GIAC
GPEN · Question #289
GPEN Question #289: Real Exam Question with Answer & Explanation
The correct answer is D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices. Windows registry contains specific keys that control which programs run at startup; the RunServices key enables programs and services to execute automatically on each boot.
Question
You have inserted a Trojan on your friend's computer and you want to put it in the startup so that whenever the computer reboots the Trojan will start to run on the startup. Which of the following registry entries will you edit to accomplish the task?
Options
- AHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Start
- BHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Auto
- CHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Startup
- DHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Explanation
Windows registry contains specific keys that control which programs run at startup; the RunServices key enables programs and services to execute automatically on each boot.
Common mistakes.
- A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Start is not a valid Windows registry key and has no role in startup program execution.
- B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Auto is not a recognized Windows registry path for autorun or persistence.
- C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Startup does not exist as a registry key - the Startup folder for shortcuts is a filesystem path, not a registry entry under this hierarchy.
Concept tested. Windows registry autorun persistence keys
Reference. https://learn.microsoft.com/en-us/windows/win32/setupapi/run-and-runonce-registry-keys
Community Discussion
No community discussion yet for this question.