GIAC Certified Incident Handler (GCIH) — Question 109

Which persistence mechanism will evade detection by Sysinternals AutoRuns?

Answer options

• A. Configuring scheduled tasks
• B. Adding user accounts
• C. New service creation
• D. WMI event subscription

Correct answer: B

Explanation

Creating user accounts allows for persistence that is not typically monitored by tools like Sysinternals AutoRuns. In contrast, configuring scheduled tasks, creating new services, and subscribing to WMI events are all methods that can be detected and analyzed by AutoRuns.