CompTIA CySA+ (CS0-003) — Question 230

During normal security monitoring activities, the following activity was observed:

cd C:\Users\Documents\HR\Employees
takeown/f .*
SUCCESS:

Which of the following best describes the potentially malicious activity observed?

Answer options

• A. Registry changes or anomalies
• B. Data exfiltration
• C. Unauthorized privileges
• D. File configuration changes

Correct answer: C

Explanation

The command 'takeown' is used to take ownership of files, which suggests that the user is attempting to gain unauthorized privileges over the files in the specified directory. The other options do not fit the context, as there are no indications of registry changes, data being exfiltrated, or configuration changes to the files themselves.