312-50V13 · Question #235
312-50V13 Question #235: Real Exam Question with Answer & Explanation
The correct answer is D: Use netstat and check for outgoing connections to strange IP addresses or domains.. To determine if a Trojan is installed and active, one should look for suspicious network activity, as Trojans often establish command-and-control communication.
Question
A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer. What tests would you perform to determine whether his computer is Infected?
Options
- AUse ExifTool and check for malicious content.
- BYou do not check; rather, you immediately restore a previous snapshot of the operating system.
- CUpload the file to VirusTotal.
- DUse netstat and check for outgoing connections to strange IP addresses or domains.
Explanation
To determine if a Trojan is installed and active, one should look for suspicious network activity, as Trojans often establish command-and-control communication.
Common mistakes.
- A. ExifTool is used to read, write, and edit metadata in images, audio, video, and PDF files, not to detect active malicious processes or network connections.
- B. While restoring a snapshot is a good remediation step for a confirmed infection, it does not help in determining whether the computer is infected in the first place, which is what the question asks.
- C. Uploading the file to VirusTotal is useful for static analysis of the file's potential maliciousness before execution or to confirm the nature of the file, but it doesn't directly tell you if the currently running system is infected by that file after execution.
Concept tested. Trojan detection using network monitoring
Reference. https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/netstat
Topics
Community Discussion
No community discussion yet for this question.