Question 144 of 160 from exam CS0-002: CompTIA CySA+

Question 144 of 160 from exam CS0-002: CompTIA CySA+

Prev Question Next Question

Question

SIMULATION - Malware is suspected on a server in the environment.

The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one of the servers may be malware.

INSTRUCTIONS - Servers 1, 2, and 4 are clickable.

Select the Server and the process that host the malware.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Network Diagram for Company A ‘Two Zones: OMZ, INTERNAL DMZ Gateway: 10:11.4 {Internal Gateway: 182.168.60.1
Servert Log Session Name Session# system Idle Process services system services smss.exe Services esrss.exe services wininit.exe services services.exe Services lsass.exe Services Ism.exe Services svchost.exe services svchost.exe Services svchost.exe Services spoolsv.exe Services svchost.exe Services svchost.exe Services notepad. exe Services svchost.exe services SearchIndexer.exe services OSPPSVC. EXE services csrss.exe ROP-Tep#o winlogon.exe ROP-Tep#o rdpclip.exe ROP-Tep#o dwm.exe ROP-Tep#o taskhost .exe ROP-Tcp#o
Server4 Log svchost.exe svchost.exe svchost.exe SearchIndexer.exe OSPPSVC . EXE csrss.exe winlogon.exe rdpclip.exe dwm.exe taskhost.exe explorer.exe splwow64.exe cmd.exe conhost.exe audiodg.exe csrss.exe winlogon.exe LogonUI. exe taskhost .exe tasklist.exe WmiPrvSE.exe 1068 2020 1720 864 2584 372 460 1600 772 1700 2500 2960 1260 2616 980 2400 2492 2864 2812 1208 1276 services Services Services services services RDP-Tcp#o ROP-Tep#o ROP-Tep#o ROP-Tcp#o ROP-Tep#o ROP-Tcp#o ROP-Tep#o ROP-Tep#o ROP-Tcp#o Services Console Console Console services RDP-Tcp#o Services SHOWWWORH HEH HHH HH OSS O Od 7,888 17,324 3,172 14,968 13,764 7,556 5,832 4,356 5,116 8,720 66,444 4,152 2,652 5,256 13,256 3,512 5,772 17,056 9,540 5,196 5,776 RRR RRRRARRRRARRRARAARRAR

Explanations

See explanation below.

Server 4, svchost.exe.

Prev Question Next Question