CS0-003 · Question #366
CS0-003 Question #366: Real Exam Question with Answer & Explanation
The correct answer is D: Activities taken by PID 1024. The activities taken by the process with PID 1024 will provide the best insight into this potentially malicious process, based on the anomalous behavior. BGInfo.exe is a legitimate tool that displays system information on the desktop background, but it can also be used by attacke
Question
When investigating a potentially compromised host, an analyst observes that the process BGInfo.exe (PID 1024), a Sysinternals tool used to create desktop backgrounds containing host details, has been running for over two days. Which of the following activities will provide the best insight into this potentially malicious process, based on the anomalous behavior?
Options
- AChanges to system environment variables
- BSMB network traffic related to the system process
- CRecent browser history of the primary user
- DActivities taken by PID 1024
Explanation
The activities taken by the process with PID 1024 will provide the best insight into this potentially malicious process, based on the anomalous behavior. BGInfo.exe is a legitimate tool that displays system information on the desktop background, but it can also be used by attackers to gather information about the compromised host or to disguise malicious processes. By monitoring the activities of PID 1024, such as the files it accesses, the network connections it makes, or the commands it executes, the analyst can determine if the process is benign or malicious.
Topics
Community Discussion
No community discussion yet for this question.