ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 319 discussion

Actual exam question from CompTIA's CS0-003
Question #: 319
Topic #: 1
[All CS0-003 Questions]

An analyst is investigating a phishing incident and has retrieved the following as part of the investigation:

cmd.exe /c c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -NoLogo -NoProfile -
EncodedCommand

Which of the following should the analyst use to gather more information about the purpose of this command?

  • A. Echo the command payload content into ‘base64 -d‘.
  • B. Execute the command from a Windows VM.
  • C. Use a command console with administrator privileges to execute the code.
  • D. Run the command as an unprivileged user from the analyst workstation.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by 1403ad2 at Feb. 21, 2025, 1:24 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BadoBully
1 month ago
Selected Answer: A
it says EncodedCommand, we should decode the command vefore running to see what it is
upvoted 2 times
...
fafd232_
1 month, 1 week ago
Selected Answer: A
I chose A because executing the command from a VM may not reveal the full scope of information about what the command does. Echoing the command and decoding the encoded parts of the command will at least show the analyst what the script is trying to do, even if doing so outside of a VM is risky.
upvoted 1 times
...
1403ad2
2 months, 2 weeks ago
Selected Answer: B
it makes the most sense to run any unk code on a VM, C & D make no sense to run it again even from a anylast workstation with permission on that account or system. A seems like a good option but i think running it on a vm and see what it does is more important for overall understanding
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago