ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 370 discussion

Actual exam question from CompTIA's CS0-002
Question #: 370
Topic #: 1
[All CS0-002 Questions]

A security analyst is investigating a malware infection that occurred on a Windows system. The system was not connected to a network and had no wireless capability. Company policy prohibits using portable media or mobile storage. The security analyst is trying to determine which user caused the malware to get onto the system. Which of the following registry keys would most likely have this information?

  • A. HKEY_USERS\\Software\Microsoft\Windows\CurrentVersion\Run
  • B. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • C. HKEY_USERS\\Software\Microsoft\Windows\explorer\MountPoints2
  • D. HKEY_USERS\\Software\Microsoft\Internet Explorer\Typed URLs
  • E. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\iusb3hub
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by kiduuu at May 3, 2023, 6:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Dutch012
Highly Voted 1 year, 10 months ago
How does CompTIA expect us to know this, fuk them
upvoted 29 times
...
kiduuu
Highly Voted 1 year, 11 months ago
Selected Answer: B
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion contains a list of programs that are automatically executed when the system starts up. These programs are launched regardless of the user who logs into the system. If malware was installed on the system and set to execute automatically at startup, it would be listed in this registry key.
upvoted 6 times
...
TheStudiousPeepz
Most Recent 1 year, 4 months ago
Selected Answer C: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\MOUNTPOINTS2: This key will hold information that states which user was logged into Windows® when a specific USB device was connected.
upvoted 1 times
...
FarhadFaiz
1 year, 4 months ago
Selected Answer: C
Going with C here. The question states "Company policy prohibits"... meaning Users are not allowed to connected USB/external media. The question does not state that there is a policy that "blocks" usb/external media. The HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 registry key is used to store information about volumes and devices that have been mounted or accessed by the user. It is related to the auto-play functionality in Windows and contains information about drives, storage devices, and volumes that have been connected or accessed.
upvoted 2 times
...
skibby16
1 year, 6 months ago
Selected Answer: E
he registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\iusb3hub" is the most likely location where information related to the insertion or use of USB devices, including portable media, might be recorded. This key is related to event logging in the Windows system, specifically in the "System" event log.
upvoted 1 times
...
kmordalv
1 year, 8 months ago
Selected Answer: B
I am surprised by the two symbols "\" that appear in options A, C and D. I think that in these options the branch "<user ID>" has been omitted by mistake (in other dumps I have been able to see the mentioned branch). If this branch is really missing, the correct option would be A as it would allow to know which user carried out the infection. Now, if the "<user ID>" should not appear and the two symbols "\" have been put to confuse, then, the correct answer would be B This is a crazy question
upvoted 1 times
...
ProNerd
1 year, 8 months ago
Selected Answer: C
from prior question
upvoted 1 times
...
Dany_Suarez
1 year, 10 months ago
Selected Answer: C
anwer: C
upvoted 1 times
...
yanyan20
1 year, 11 months ago
Selected Answer: C
duplicate
upvoted 1 times
...
CyberCEH
1 year, 11 months ago
Answer A
upvoted 1 times
simpfemboy
1 year, 6 months ago
can you please explain?
upvoted 1 times
...
...
Hershey2025
1 year, 11 months ago
A and B are out. The rest don't see to provide the user information. The question is asking to identify the user.
upvoted 1 times
Hershey2025
1 year, 8 months ago
Answer is A
upvoted 1 times
...
...
ZUL01
1 year, 11 months ago
Selected Answer: C
https://www.examtopics.com/discussions/comptia/view/46829-exam-cs0-002-topic-1-question-126-discussion/
upvoted 2 times
...
JDMaxellExam
1 year, 11 months ago
Selected Answer: B
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago