ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 243 discussion

Actual exam question from CompTIA's CS0-003
Question #: 243
Topic #: 1
[All CS0-003 Questions]

A security analyst receives an alert for suspicious activity on a company laptop. An excerpt of the log is shown below:



Which of the following has most likely occurred?

  • A. An Office document with a malicious macro was opened.
  • B. A credential-stealing website was visited.
  • C. A phishing link in an email was clicked.
  • D. A web browser vulnerability was exploited.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Chiniwini at July 28, 2024, 3:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Chiniwini
Highly Voted 11 months ago
Selected Answer: A
The sequence involving PowerShell and Microsoft Word (Event 5) strongly suggests the execution of a macro or script. This is a typical behavior of a malicious macro embedded in an Office document, which often uses PowerShell to perform further actions, such as downloading additional payloads or altering system settings.
upvoted 17 times
ybyttv
2 weeks, 6 days ago
Thank for explain. Who launch the powershell? It worked as a parent process of word. The powershell come out from nowhere
upvoted 1 times
...
...
thisguyfucks
Most Recent 7 months ago
Selected Answer: A
Choosing A on test.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel