Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Giac Discussions

Exam GCIH topic 1 question 794 discussion

Actual exam question from GIAC's GCIH
Question #: 794
Topic #: 1
[All GCIH Questions]



A Windows workstation was clean a few days ago but now appears to be infected. Based on results from tasklist, which was run last week, which connection or connections shown in netstat -naob, run today, most likely indicates the host is now infected?

  • A. The connection with winevtd.exe
  • B. The connection with wmpnetwk.exe
  • C. The connections with lsass.exe
  • D. The connections with svchost.exe
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by XBal at March 16, 2023, 5:04 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
strale
2 months, 2 weeks ago
Selected Answer: C
I think lsass.exe is correct, because it listens on strange port for all incoming connections. A - it's not unusual at all, and also it is possible that wininit.exe process has stopped and that winevtd.exe got the sam PID. B - wmpnetwk.exe is not unusual at all D - it is legit that multiple svchost.exe related processes have been started at the same time. In mine opinion, avp.exe would be the best answer, but since is not an option, lsass.exe is the best answer.
upvoted 2 times
...
Vikt0r
4 months, 3 weeks ago
D is correct
upvoted 2 times
...
XBal
1 year, 1 month ago
Correct answer is "D" as it's PID did not appear in the previous screenshot /tasklist
upvoted 2 times
ruchiwan
3 months, 1 week ago
what about winevtd.exe? it has the same PID - 596 as wininit.exe has in the tasklist.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel