SANS Hacker Tools, Techniques, Exploits and Incident Handling SEC504 Question # 2 Topic 1 Discussion

SEC504 Exam Topic 1 Question 2 Discussion:

Question #: 2

Topic #: 1

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Get Premium SEC504 Questions

Actual exam question for SANS SEC504 exam by Onyx1813 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

SANS Hacker Tools, Techniques, Exploits and Incident Handling SEC504 Question # 2 Topic 1 Discussion

SANS Hacker Tools, Techniques, Exploits and Incident Handling SEC504 Question # 2 Topic 1 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

SANS Hacker Tools, Techniques, Exploits and Incident Handling SEC504 Question # 2 Topic 1 Discussion

SANS Hacker Tools, Techniques, Exploits and Incident Handling SEC504 Question # 2 Topic 1 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval