ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 759 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 759
Topic #: 1
[All 312-49v10 Questions]

An investigator is studying a suspicious Windows service discovered on a corporate system that seems to be associated with malware. The service has a name similar to a genuine Windows service, runs as a SYSTEM account, and exhibits potentially harmful behavior. Which tool and method should the investigator use to study the service's behavior without allowing it to inflict more damage?

  • A. Deploy Autoruns for Windows to check if the suspicious service is configured to run at system bootup
  • B. Inspect the startup folder for the presence of the suspicious service using command prompt commands
  • C. Use SrvMan to stop the suspicious service and analyze its impact on the system
  • D. Utilize the Windows Service Manager to create an identical service and study its behavior
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Elb at May 29, 2024, 12:55 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
044f354
3 days, 13 hours ago
Selected Answer: A
https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns Autoruns provides a comprehensive view of all auto-starting locations in Windows, including services, drivers, startup items, scheduled tasks, and more. allows investigators to identify and verify suspicious services without executing or altering them, which is critical when analyzing potentially harmful malware. In this case, since the service mimics a legitimate one and runs with SYSTEM-level privileges, running it or stopping it directly could be risky (e.g., might trigger a payload). Autoruns operates passively, meaning it doesn't modify system behavior but offers detailed insight, including the path, publisher, and command-line arguments of the service—helpful for determining if it's malicious or masquerading. It's especially effective in identifying persistence mechanisms, which is essential in malware investigations. --- Please UPVOTE!
upvoted 1 times
...
Elb
4 months ago
Selected Answer: A
Autoruns utility has the most comprehensive knowledge of auto-starting locations of any startup monitor, and shows what programs are configured to run during system bootup or login, and when various built-in Windows applications such as Internet Explorer, Explorer, and media players are started.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago