A security analyst observes the following events in the logs of an employee workstation: 1/23 1:07:16 865 Access to C:\Users\user\temp\oasdfkh.hta has been restricted by your administrator by the default restriction policy level. 1/23 1:07:09 1034 The scan completed. No detections were found. The security analyst reviews the file system and observes the following: C:\>dir C:\ Users\user\temp 1/ 23 1: 07: 02 oasdfkh.hta 1/ 23 1: 07: 02 update.bat 1/ 23 1: 07: 02 msg.txt Given the information provided, which of the following MOST likely occurred on the workstation?

Correct Answer is : Application whitelisting controls blocked an exploit payload from executing.

Application whitelisting controls blocked an exploit payload from executing.

Antivirus software found and quarantined three malware files.

Automatic updates were initiated but failed because they had not been approved.

The SIEM log agent was not tuned properly and reported a false positive.

Comp TIA Security + Certification Questions Part 1

Question : 47 of 60

Marks: +1, -0

A security analyst observes the following events in the logs of an employee workstation:

`1/23`	`1:07:16`	`865`	`Access to C:\Users\user\temp\oasdfkh.hta has been restricted by your administrator by the default restriction policy level.`
`1/23`	`1:07:09`	`1034`	`The scan completed. No detections were found.`

The security analyst reviews the file system and observes the following:
C:\>dir
C:\ Users\user\temp
1/ 23 1: 07: 02 oasdfkh.hta
1/ 23 1: 07: 02 update.bat
1/ 23 1: 07: 02 msg.txt
Given the information provided, which of the following MOST likely occurred on the workstation?

Application whitelisting controls blocked an exploit payload from executing.
Antivirus software found and quarantined three malware files.
Automatic updates were initiated but failed because they had not been approved.
The SIEM log agent was not tuned properly and reported a false positive.

Validate

Go to Question:

Prev Question

Next Question