In: Other
Malware is suspected on a server in the environment. The analyst
is provided with the output of commands
from servers in the environment and needs to review all output
files in order to determine which process
running on one of the servers may be malware.
Instructions:
Servers 1, 2 and 4 are clickable. Select the Server which hosts the
malware, and select the process which
hosts this malware.
If any time you would like to bring back the initial state of the
simulation, please select the Reset button. When
01FBAEF084FA42B3BDA0C32C94CD0BF3
you have completed the simulation, please select the Done button to
submit. Once the simulation is submitted, please select the Next
button to continue.
Have to pick either server 1, server 2, or server 4. Than pick one process from the process list.
The correct answer to the question is Server 4 & the process infected is Svchost.exe
Explaination:-
As per the question in logical perspective, server can be the webserver where svchost.exe is listening to different port rather than 443 & server 1(on DMZ) is trying to access internal network on Server4 [which is malicious]