CrowdStrike
CCFH-202B · Question #64
CCFH-202B Question #64: Real Exam Question with Answer & Explanation
Sign in or unlock CCFH-202B to reveal the answer and full explanation for question #64. The question stem and answer options stay visible for context.
Question
Which of the following process trees should raise the most suspicion that adversary activity may be present on a web server?
Options
- ASMSS.EXE >> WINLOGON.EXE >> USERINIT.EXE >> EXPLORER.EXE >> WORD.EXE
- BWINLOGON.EXE >> USERINIT.EXE >> EXPLORER.EXE >> OUTLOOK.EXE >>
- CWININIT.EXE >> SERVICES >> SVCHOST.EXE >> TASKENG.EXE >> POWERSHELL.EXE
- DWININIT.EXE >> SERVICES >> SVCHOST.EXE >> W3WP.EXE >> CMD.EXE
Unlock CCFH-202B to see the answer
You've previewed enough free CCFH-202B questions. Unlock CCFH-202B for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.