5 replies to this topic

[netsurfer802]

I'm studying for the Security+ exam and in my study material noticed that one of the questions and answers I have says:


In which of the following locations would a forensic analyst look to find a hooked process?
A. BIOS
B. Slack space
C. RAM
D. Rootkit

Answer: A

Yet when I tried to look information about a hooked process I came up with the follow--see link below--so which is right?


http://wiki.answers...._hooked_process

[primexx]

RAM. none of the other choices even potentially make sense.

[Intrinsica]

netsurfer802, on 26 December 2012 - 00:05, said:

In which of the following locations would a forensic analyst look to find a hooked process?
A. BIOS
B. Slack space
C. RAM
D. Rootkit

Answer: A

Wait, is that answer from the book, or is that your assumption?

RAM is definitely the answer. If the book is telling you differently, you might want to contact your professor (if you have one) to get him to let others know that there is an error.

[ChuckFinley]

Yeah I dont even know why they put "Slack Space" in there. You could have rootkit because the Rootkit might be the one doing the hooking perhaps.

[primexx]

ChuckFinley, on 26 December 2012 - 13:11, said:

Yeah I dont even know why they put "Slack Space" in there. You could have rootkit because the Rootkit might be the one doing the hooking perhaps.

a rootkit is a thing, not a location

[nik louch]

Ram is the only answer that makes any kind of sense!