CISSP

Study mode — explanations shown

1

Security Architecture and Engineering

hard

Refer to the exhibit. A security analyst detects unusual process creation. Which attack technique is most likely being observed?

Exhibit

// Windows Security Event Log excerpt
Log Name: Security
Event ID: 4672 (Special Logon)
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeTcbPrivilege

Event ID: 4688 (Process Creation)
Process Name: C:\Windows\System32\cmd.exe
Command Line: cmd.exe /c whoami
Parent Process: C:\Windows\System32\lsass.exe

Event ID: 4672 (Special Logon)
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeDebugPrivilege, SeTcbPrivilege
0 of 90 answered