Exam CS0-003 Topic 1 Question 255 Discussion
Actual exam question for CompTIA's CS0-003 exam
Question #: 255
Topic #: 1
Question #: 255
Topic #: 1
A security analyst is reviewing the following alert that was triggered by FIM on a critical system:

Which of the following best describes the suspicious activity that is occurring?

Which of the following best describes the suspicious activity that is occurring?
Suggested Answer: C Vote an answer
A new program has been set to execute on system start is the most likely cause of the suspicious activity that is occurring, as it indicates that the malware has modified the registry keys of the system to ensure its persistence. File Integrity Monitoring (FIM) is a tool that monitors changes to files and registry keys on a system and alerts the security analyst of any unauthorized or malicious modifications. The alert triggered by FIM shows that the malware has created a new registry key under the Run subkey, which is used to launch programs automatically when the system starts. The new registry key points to a file named "update.exe" in the Temp folder, which is likely a malicious executable disguised as a legitimate update file. Official Reference:
https://www.comptia.org/blog/the-new-comptia-cybersecurity-analyst-your-questions-answered
https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectives
https://www.comptia.org/training/books/cysa-cs0-002-study-guide
https://www.comptia.org/blog/the-new-comptia-cybersecurity-analyst-your-questions-answered
https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectives
https://www.comptia.org/training/books/cysa-cs0-002-study-guide
by Hobart at Dec 29, 2024, 08:35 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).