Which indicators are found by performing an analysis of the infected system within the organizational network, including filenames, file hashes, registry keys, DLLs, and mutex?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which indicators are found by performing an analysis of the infected system within the organizational network, including filenames, file hashes, registry keys, DLLs, and mutex?

Explanation:
When you analyze an infected host, you’re looking at static traces left on that system. The items you mentioned—filenames, file hashes, registry keys, DLLs, and mutex names—are direct evidence found on the machine itself. These are host-based indicators, because they reflect artifacts present on a specific host that reveal the compromise. Behavioral indicators, by contrast, describe the attacker’s actions over time or patterns of activity (what the malware does in sequence, unusual process behavior, network patterns, etc.), rather than the actual on-disk artifacts. So, the indicators described are host-based indicators — the concrete evidence on the infected host that helps identify and respond to the compromise.

When you analyze an infected host, you’re looking at static traces left on that system. The items you mentioned—filenames, file hashes, registry keys, DLLs, and mutex names—are direct evidence found on the machine itself. These are host-based indicators, because they reflect artifacts present on a specific host that reveal the compromise.

Behavioral indicators, by contrast, describe the attacker’s actions over time or patterns of activity (what the malware does in sequence, unusual process behavior, network patterns, etc.), rather than the actual on-disk artifacts.

So, the indicators described are host-based indicators — the concrete evidence on the infected host that helps identify and respond to the compromise.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy