PowerShell transcript logs and Windows Event logs can be checked to identify malicious hosts; the user agent string and IP addresses can also be used for this purpose.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

PowerShell transcript logs and Windows Event logs can be checked to identify malicious hosts; the user agent string and IP addresses can also be used for this purpose.

Explanation:
Detecting PowerShell usage. The statement points to sources that specifically reveal PowerShell activity—PowerShell transcript logs and Windows Event logs capture what commands were run, which scripts were loaded, and how PowerShell was used. That visibility is exactly what defenders rely on to spot malicious hosts trying to leverage PowerShell for intrusion, lateral movement, or payload download. The mention of the user agent string and IP addresses complements this by providing network indicators that can appear in PowerShell-driven web requests or remoting activity, helping to correlate host activity with external signals. While broader concepts like internal reconnaissance or general CLI usage can be part of attacker behavior, the scenario described hinges on PowerShell-focused logs and indicators, making PowerShell detection the best fit. The HTTP User Agent angle is related to web traffic patterns but is not the primary source of the PowerShell activity described, so it’s less aligned with the given logs.

Detecting PowerShell usage. The statement points to sources that specifically reveal PowerShell activity—PowerShell transcript logs and Windows Event logs capture what commands were run, which scripts were loaded, and how PowerShell was used. That visibility is exactly what defenders rely on to spot malicious hosts trying to leverage PowerShell for intrusion, lateral movement, or payload download. The mention of the user agent string and IP addresses complements this by providing network indicators that can appear in PowerShell-driven web requests or remoting activity, helping to correlate host activity with external signals.

While broader concepts like internal reconnaissance or general CLI usage can be part of attacker behavior, the scenario described hinges on PowerShell-focused logs and indicators, making PowerShell detection the best fit. The HTTP User Agent angle is related to web traffic patterns but is not the primary source of the PowerShell activity described, so it’s less aligned with the given logs.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy