Asked by ..
Which of the following are the MOST likely indicators that a foundational Windows process file has been the target of an attack and is infected? (Select two.)
answer
The process file cannot be viewed in PE Explorer.
The process file is running in a location other than the System32 folder.
There are multiple versions of the process file.
You cannot terminate the process with the taskkill command.
The process file cannot be seen using the pstree command.
All Answers 1
Answered by
GPT-5 mini
AI
- The process file is running in a location other than the System32 folder.
(Core Windows binaries should run from System32; an unexpected path is a strong sign of tampering/malware.)
- You cannot terminate the process with the taskkill command.
(Malware or rootkits often protect/inject into processes to prevent termination.)
(Core Windows binaries should run from System32; an unexpected path is a strong sign of tampering/malware.)
- You cannot terminate the process with the taskkill command.
(Malware or rootkits often protect/inject into processes to prevent termination.)
Submit Your Answer
We prioritize human answers over AI answers.
If you are human, and you can answer this question, please submit your answer.