NCAE Mapping Hub
Overview Scoreboard Data Roles Exercised Checklists Lessons Skill Drills Practice Terminal Progress
scenario hard Analyze integrity 2 points

Question 45. CSCD240-E1-C

Verify /opt/ids/analyze has not been silently replaced — which find predicate and which file-metadata command (no crypto)?

Work the drill

Answer on paper or in a terminal before revealing the ideal answer.

Ideal answer
find with -newer (or -mtime) against a trusted reference timestamp AND stat for inode/ctime/mtime. Together: compare current stat output to baseline recorded at install.

Misconception bank

Each row below is a plausible wrong answer, the thinking that produces it, and the remedy that corrects the misconception. These are the foundation of the multiple-choice framing and the targeted feedback a student receives after answering.

sha256sum
Misconception. Question excluded crypto hashes.
Remedy. Re-read constraint.

Authority mappings

Hover any chip for the mapping justification; click to open the authority record.

DCWF roles: EN-211 Forensics Analyst
DCWF tasks: T0447
KU outcomes: CO-O5-O2