🔥 3-day streak
CompTIA CySA+ (CS0-003)137 / 147
Question 137 of 147
A CySA analyst is investigating a suspected fileless malware infection on a Windows workstation. The EDR alert references a suspicious PowerShell execution, but the analyst wants to confirm exactly what command-line arguments were passed to the process when it launched. Which data source, if properly configured with the appropriate audit policy, provides the most direct evidence of the full command line used to spawn the process?
Reviewed for accuracy · Report an issueNext question