New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 212-89 Exam - Topic 3 Question 63 Discussion

Actual exam question for Eccouncil's 212-89 exam
Question #: 63
Topic #: 3
[All 212-89 Questions]

Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case,

he needs to collect volatile information such as running services, their process IDs,

startmode, state, and status.

Which of the following commands will help Clark to collect such information from

running services?

Show Suggested Answer Hide Answer
Suggested Answer: C

WMIC (Windows Management Instrumentation Command-line) is a command-line tool that provides a unified interface for Windows management tasks, including the collection of system information. It allows administrators and forensic investigators to query the live system for information about running services, their process IDs, start modes, states, and statuses, among other data. The use of WMIC is particularly valuable in incident response scenarios for gathering volatile information from a system without having to install additional software, which might alter the state of the system being investigated. By executing specific WMIC commands, Clark can extract detailed information about the services running on a system at the time of the investigation, making it an essential tool for collecting volatile data in a forensically sound manner.


by Jeniffer at Aug 03, 2024, 04:27 PM

Limited Time Offer

25%

Off

Get Premium 212-89 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Nieves
3 months ago
I thought Openfiles was the one for running services?
upvoted 0 times
...
Gwenn
3 months ago
netstat --ab is useful too, but not for services specifically.
upvoted 0 times
...
Shenika
3 months ago
Wait, are we sure wmic is still supported?
upvoted 0 times
...
Camellia
4 months ago
Definitely agree, wmic is the go-to for that info!
upvoted 0 times
...
Jackie
4 months ago
I think the right command is wmic.
upvoted 0 times
...
Earlean
4 months ago
I recall a similar question where `wmic` was the answer for collecting process details. It makes sense here too.
upvoted 0 times
...
Skye
4 months ago
I feel like `openfiles` might show some file handles, but it doesn't seem right for services.
upvoted 0 times
...
Sena
4 months ago
I'm not entirely sure, but I remember `netstat` being used for network connections, not really for services.
upvoted 0 times
...
Jessenia
5 months ago
I think the `wmic` command is the one we practiced for gathering information about running services. It seems to fit what Clark needs.
upvoted 0 times
...
Veronika
5 months ago
Ah, I think I've got it! The wmic command is definitely the way to go. It's a powerful tool for querying system information, and it should give Clark all the data he needs to collect the volatile information. I'm confident this is the right answer.
upvoted 0 times
...
Buffy
5 months ago
I've got a good feeling about the netstat --ab command. That should provide the process IDs and other details that Clark needs to investigate the cybercrime case. I'm going to go with that option.
upvoted 0 times
...
Chantay
5 months ago
Okay, let's see... I'm pretty sure the wmic command is the way to go here. It should give us all the details on the running services that Clark is looking for.
upvoted 0 times
...
Mitzie
5 months ago
Hmm, this seems like a tricky one. I'll need to think carefully about the different command options and which one would be most useful for collecting the volatile information Clark needs.
upvoted 0 times
...
Kaitlyn
5 months ago
I'm a bit confused by this question. I'm not sure if openfiles or net file would be the right choice for this scenario. Maybe I should review my notes on Windows command-line tools again.
upvoted 0 times
...
Alfred
5 months ago
I'm pretty confident that the answer is A. Exploit prevention software would likely conflict with the Traps agent since they both deal with security and could interfere with each other's functionality.
upvoted 0 times
...
Bobbye
1 year ago
C) wmic is the way to go, but I hope Clark has a cup of coffee handy. That command can be a real data firehose!
upvoted 0 times
...
Sabine
1 year ago
As a cybercrime investigator, Clark needs all the intel he can get. C) wmic is the way to go - it's like having a cheat sheet for the system.
upvoted 0 times
...
Linn
1 year ago
C) wmic is the clear winner. It's like having a crystal ball that reveals all the secrets of the running services.
upvoted 0 times
Colene
1 year ago
C) wmic
upvoted 0 times
...
Nydia
1 year ago
B) netstat --ab
upvoted 0 times
...
Cordelia
1 year ago
A) Openfiles
upvoted 0 times
...
...
Dorthy
2 years ago
B) netstat --ab might also be useful, but I think C) wmic is the most comprehensive option here.
upvoted 0 times
Ernie
1 year ago
I think A) Openfiles could also be helpful in this situation.
upvoted 0 times
...
Mitsue
1 year ago
I agree, C) wmic is the best option for collecting that information.
upvoted 0 times
...
...
Lashon
2 years ago
I think 'net file' could also be a potential command for collecting the required information.
upvoted 0 times
...
Rueben
2 years ago
Definitely C) wmic. It's the Swiss Army knife of service management commands. Clark will be able to collect all that juicy data in no time.
upvoted 0 times
...
Krissy
2 years ago
I think 'Openfiles' might also be a good option for Clark to use in this situation.
upvoted 0 times
...
Michell
2 years ago
Looks like C) wmic is the way to go. That command can give us all the details we need on running services.
upvoted 0 times
Vesta
2 years ago
Yes, wmic will provide us with all the necessary details about the running services.
upvoted 0 times
...
Willie
2 years ago
I think wmic is the most efficient command for this task.
upvoted 0 times
...
Lizbeth
2 years ago
I agree, wmic is definitely the best option for collecting information on running services.
upvoted 0 times
...
...
Kimbery
2 years ago
I disagree, I believe the command 'wmic' would be more suitable for collecting that information.
upvoted 0 times
...
Denae
2 years ago
I think the command 'netstat --ab' will help Clark collect the information he needs.
upvoted 0 times
...

Save Cancel