Exam CS0-003 Topic 4 Question 380 Discussion
Actual exam question for CompTIA's CS0-003 exam
Question #: 380
Topic #: 4
Question #: 380
Topic #: 4
An organization has noticed large amounts of data are being sent out of its network. An analyst is identifying the cause of the data exfiltration.
INSTRUCTIONS
Select the command that generated the output in tabs 1 and 2.
Review the output text in all tabs and identify the file responsible for the malicious behavior.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.







INSTRUCTIONS
Select the command that generated the output in tabs 1 and 2.
Review the output text in all tabs and identify the file responsible for the malicious behavior.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.







Suggested Answer:

Explanation:
Select the command that generated the output in tab 1:
* netstat -bo
Select the command that generated the output in tab 2:
* tasklist
Identify the file responsible for the malicious behavior:
* cmd.exe
Select the command that generated the output in tab 1: The output in tab 1 displays active network connections, which can be generated using the netstat command with options to display the owning process ID.
Select the command that generated the output in tab 1:
* netstat -bo
Select the command that generated the output in tab 2: The output in tab 2 lists the running processes with their PIDs and memory usage, which can be generated using the tasklist command.
Select the command that generated the output in tab 2:
* tasklist
Identify the file responsible for the malicious behavior: To identify the malicious file, we compare the hashes of the current files against the baseline hashes. From the provided data:
* The hash for cmd.exe in the current state (tab 3) is 372ab227fd5ea779c211a1451881d1e1.
* The baseline hash for cmd.exe (tab 4) is a2cdef1c445d3890cc3456789058cd21.
Since these hashes do not match, cmd.exe is the file responsible for the malicious behavior.
by Giles at Jun 12, 2025, 11:55 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).