Exam CS0-002 topic 1 question 286 discussion

Actual exam question from CompTIA's CS0-002

Question #: 286
Topic #: 1

A company employee downloads an application from the internet. After the installation, the employee begins experiencing noticeable performance issues, and files are appearing on the desktop:

Which of the following processes will the security analyst identify as the MOST likely indicator of system compromise given the processes running in Task Manager?

A. Chrome.exe
B. Word.exe
C. Explorer.exe
D. mstsc.exe
E. taskmgr.exe

Show Suggested Answer

Suggested Answer: D 🗳️

by gnnggnnggnng at Feb. 3, 2023, 11:24 p.m.

Comments

Submit Cancel

gnnggnnggnng

Highly Voted 2 years, 3 months ago

Selected Answer: D

The process the security analyst will identify as the MOST likely indicator of system compromise is "mstsc.exe" (Microsoft Remote Desktop Protocol). This process is used for remote desktop connections, and the fact that it is running with system privileges raises suspicion for potential malicious activity.

upvoted 11 times

2Fish

2 years, 1 month ago

Agreed. mstsc.exe running as system is suspicious, as we know that is a known method of running services with an account that has escalated privileges.

upvoted 2 times

2Fish

2 years, 1 month ago

I just checked my windows machine and mstsc, explorer, & taskmanager all run under the logged in user. So who knows. ugh

upvoted 1 times

...

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam

Exam CS0-002 topic 1 question 286 discussion

Comments

gnnggnnggnng

2Fish

2Fish

SY0-701