Exam 312-49v10 topic 1 question 544 discussion

Actual exam question from ECCouncil's 312-49v10

Question #: 544
Topic #: 1

An attacker successfully gained access to a remote Windows system and plans to install persistent backdoors on it. Before that, to avoid getting detected in future, he wants to cover his tracks by disabling the last-accessed timestamps of the machine. What would he do to achieve this?

A. Set the registry value of HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate to 0
B. Run the command fsutil behavior set disablelastaccess 0
C. Set the registry value of HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate to 1
D. Run the command fsutil behavior set enablelastaccess 0

Show Suggested Answer

Suggested Answer: C 🗳️
Reference -
https://www.techrepublic.com/article/tech-tip-disable-the-last-access-update/

by zybr at July 13, 2023, 7:47 a.m.

Comments

Submit Cancel

Elb

6 months, 2 weeks ago

C < 0 User Managed, Last Access Time Updates Enabled 1 User Managed, Last Access Time Updates Disabled 2 (default) System Managed, Last Access Time Updates Enabled 3 System Managed, Last Access Time Updates Disabled

upvoted 1 times

...

zybr

1 year, 3 months ago

Anser is right. Right command for fsutil is: fsutil behavior query disablelastaccess

upvoted 1 times

...

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam

Exam 312-49v10 topic 1 question 544 discussion

Comments

Elb

zybr

SY0-701