Which attacker technique allows executing malicious programs at system startup to maintain persistence and enable remote execution?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which attacker technique allows executing malicious programs at system startup to maintain persistence and enable remote execution?

Explanation:
Establishing persistence by running at startup is a common attacker goal because it ensures a malicious program loads even after a reboot and can reconnect to a command-and-control host. Scheduling tasks leverages a built-in system mechanism (Task Scheduler on Windows) to start programs automatically at specific triggers, such as system startup or user logon. An attacker can create a task that launches the payload with elevated privileges or under a different user context, making the malware persist across reboots and enabling remote execution without any user action. Relaying isn’t about persisting software on the host; it’s about forwarding traffic or credentials between systems. Runas lets a user execute a program with different credentials but doesn’t by itself make the program run automatically after boot. Access Token Manipulation focuses on impersonating another user's identity to gain privileges, not on setting up a program to start at startup.

Establishing persistence by running at startup is a common attacker goal because it ensures a malicious program loads even after a reboot and can reconnect to a command-and-control host. Scheduling tasks leverages a built-in system mechanism (Task Scheduler on Windows) to start programs automatically at specific triggers, such as system startup or user logon. An attacker can create a task that launches the payload with elevated privileges or under a different user context, making the malware persist across reboots and enabling remote execution without any user action.

Relaying isn’t about persisting software on the host; it’s about forwarding traffic or credentials between systems. Runas lets a user execute a program with different credentials but doesn’t by itself make the program run automatically after boot. Access Token Manipulation focuses on impersonating another user's identity to gain privileges, not on setting up a program to start at startup.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy