CCFH-202 Exam QuestionsBrowse all questions from this exam

CCFH-202 Exam - Question 26


What type of attack would this process tree indicate?

Show Answer
Correct Answer: C

The process tree shown in the image initiates with legitimate system processes such as SMSS.EXE, WINLOGON.EXE, and EXPLORER.EXE. The involvement of common email and office-related applications like OUTLOOK.EXE and EXCEL.EXE suggests that the user interacted with email attachments or linked files. The sequence then leads to the execution of WScript.exe and PowerShell.exe, both commonly leveraged in phishing attacks to run malicious scripts after initial user interaction. These characteristics are indicative of a phishing attack, where an unsuspecting user is tricked into executing malicious scripts through seemingly legitimate channels.

Discussion

1 comment
Sign in to comment
alanalanalanOption: C
Jul 9, 2024

C. Phishing Attack A, B, D are incorrect