CS0-003 · Question #435
CS0-003 Question #435: Real Exam Question with Answer & Explanation
Sign in or unlock CS0-003 to reveal the answer and full explanation for question #435. The question stem and answer options stay visible for context.
Question
SIMULATION An organization has noticed large amounts of data are being sent out of its network. An analyst is identifying the cause of the data exfiltration. INSTRUCTIONS Select the command that generated the output in tabs 1 and 2. Review the output text in all tabs and identify the file responsible for the malicious behavior. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Answer: Command generating the output in Tab 1 - netstat -bo The command displays active connections, their states, and the associated netstat -bo process IDs (PIDs). This matches the information shown in Tab 1. Command generating the output in Tab 2 - tasklist The tasklist command lists all running processes with their PIDs, session names, and memory usage, which aligns with the output in Tab 2. File responsible for malicious behavior - cmd.exe Based on the hash comparison in Tab 3 and Tab 4, the MD5 hash of cmd.exe does not match the baseline, indicating it has been modified. This suggests that is the source of cmd.exe malicious behavior (likely tampered with to facilitate the data exfiltration).
Options
- taskSelect the command that generated the output in tabs 1 and 2, and identify the file responsible for the malicious behavior.
- prerequisites
Unlock CS0-003 to see the answer
You've previewed enough free CS0-003 questions. Unlock CS0-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.