nerdexam
ExamsGCIHQuestions#751
GIAC

GCIH · Question #751

GCIH Question #751: Real Exam Question with Answer & Explanation

The correct answer is B: Get-CimInstance. Get-CimInstance queries the Win32_Process WMI class, which exposes a CommandLine property containing the exact parameters used to launch each running process.

Question

Which PowerShell cmdlet will display the command line parameters used to launch a Windows process?

Options

  • AGet-Service
  • BGet-CimInstance
  • CGet-Process
  • DGet ChildItem

Explanation

Get-CimInstance queries the Win32_Process WMI class, which exposes a CommandLine property containing the exact parameters used to launch each running process.

Common mistakes.

  • A. Get-Service retrieves information about Windows services such as status and display name, and does not provide details about process launch command line parameters.
  • C. Get-Process retrieves running process objects with properties like CPU and memory usage, but does not natively expose the CommandLine argument string used at process launch.
  • D. Get-ChildItem lists items in a file system path or registry location and has no capability to query or display process launch parameters.

Concept tested. PowerShell WMI - process command line forensic investigation

Reference. https://learn.microsoft.com/en-us/powershell/module/cimcmdlets/get-ciminstance

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice