Exam CFR-310 All QuestionsBrowse all questions from this exam
Go to Exam
Question 2

A secretary receives an email from a friend with a picture of a kitten in it. The secretary forwards it to the ~COMPANYWIDE mailing list and, shortly thereafter, users across the company receive the following message:

“You seem tense. Take a deep breath and relax!”

The incident response team is activated and opens the picture in a virtual machine to test it. After a short analysis, the following code is found in C:

\Temp\chill.exe:Powershell.exe –Command “do {(for /L %i in (2,1,254) do shutdown /r /m Error! Hyperlink reference not valid.> /f /t / 0 (/c “You seem tense. Take a deep breath and relax!”);Start-Sleep –s 900) } while(1)”

Which of the following BEST represents what the attacker was trying to accomplish?

    Correct Answer: B

    The C code snippet provided in the question contains the 'shutdown /r /m' command, where the '/r' parameter specifies a reboot. The 'Start-Sleep -s 900' command indicates a sleep duration of 900 seconds. 900 seconds is equal to 15 minutes. Thus, the attacker aimed to taunt the user with a message and then trigger a reboot every 15 minutes.

Discussion
surfugandaOption: B

The code snippet includes: reboot /r This parameter ( /r ) instructs the system to reboot. -s 900 This parameter instructs the system to wait 900 seconds. 900 seconds / 60 seconds = 15 minutes Correct answer is : B. Taunt the user and then trigger a reboot every 15 minutes.

WutanOption: A

The correct answer is A. Taunt the user and then trigger a shutdown every 15 minutes. The code in the question is a PowerShell script that will: Taunt the user with the message "You seem tense. Take a deep breath and relax!" Shutdown the computer every 900 seconds (15 minutes).