Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam

Exam 312-49v10 topic 1 question 544 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 544
Topic #: 1
[All 312-49v10 Questions]

An attacker successfully gained access to a remote Windows system and plans to install persistent backdoors on it. Before that, to avoid getting detected in future, he wants to cover his tracks by disabling the last-accessed timestamps of the machine. What would he do to achieve this?

  • A. Set the registry value of HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate to 0
  • B. Run the command fsutil behavior set disablelastaccess 0
  • C. Set the registry value of HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate to 1
  • D. Run the command fsutil behavior set enablelastaccess 0
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Reference -
https://www.techrepublic.com/article/tech-tip-disable-the-last-access-update/

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Elb
7 months, 1 week ago
C < 0 User Managed, Last Access Time Updates Enabled 1 User Managed, Last Access Time Updates Disabled 2 (default) System Managed, Last Access Time Updates Enabled 3 System Managed, Last Access Time Updates Disabled
upvoted 1 times
...
zybr
1 year, 4 months ago
Anser is right. Right command for fsutil is: fsutil behavior query disablelastaccess
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...