Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Sans Discussions

Exam SEC504 topic 1 question 4 discussion

Actual exam question from SANS's SEC504
Question #: 4
Topic #: 1
[All SEC504 Questions]

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

  • A. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
  • B. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • C. HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"
  • D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by eskimolander at Sept. 11, 2021, 11:24 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
ExamCheat
1 month, 1 week ago
The correct registry value associated with the Klez worm is [B]. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run12. This registry entry ensures that the worm runs automatically when Windows starts up. Remember to stay vigilant against such threats and keep your systems updated and secure! https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Klez https://www.allaboutworms.com/worm-klez
upvoted 1 times
...
anonyuser
5 months ago
Use Run or RunOnce registry keys to make a program run when a user logs on. The Run key makes the program run every time the user logs on, while the RunOnce key makes the program run one time, and then the key is deleted. These keys can be set for the user or the machine. The Windows registry includes the following four Run and RunOnce keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce https://learn.microsoft.com/en-us/windows/win32/setupapi/run-and-runonce-registry-keys
upvoted 2 times
...
study_it
5 months, 3 weeks ago
Selected Answer: B
Marking B: Researching the klez worm you find the reg key it creates for persistence resembles the below. And B is the closest to the that. HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run Wink{random alphabetic characters} = "%System%\WINK{random alphabetic characters}.EXE"
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel