Which of the following is a suspicious process behavior?

CCFH-202 0 Comments

Which of the following is a suspicious process behavior?
A . PowerShell running an execution policy of RemoteSigned
B. An Internet browser (eg, Internet Explorer) performing multiple DNS requests
C. PowerShell launching a PowerShell script
D. Non-network processes (eg, notepad exe) making an outbound network connection

Answer: D

Explanation:

Non-network processes are processes that are not expected to communicate over the network, such as notepad.exe. If they make an outbound network connection, it could indicate that they are compromised or maliciously used by an adversary. PowerShell running an execution policy of RemoteSigned is a default setting that allows local scripts to run without digital signatures. An Internet browser performing multiple DNS requests is a normal behavior for web browsing. PowerShell launching a PowerShell script is also a common behavior for legitimate tasks.

Reference: https://www.crowdstrike.com/blog/tech-center/detect-malicious-use-of-non-network-processes/

Latest CCFH-202 Dumps Valid Version with 60 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CCFH-202 PDF     CCFH-202 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments