CrowdStrike
CCCS-203B · Question #31
CCCS-203B Question #31: Real Exam Question with Answer & Explanation
Sign in or unlock CCCS-203B to reveal the answer and full explanation for question #31. The question stem and answer options stay visible for context.
Question
You are a security analyst reviewing logs in the CrowdStrike Falcon platform. You notice unusual activity involving the repeated execution of a legitimate application, powershell.exe, with a base64-encoded string passed as a parameter. Which of the following is the most likely explanation for this behavior, and what should be your next step?
Options
- AAn administrator running legitimate scripts to automate system tasks.
- BA malicious actor executing a PowerShell script for credential dumping.
- CRoutine software update activities performed by the IT department.
- DA system error causing the repeated execution of PowerShell.
Unlock CCCS-203B to see the answer
You've previewed enough free CCCS-203B questions. Unlock CCCS-203B for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.