Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam GCIH topic 1 question 719 discussion

Actual exam question from GIAC's GCIH
Question #: 719
Topic #: 1
[All GCIH Questions]

The provided screenshot shows output from running the SysInternals "Strings" command against a suspected malware executable. Which of the following strings indicate that the attacker is attempting to gain persistence on the target system?

  • A. cmd.exe /c start/max http://www.midnitemeerkats.com/note
  • B. This program cannot be run in DOS mode
  • C. Software\Microsoft\Windows\CurrentVersion\Run
  • D. powershell.exe -ExecutionPolicyBypass -EncodedCommand
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Sazeniyu
12 months ago
Answer is C
upvoted 1 times
youngprinceton
11 months, 2 weeks ago
did you take exam and is this dump valid
upvoted 1 times
...
...
XBal
1 year ago
Answer should be "C" as it is ASEP registry key
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...