nerdexam
Splunk

SPLK-5001 · Question #1

SPLK-5001 Question #1: Real Exam Question with Answer & Explanation

The correct answer is D. Temp directories are world writable thus allowing attackers a place to drop, stage, and execute. See the full explanation below for the reasoning.

Question

During their shift, an analyst receives an alert about an executable being run from C:\Windows\Temp. Why should this be investigated further?

Options

  • ATemp directories aren't owned by any particular user, making it difficult to track the process owner
  • BTemp directories are flagged as non-executable, meaning that no files stored within can be
  • CTemp directories contain the system page file and the virtual memory file, meaning the attacker
  • DTemp directories are world writable thus allowing attackers a place to drop, stage, and execute

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SPLK-5001 Practice