Exam SY0-701 Topic 1 Question 391 Discussion
Actual exam question for CompTIA's SY0-701 exam
Question #: 391
Topic #: 1
Question #: 391
Topic #: 1
A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months.
Which of the followingmostlikely occurred?
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months.
Which of the followingmostlikely occurred?
Suggested Answer: D Vote an answer
A rootkit is a type of malware that modifies or replaces system files or processes to hide its presence and activity. A rootkit can change the hash of the cmd.exe file, which is a command-line interpreter for Windows systems, to avoid detection by antivirus or file integrity monitoring tools. A rootkit can also grant the attacker remote access and control over the infected system, as well as perform malicious actions such as stealing data, installing backdoors, or launching attacks on other systems. A rootkit is one of the most difficult types of malware to remove, as it can persist even after rebooting or reinstalling the OS. References = CompTIA Security+ StudyGuide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 4, page
147. CompTIA Security+ SY0-701 Exam Objectives, Domain 1.2, page 9.
147. CompTIA Security+ SY0-701 Exam Objectives, Domain 1.2, page 9.
by Nicola at Nov 23, 2024, 11:45 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).