Unauthorized changes such as new autorun keys or modified system binaries are indicators of malware persistence in which data areas?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Security Operations Exam with targeted practice questions. Enhance your understanding with detailed explanations and tips to successfully pass your exam!

Multiple Choice

Unauthorized changes such as new autorun keys or modified system binaries are indicators of malware persistence in which data areas?

Explanation:
The main idea here is that malware maintains persistence by altering data areas that the operating system loads at startup. Unauthorized changes like new autorun keys and modifications to system binaries are classic signs because they force code to run automatically when the machine boots or a user logs in. In Windows, autorun behavior is driven by entries in the Registry (such as Run keys), so adding or changing those keys is a direct way a threat ensures it starts again after reboots. Likewise, tampering with system binaries can replace or hook legitimate files, making the malicious code execute as part of normal system startup or during routine operations. These persistence techniques rely on the File System and the Registry—the data areas that the OS reads during boot and login. That’s why changes in these areas are strong indicators of malware persistence. The other options don’t fit because they involve network access controls, email routing, or printer configuration. Those areas don’t control how software persists across reboots, so they’re not the typical data areas malware uses for persistence.

The main idea here is that malware maintains persistence by altering data areas that the operating system loads at startup. Unauthorized changes like new autorun keys and modifications to system binaries are classic signs because they force code to run automatically when the machine boots or a user logs in. In Windows, autorun behavior is driven by entries in the Registry (such as Run keys), so adding or changing those keys is a direct way a threat ensures it starts again after reboots. Likewise, tampering with system binaries can replace or hook legitimate files, making the malicious code execute as part of normal system startup or during routine operations.

These persistence techniques rely on the File System and the Registry—the data areas that the OS reads during boot and login. That’s why changes in these areas are strong indicators of malware persistence.

The other options don’t fit because they involve network access controls, email routing, or printer configuration. Those areas don’t control how software persists across reboots, so they’re not the typical data areas malware uses for persistence.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy