ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 760 discussion

Actual exam question from CompTIA's SY0-601
Question #: 760
Topic #: 1
[All SY0-601 Questions]

A security analyst is reviewing an IDS alert and sees the following:

C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe -noP -exe byPass -nonI -wind hidden -no1 -c dir;findstr /s maldinuv %USERPROFILE%\\*.lnk > %USERPROFILE%\Documents\iijlqe.ps1;%USERPROFILE%\Documents\iijlqe.psi;exit

Which of the following triggered the IDS alert?

  • A. Bluesnarfing attack
  • B. URL redirection attack
  • C. Fileless malware execution
  • D. Macro-based denial of service
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by 1403ad2 at Jan. 17, 2024, 6:29 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Hs1208
Highly Voted 1 year, 7 months ago
Selected Answer: C
Fileless malware often uses legitimate system tools, such as PowerShell, to run malicious code directly in memory without dropping traditional executable files on disk. In this case, the command includes a PowerShell script that is being executed without the need for a separate executable file, making it characteristic of a fileless attack.
upvoted 6 times
...
LayinCable
Most Recent 1 year, 2 months ago
Selected Answer: C
It's 'C,' and here's why: A- Bluesnarfing is a bluetooth ONLY attack. Obviously, there's nothing about bluetooth in the question. B- URL Redirection is exactly what it sounds like, redirecting a URL to one that a malicious attacker wants the victim to go to. There's no URL's in the question. D- Macro-based denial of service. Macro is a programming language, and the input above is not a programming language input.
upvoted 3 times
janeyyyyyy322
1 year ago
macro can be done in office not necessarily python etc
upvoted 1 times
...
...
glenndexter
1 year, 3 months ago
Selected Answer: C
dir: It lists the contents of the current directory. findstr /s maldinuv %USERPROFILE%\\*.lnk: It searches for files with the name "maldinuv" in the shortcut files (*.lnk) located in the user's profile directory. It redirects the output of the findstr command to a file named iijlqe.ps1 located in the user's Documents folder. It then tries to execute a file named iijlqe.psi, which seems to be a typo or an attempt to obfuscate the filename. The command then exits the PowerShell session.
upvoted 2 times
...
1403ad2
1 year, 7 months ago
Selected Answer: C
I think C. Fileless malware execution because other three have nothing to do with files def not DoS or A
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel