Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 793 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 793
Topic #: 1
[All 312-49v10 Questions]

In the event of a fileless malware attack, a Computer Hacking Forensics Investigator (CHFI) notes that the fileless malware has managed to persist even after the system reboots. What built-in Windows tool/utility might the attacker most likely have leveraged for this persistent behavior?

  • A. Windows Operation system components
  • B. Windows Task Scheduler
  • C. Windows AutoStart registry keys
  • D. Windows Process Explorer
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Elb at May 29, 2024, 3:13 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
4bd3116
4 months ago
Selected Answer: C
C. Windows AutoStart Registry Keys Explanation: Fileless malware often leverages Windows AutoStart registry keys (such as those found in HKCU\Software\Microsoft\Windows\CurrentVersion\Run or HKLM\Software\Microsoft\Windows\CurrentVersion\Run) to achieve persistence. By creating or modifying entries in these registry keys, the malware can ensure that it executes each time the system starts, even if the original file-based components are not present.
upvoted 1 times
...
aqeel1506
4 months ago
B. Windows Task Scheduler Explanation: Windows Task Scheduler: Persistence Mechanism: Attackers often use Windows Task Scheduler to create tasks that run on system startup or at scheduled intervals. This allows the malware to execute even after a reboot, making it a common method for maintaining persistence in fileless malware attacks. Windows AutoStart Registry Keys: Potential for Persistence: While AutoStart registry keys (such as those under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run) are indeed used for persistence, fileless malware often avoids traditional file-based mechanisms and may prefer leveraging scheduled tasks due to their ability to execute code directly from memory.
upvoted 1 times
...
ala76nl
4 months, 2 weeks ago
Selected Answer: C
Registry is most used
upvoted 2 times
...
Elb
5 months, 4 weeks ago
Selected Answer: B
Using task scheduler, attackers can set the malicious scripts to be triggered and executed automatically at a chosen time intervals.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel