Which protocol enables running a payload on a remote Windows system to modify services and the registry for lateral movement?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which protocol enables running a payload on a remote Windows system to modify services and the registry for lateral movement?

Explanation:
Running a payload on a remote Windows system to modify services and the registry for lateral movement relies on a mechanism that can execute commands and scripts across hosts. Windows Remote Management enables remote PowerShell or command execution over the WS-Management protocol, making it a common path for attackers to push a payload, adjust services, or alter registry entries to achieve persistence and move laterally. It typically uses ports 5985 (HTTP) and 5986 (HTTPS) and relies on authenticated, encrypted sessions, which makes it suitable for remote administration as well as exploitation if exposed. The other options don’t fit: RemoteExec isn’t a native Windows remoting protocol; a keylogger is for capturing input; PC/BIOS Embedded is unrelated to network-based payload execution on Windows.

Running a payload on a remote Windows system to modify services and the registry for lateral movement relies on a mechanism that can execute commands and scripts across hosts. Windows Remote Management enables remote PowerShell or command execution over the WS-Management protocol, making it a common path for attackers to push a payload, adjust services, or alter registry entries to achieve persistence and move laterally. It typically uses ports 5985 (HTTP) and 5986 (HTTPS) and relies on authenticated, encrypted sessions, which makes it suitable for remote administration as well as exploitation if exposed. The other options don’t fit: RemoteExec isn’t a native Windows remoting protocol; a keylogger is for capturing input; PC/BIOS Embedded is unrelated to network-based payload execution on Windows.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy