EC-Council
312-39 · Question #38
312-39 Question #38: Real Exam Question with Answer & Explanation
Sign in or unlock 312-39 to reveal the answer and full explanation for question #38. The question stem and answer options stay visible for context.
Question
A threat hunter analyzing an infected endpoint finds that malicious processes keep reappearing even after termination, making traditional remediation ineffective. The user reports slowdowns, abnormal pop-ups, and unauthorized application launches. Deeper inspection reveals multiple scheduled tasks executing unknown scripts at intervals, along with suspicious registry modifications enabling automatic execution on startup. The endpoint makes intermittent encrypted outbound connections to an unclassified external server. The organization also observed multiple failed privileged logins from the same subnet. Which signs should the threat hunter look for to confirm and mitigate the threat?
Options
- ANetwork-based artifacts
- BThreat intelligence and adversary context
- CHost-based artifacts
- DIndicators of Attack (IoAs)
Unlock 312-39 to see the answer
You've previewed enough free 312-39 questions. Unlock 312-39 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.