After successfully compromising a remote host, a security consultant notices an endpoint protection software is running on the host. Which of the following commands would be
best for the consultant to use to terminate the protection software and its child processes?
The taskkill command is used in Windows to terminate tasks by process ID (PID) or image name (IM). The correct command to terminate a specified process and any child processes which were started by it uses the /T flag, and the /F flag is used to force terminate the process. Therefore, taskkill /PID <PID> /T /F is the correct syntax to terminate the endpoint protection software and its child processes.
The other options listed are either incorrect syntax or do not accomplish the task of terminating the child processes:
* /IM specifies the image name but is not necessary when using /PID.
* /S specifies the remote system to connect to and /U specifies the user context under which the command should execute, neither of which are relevant to terminating processes.
* There is no /P flag in the taskkill command.
Rene
7 months agoHerman
7 months agoLatanya
7 months agoDeonna
8 months agoOlene
8 months agoErnestine
7 months agoCarol
7 months agoAlbina
8 months agoShenika
8 months agoKandis
8 months agoDesiree
8 months agoCandida
8 months agoDeonna
8 months ago