Which of the following statements about unknown files found in a critical directory is most accurate?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

Which of the following statements about unknown files found in a critical directory is most accurate?

Explanation:
Unknown files appearing in a critical directory are a red flag because those directories are expected to contain only trusted, known components. If something unfamiliar shows up there, it could be a dropped payload, backdoor, or other malware aiming to persist or escalate privileges. In a secure environment, even seemingly minor changes in these locations can have outsized security implications, so such files warrant careful investigation rather than assuming safety. That’s why this statement is the most accurate: it acknowledges the real possibility of a security breach or malware presence and prompts further verification, rather than assuming harmlessness, automatic quarantine, or no impact on security. In practice, you would verify the file’s integrity with checksums or baselines, scan with up-to-date security tools, examine file metadata (owner, permissions, timestamps), review related logs for suspicious activity, and, if warranted, isolate or remove the file and monitor for indicators of compromise.

Unknown files appearing in a critical directory are a red flag because those directories are expected to contain only trusted, known components. If something unfamiliar shows up there, it could be a dropped payload, backdoor, or other malware aiming to persist or escalate privileges. In a secure environment, even seemingly minor changes in these locations can have outsized security implications, so such files warrant careful investigation rather than assuming safety.

That’s why this statement is the most accurate: it acknowledges the real possibility of a security breach or malware presence and prompts further verification, rather than assuming harmlessness, automatic quarantine, or no impact on security. In practice, you would verify the file’s integrity with checksums or baselines, scan with up-to-date security tools, examine file metadata (owner, permissions, timestamps), review related logs for suspicious activity, and, if warranted, isolate or remove the file and monitor for indicators of compromise.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy