Exam SY0-601 topic 1 question 515 discussion

Maybe a good solution for this is just not keeping a bowl of flash drives for public use in the company breakroom.

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory. The presence of Mimikatz alerts and reports of new company flash drives having only 512KB of storage indicate a potential security incident involving malicious activity. Mimikatz is a well-known tool used for extracting plaintext passwords and other sensitive information from memory, which could indicate an attempt to compromise the security of the systems. Additionally, the fact that the new flash drives have been tampered with and do not have their original storage capacity suggests that a malicious actor is using the flash drives to bypass the Group Policy Object (GPO) settings that block the use of flash drives. This could be an attempt to introduce malware or exfiltrate data using unauthorized hardware.

isn't it keylogger impl. method?

Mimikatz is an open-source application that allows users to view and save authentication credentials such as Kerberos tickets. D

Mimikatz A tool used by many penetration testers, attackers, and even malware that can be useful for retrieving password hashes from memory; it is a useful post-exploitation tool." -Security+ SY0-601 Pearson IT Cert Guide by Santos, Taylor, & Mlodzianowski

I believe D is the answer Mimikatz is a tool that is commonly used by hackers and security professionals to extract sensitive information, such as passwords and credentials, from a system's memory. The flash drive most likely has a malicious code that is trying to execute Mimikatz do dump credentials from memory.