GIACCertified Forensics Analyst GCFA Question # 10 Topic 2 Discussion

GCFA Exam Topic 2 Question 10 Discussion:

Question #: 10

Topic #: 2

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Get Premium GCFA Questions

Actual exam question for GIAC GCFA exam by Riven30265 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

GIACCertified Forensics Analyst GCFA Question # 10 Topic 2 Discussion

GIACCertified Forensics Analyst GCFA Question # 10 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

GIACCertified Forensics Analyst GCFA Question # 10 Topic 2 Discussion

GIACCertified Forensics Analyst GCFA Question # 10 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval