What activity should you investigate next?

You notice that taskeng.exe is one of the processes involved in a detection.

What activity should you investigate next?
A . User logons after the detection
B . Executions of schtasks.exe after the detection
C . Scheduled tasks registered prior to the detection
D . Pivot to a Hash search for taskeng.exe

Answer: C

Explanation:

According to the [Microsoft website], taskeng.exe is a legitimate Windows process that is responsible for running scheduled tasks. However, some malware may use this process or create a fake one to execute malicious code. Therefore, if you notice taskeng.exe involved in a detection, you should investigate whether there are any scheduled tasks registered prior to the detection that may have triggered or injected into taskeng.exe. You can use tools such as schtasks.exe or Task Scheduler to view or manage scheduled tasks.

Latest CCFR-201 Dumps Valid Version with 60 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments