The RasAuto service is described as what in the source material?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

Multiple Choice

The RasAuto service is described as what in the source material?

Explanation:
RasAuto is the Windows Remote Access Auto Connection Manager, which automatically establishes network connections (such as dial-up or VPN connections) when resources are accessed. The material describes it as a disabled service that is abused by a China-based APT. This matches the idea that, by default, the service isn’t active, but if an attacker needs covert network access, they can leverage or re-enable it to establish a connection for persistence or C2. The other options misstate its purpose (not Windows updates or printer management) and don’t align with the description of being disabled and used by a specific APT.

RasAuto is the Windows Remote Access Auto Connection Manager, which automatically establishes network connections (such as dial-up or VPN connections) when resources are accessed. The material describes it as a disabled service that is abused by a China-based APT. This matches the idea that, by default, the service isn’t active, but if an attacker needs covert network access, they can leverage or re-enable it to establish a connection for persistence or C2. The other options misstate its purpose (not Windows updates or printer management) and don’t align with the description of being disabled and used by a specific APT.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy