ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 315 discussion

Actual exam question from CompTIA's CS0-003
Question #: 315
Topic #: 1
[All CS0-003 Questions]

A list of IoCs released by a government security organization contains the SHA-256 hash for a Microsoft-signed legitimate binary, svchost.exe. Which of the following best describes the result if security teams add this indicator to their detection signatures?

  • A. This indicator would fire on the majority of Windows devices.
  • B. Malicious files with a matching hash would be detected.
  • C. Security teams would detect rogue svchost.exe processes in their environment.
  • D. Security teams would detect event entries detailing execution of known-malicious svchost.exe processes.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by erfanse at March 29, 2025, 7:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BadoBully
2 weeks, 3 days ago
Selected Answer: A
Only one that makes sense
upvoted 1 times
...
ada26b1
3 weeks ago
Selected Answer: A
I believe it is A can someone confirm ?
upvoted 1 times
...
erfanse
3 weeks, 1 day ago
Selected Answer: B
This is because the SHA-256 hash is a unique identifier for a specific file. If the indicator contains the hash of svchost.exe, it would help identify any malicious files with the same hash that have been altered or injected with malware. However, svchost.exe is a legitimate Microsoft binary, and unless modified with malicious intent, it wouldn’t trigger alerts on its own.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago