GIAC
GCIH · Question #522
GCIH Question #522: Real Exam Question with Answer & Explanation
Sign in or unlock GCIH to reveal the answer and full explanation for question #522. The question stem and answer options stay visible for context.
Question
A user opened a PDF he downloaded from the web, that contained a URL to an executable called FreeCoupons.exe. The user downloaded and ran FreeCoupons.exe, and now that file is on the C:\ partition of 20% of the company's Windows servers. Additionally, there are a large number of failed logon attempts on the Event Viewer of each server, with little time between each failed logon, and common user IDs associated with each attempt. Based on this behavior, what is the most likely classification of the malware?
Options
- AA virus that spreads through SQL injection
- BA macro virus that spreads through infected PDFs
- CA social engineering attempt that spreads through email
- DA worm that spreads through RDP
Unlock GCIH to see the answer
You've previewed enough free GCIH questions. Unlock GCIH for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.