Why should this be investigated further?

SPLK-5001 0 Comments

During their shift, an analyst receives an alert about an executable being run from C:WindowsTemp.

Why should this be investigated further?
A . Temp directories aren’t owned by any particular user, making it difficult to track the process owner when files are executed.
B . Temp directories are flagged as non-executable, meaning that no files stored within can be executed, and this executable was run from that directory.
C . Temp directories contain the system page file and the virtual memory file, meaning the attacker can use their malware to read the in memory values of running programs.
D . Temp directories are world writable thus allowing attackers a place to drop, stage, and execute malware on a system without needing to worry about file permissions.

Answer: D

Latest SPLK-5001 Dumps Valid Version with 66 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SPLK-5001 PDF     SPLK-5001 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments