GIAC Certified Incident Handler (GCIH) — Question 120

What tool would an incident handler use to search for all autostart extensibility points (ASEPs) on a Windows host?

Answer options

• A. Windows Firewall
• B. Windows Event Viewer
• C. regedit
• D. autoruns

Correct answer: D

Explanation

The correct answer is D, autoruns, as it specifically identifies all autostart locations and the programs associated with them on a Windows machine. While regedit can be used to manually explore the registry for ASEPs, it is not as efficient or comprehensive as autoruns, and the other options do not focus on autostart points at all.