Security professionals can monitor the activities of an adversary by checking for unusual commands executed in the Batch scripts and PowerShell and by using packet capturing tools.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Security professionals can monitor the activities of an adversary by checking for unusual commands executed in the Batch scripts and PowerShell and by using packet capturing tools.

Explanation:
Monitoring for adversary activity during the reconnaissance phase involves looking for signs of information-gathering inside the environment and across the network. Unusual commands being executed in batch scripts and PowerShell are classic host-based indicators that an attacker is enumerating systems, collecting data, or testing defenses. When you add packet capturing into the mix, you gain visibility into suspicious network-level activity such as probing, unusual communication patterns, port scans, or beaconing that often accompanies early intrusion steps. Together, these signals point to internal reconnaissance—the adversary’s attempts to map out assets, services, and defenses before moving deeper. That broader focus on detecting attacker information-gathering activities within the network and endpoints is why internal reconnaissance detection is the best fit. The other options are narrower or misaligned with the described indicators. Focusing on the command-line interface or PowerShell alone misses the network-side signals captured by packet analysis. Proxy activity detection centers on external access paths and may not directly capture internal reconnaissance behaviors shown by scripted commands or internal traffic patterns.

Monitoring for adversary activity during the reconnaissance phase involves looking for signs of information-gathering inside the environment and across the network. Unusual commands being executed in batch scripts and PowerShell are classic host-based indicators that an attacker is enumerating systems, collecting data, or testing defenses. When you add packet capturing into the mix, you gain visibility into suspicious network-level activity such as probing, unusual communication patterns, port scans, or beaconing that often accompanies early intrusion steps. Together, these signals point to internal reconnaissance—the adversary’s attempts to map out assets, services, and defenses before moving deeper. That broader focus on detecting attacker information-gathering activities within the network and endpoints is why internal reconnaissance detection is the best fit.

The other options are narrower or misaligned with the described indicators. Focusing on the command-line interface or PowerShell alone misses the network-side signals captured by packet analysis. Proxy activity detection centers on external access paths and may not directly capture internal reconnaissance behaviors shown by scripted commands or internal traffic patterns.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy