An attacker successfully gained access to a remote Windows system and plans to install persistent backdoors on it. Before that, to avoid getting detec Set the registry value of HKLM∖SYSTEM∖CurrentControlSet∖Control∖FileSystem∖NtfsDisableLastAccessUpdate to 1 Run the command fsutil behavior set disablelastaccess 0 Run the command fsutil behavior set enablelastaccess 0 Set the registry value of HKLM∖SYSTEM∖CurrentControlSet∖Control∖FileSystem∖NtfsDisableLastAccessUpdate to 0

EC-Council: Computer Hacking Forensic Investigator(CHFI-V10)

Module 5 : Defeating Anti-forensics Techniques

Questions available : 49 You are not logged in.
Please Login for track your learning progress

Q. No: 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 |

Go to Question No.

Question No 34

If you want to share the link of this question, please click here to "Copy Question Link" and share that generated link. Link from URL may change in future.

Bookmark this Question

QID: 619

An attacker successfully gained access to a remote Windows system and plans to install persistent backdoors on it. Before that, to avoid getting detected in future, he wants to cover his tracks by disabling the last-accessed timestamps of the machine. What would he do to achieve this?

A: Set the registry value of HKLM∖SYSTEM∖CurrentControlSet∖Control∖FileSystem∖NtfsDisableLastAccessUpdate to 1

B: Run the command fsutil behavior set disablelastaccess 0

C: Run the command fsutil behavior set enablelastaccess 0

D: Set the registry value of HKLM∖SYSTEM∖CurrentControlSet∖Control∖FileSystem∖NtfsDisableLastAccessUpdate to 0

Explanation:
Reference https://www.techrepublic.com/article/tech-tip-disable-the-last-access-update/

WELCOME TO ONLINE EXAM PREPARATION SYSTEM

Join Online Exam

Certification Examinations