ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 374 discussion

Actual exam question from CompTIA's CS0-002
Question #: 374
Topic #: 1
[All CS0-002 Questions]

An analyst received an alert regarding an application spawning a suspicious command shell process. Upon further investigation, the analyst observes the following registry change occurring immediately after the suspicious event:



Which of the following was the suspicious event able to accomplish?

  • A. Impair defenses.
  • B. Establish persistence.
  • C. Bypass file access controls.
  • D. Implement beaconing.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by EMordenti at June 10, 2023, 10:11 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
karpal
2 years, 1 month ago
Selected Answer: A
What is 0 and 1 in registry? In reality, the context depends upon the application calling the registry entry. As far as the registry is concerned, its just a DWORD. You could make 2,124,450 mean true if you wanted it. In general, however, my observation is that 1 is generally taken to be a "true" value, and 0 for "false. in this case EnableFireewall is 0 so False. I choose A.
upvoted 2 times
...
EMordenti
2 years, 1 month ago
Correct. It's A https://attack.mitre.org/techniques/T1562/004/
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel