CompTIA CySA+ (CS0-003) — Question 143

An employee downloads a freeware program to change the desktop to the classic look of legacy Windows. Shortly after the employee installs the program, a high volume of random DNS queries begin to originate from the system. An investigation on the system reveals the following:

Add-MpPreference –ExclusionPath ‘%Program Files%\ksyconfig’

Which of the following is possibly occurring?

Answer options

• A. Persistence
• B. Privilege escalation
• C. Credential harvesting
• D. Defense evasion

Correct answer: D

Explanation

The command Add-MpPreference –ExclusionPath indicates that the software is likely attempting to evade detection by antivirus programs. This behavior aligns with defense evasion tactics, as the malware is trying to exclude itself from security scans. The other options do not fit the observed behavior of increasing DNS queries and modifying security settings.