Multiple Choice
A security analyst is investigating a malware infection that occurred on a Windows system. The system was not connected to a network and had no wireless capability. Company policy prohibits using portable media or mobile storage. The security analyst is trying to determine which user caused the malware to get onto the system. Which of the following registry keys would MOST likely have this information?
A) HKEY_USERS\<user SID>\Software\Microsoft\Windows\CurrentVersion\Run
B) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
C) HKEY_USERS\<user SID>\Software\Microsoft\Windows\explorer\MountPoints2
D) HKEY_USERS\<user SID>\Software\Microsoft\Internet Explorer\Typed URLs
E) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\iusb3hub
Correct Answer:
Verified
Correct Answer:
Verified
Q122: A security manager has asked an analyst
Q123: A security analyst has been alerted to
Q124: A cybersecurity analyst is reading a daily
Q125: A development team signed a contract that
Q126: Which of the following software security best
Q128: A development team is testing a new
Q129: A bad actor bypasses authentication and reveals
Q130: A monthly job to install approved vendor
Q131: An information security analyst observes anomalous behavior
Q132: A security analyst is investigating a compromised