VMware Security Specialist — Question 5

Examine the following EDR query:
file_desc:`Windows Command Processor` AND -process_name:cmd.exe
Which process will show in the query results?

Answer options

• A. Any process named something other than cmd.exe with the file description of ג€Windows Command Processorג€
• B. Any process with the binary file description ג€Windows Command Processorג€
• C. Any process with the binary file description ג€Windows Command Processorג€ named cmd.exe
• D. Any process named cmd.exe

Correct answer: C

Explanation

The correct answer is C because the query specifies to find processes with the file description 'Windows Command Processor' while excluding any with the process name 'cmd.exe'. Therefore, option C correctly identifies that it will show processes named cmd.exe, which is excluded from the results. The other options either do not comply with the exclusion or misinterpret the query's intent.