GIAC
GCIH · Question #340
GCIH Question #340: Real Exam Question with Answer & Explanation
Sign in or unlock GCIH to reveal the answer and full explanation for question #340. The question stem and answer options stay visible for context.
Malware Analysis & Advanced Persistent Threats
Question
A workstation with an IP address of 10.10.20.115/24 is suspected of being compromised. Which of the following is supported by the information in the process table?
Exhibit
Options
- AA possibly compromised system at 10.10.10.200 is attempting to access shared files over the
- BThe behavior of the minesweeper.exe process indicates a likely trojan horse infection
- CThe behavior of the smss.exe process indicates a likely rootkit infection
- DA possibly compromised system at 195.129.50.50 is attempting to start a web server on the host
Unlock GCIH to see the answer
You've previewed enough free GCIH questions. Unlock GCIH for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#process table analysis#trojan detection#IOC analysis#host forensics