ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v12 All Questions

View all questions & answers for the 312-50v12 exam
Go to Exam

Exam 312-50v12 topic 1 question 311 discussion

Actual exam question from ECCouncil's 312-50v12
Question #: 311
Topic #: 1
[All 312-50v12 Questions]

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.

What tests would you perform to determine whether his computer is infected?

  • A. Upload the file to VirusTotal.
  • B. You do not check; rather, you immediately restore a previous snapshot of the operating system.
  • C. Use netstat and check for outgoing connections to strange IP addresses or domains.
  • D. Use ExifTool and check for malicious content.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by agelbahri at March 13, 2025, 10:55 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
e020fdc
1 month, 1 week ago
Selected Answer: A
A. Upload the file to VirusTotal VirusTotal scans files using dozens of antivirus engines and provides a comprehensive report. This is a safe, non-invasive first step to check if the file is known malware. B. Immediately restore a previous snapshot While this is a good containment strategy if infection is confirmed, doing this without investigation might be excessive and could lead to loss of recent data or changes. C. Use netstat and check for outgoing connections This is a useful technique after suspecting infection, especially for malware communicating with command-and-control servers. However, it doesn't directly analyze the file and may miss silent or idle malware. D. Use ExifTool and check for malicious content ExifTool is primarily used for examining metadata in images and other media files, not executable files. It is not the right tool for inspecting potential malware in executables.
upvoted 2 times
...
mr.sgtan
3 months, 1 week ago
Selected Answer: C
CEH v12 Module 04 p1187 One of Trojan countermeasures is to block all unnecessary ports at the host and use a firewall. Therefore, you should use Netstat to investigate for malicious activity first via checking outgoing connections in order to determine whether the computer is infected.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel