Which of the following describes a suspicious event in the service data below? root@kali:~/volatility# ./vol.py -f ../mem/Desk005.vmem svcscan
GCIH Exam QuestionsBrowse all questions from this exam
GCIH Exam - Question 121
Show AnswerHide Answer
Correct Answer: A
The GREEN service is suspicious because executables should not be run from temporary folders. Running an executable from a temporary directory often indicates potential malicious activity, as temporary folders are commonly used by attackers to store and execute malicious code. All the other options do not inherently describe suspicious events in the context of service management. Service names can vary in capitalization (BLUE), services can be legitimately stopped (PURPLE), and the structure of the svchost command and its parameters can vary (YELLOW).
Discussion
2 commentsXBal
Sep 15, 2024Answer should be "A" as SVCHOST should not run from TEMP directory
zhengdeshuo
Mar 17, 2023No picture?