CompTIA Security+ (SY0-601) — Question 592

A security analyst is reviewing an IDS alert and sees the following:

C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe -noP -exe byPass -nonI -wind hidden -no1 -c dir;findstr /s maldinuv %USERPROFILE%\\*.lnk > %USERPROFILE%\Documents\iijlqe.ps1;%USERPROFILE%\Documents\iijlqe.psi;exit

Which of the following triggered the IDS alert?

Answer options

• A. Bluesnarfing attack
• B. URL redirection attack
• C. Fileless malware execution
• D. Macro-based denial of service

Correct answer: C

Explanation

The correct answer is C, as the command line indicates the execution of PowerShell with parameters that suggest an attempt to run fileless malware, which does not rely on traditional file storage. The other options, such as A (Bluesnarfing) and B (URL redirection), are unrelated to the command shown, while D (Macro-based denial of service) does not apply as there is no mention of macros in the command.