PrepAway - Latest Free Exam Questions & Answers

Which rule will kill notepad.exe entirely if this activity is detected in the future?

An analyst has investigated two alerts on two separate HR workstations and found that notepad.exe has established communication to another IP address.

Which rule will kill notepad.exe entirely if this activity is detected in the future?

A. **\system32\notepad.exe –> Communicates over the network –> Terminate process
B. **\system32\notepad.exe –> Runs or is Running –> Deny operation

C. **/system32/notepad.exe –> Runs or is Running –> Terminate process

D. **/system32/notepad.exe–> Communicates over the network –> Deny operation

Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj88fL33YLvAhVQRhUIHYbdDxAQFjABegQIARAD&url=https%3A%2F%2Fwww.carbonblack.com%2Fblog%2Fcb-threatsight-investigation-reveals-retadup-worm-leverages-autoit-launch-monero-cryptomining-campaign%2F&usg=AOvVaw0De3tmD7FlQSs8VNMVsH7u


Leave a Reply