, and information on actions taken on the message itself.
,Master Boot Record (MBR)
The first sector on a hard drive, which contains the partition table and a
program the BIOS uses to boot an OS from the drive.
Memory Aquisition
Necessary to acquire volatile data. Without a memory image, there is a little
chance to bypass whole disk encryption. This is where a massive amount of
useful user-attributed data lives. You can find running processes, open files,
encryption keys and passwords, network connections, configuration
parameters, and memory-only exploits / rootkits.
Message Tracing
Log recording a wealth of details about sent and received messages in the
organization.
Message-ID
Provided by the originating mail server and consists of a unique ID appended
to the server name with an @ symbol. Similar to a tracking number.
, Master File Table (MFT)
NTFS uses this database to store a link to files. It contains information about
access rights, date and time stamps, system attributes, and other information
about files. Makes up the first section of the disk.
MFU
Closely associated with MRU.
MIME
End-to-End protocol and enables users to digitally sign and encrypt messages.
Most common type of encryption encountered in emails. Typically encodes email
attachments too.
Mobile Email
Many smartphones are synced to a corporate mail server and maintain only
copies of emails. The device could have messages on it that would be
difficult to get elsewhere. Consider MDM as well.
Modern Standby (MS)
Makes computers operate more like mobile devices by delivering low-
power consumption and enables low-power communications (Wi-Fi, mobile
broadband, and Ethernet) to receive essential communication while reducing
the time for the computer to wake and be fully operational. This extends the
life of RAM information beyond
reboot and even extended powered-off states because RAM is being saved to the
hibernation file. Improves upon Connected Standby.
