Computer Hacking Forensic Investigator (CHFI v10) — Question 426

In the event of a fileless malware attack, a Computer Hacking Forensics Investigator (CHFI) notes that the fileless malware has managed to persist even after the system reboots. What built-in Windows tool/utility might the attacker most likely have leveraged for this persistent behavior?

Answer options

• A. Windows Operation system components
• B. Windows Task Scheduler
• C. Windows AutoStart registry keys
• D. Windows Process Explorer

Correct answer: C

Explanation

The correct answer is C, as Windows AutoStart registry keys allow programs to run automatically at system startup, which is a common method for malware persistence. Options A and D do not specifically relate to persistence mechanisms, and while B (Windows Task Scheduler) can also be used for scheduled tasks, it is not as direct a method for ensuring persistence as the AutoStart registry keys.