nerdexam
GIAC

GCIH · Question #450

View the following screen capture. Which of the following security mechanisms detected downloader.exe as a possible threat?

The correct answer is B. System-level protection. System-level protection refers to host-based security controls that operate at the operating system layer, most commonly endpoint protection platforms (EPP) or antivirus/anti-malware software such as Windows Defender. These tools monitor file system activity, process execution, a

Malware Analysis & Advanced Persistent Threats

Question

View the following screen capture. Which of the following security mechanisms detected downloader.exe as a possible threat?

Exhibit

GCIH question #450 exhibit

Options

  • AHost perimeter detection
  • BSystem-level protection
  • CApplication-level detection
  • DNetwork perimeter detection

How the community answered

(26 responses)
  • A
    12% (3)
  • B
    81% (21)
  • C
    4% (1)
  • D
    4% (1)

Explanation

System-level protection refers to host-based security controls that operate at the operating system layer, most commonly endpoint protection platforms (EPP) or antivirus/anti-malware software such as Windows Defender. These tools monitor file system activity, process execution, and memory at the OS level - making them well-positioned to flag a suspicious executable like downloader.exe before or during execution. Network perimeter detection (Option D) would catch threats at the network boundary (e.g., a firewall or IDS/IPS inspecting traffic), not a local executable on a host. Host perimeter detection (Option A) typically refers to host-based firewalls that inspect inbound/outbound connections, not file-level threat detection. Application-level detection (Option C) would be security logic embedded within a specific application. Since the screen capture shows a local file (downloader.exe) being flagged, the source is the system-level endpoint protection agent running on that host.

Topics

#host-based detection#system-level protection#malware detection layers#downloader malware

Community Discussion

No community discussion yet for this question.

Full GCIH Practice