Valid CAS-004 Dumps shared by ExamDiscuss.com for Helping Passing CAS-004 Exam! ExamDiscuss.com now offer the newest CAS-004 exam dumps, the ExamDiscuss.com CAS-004 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-004 dumps with Test Engine here:
A pharmaceutical company was recently compromised by ransomware. Given the following EDR output from the process investigation: On which of the following devices and processes did the ransomware originate?
Correct Answer: D
The EDR output shows the process tree of the ransomware infection. The root node is NO-AV.exe, which is a malicious executable that disables antivirus software and downloads the DearCry ransomware. The NO-AV. exe process was launched on cpt-ws026 by a user named John. The DearCry.exe process was then launched on cpt-ws026 by NO-AV.exe and propagated to other devices via SMB. Therefore, the ransomware originated from cpt-ws026 and NO-AV.exe. Verified References: * https://www.microsoft.com/security/blog/2021/03/12/analyzing-dearcry-ransomware-the-first-attack-to- exploit-exchange-server-vulnerabilities/ * https://www.crowdstrike.com/blog/dearcry-ransomware-analysis/