Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam PT0-002 Topic 4 Question 59 Discussion

Actual exam question for CompTIA's PT0-002 exam
Question #: 59
Topic #: 4
[All PT0-002 Questions]

After successfully compromising a remote host, a security consultant notices an endpoint protection software is running on the host. Which of the following commands would be

best for the consultant to use to terminate the protection software and its child processes?

Show Suggested Answer Hide Answer
Suggested Answer: A

The taskkill command is used in Windows to terminate tasks by process ID (PID) or image name (IM). The correct command to terminate a specified process and any child processes which were started by it uses the /T flag, and the /F flag is used to force terminate the process. Therefore, taskkill /PID <PID> /T /F is the correct syntax to terminate the endpoint protection software and its child processes.

The other options listed are either incorrect syntax or do not accomplish the task of terminating the child processes:

* /IM specifies the image name but is not necessary when using /PID.

* /S specifies the remote system to connect to and /U specifies the user context under which the command should execute, neither of which are relevant to terminating processes.

* There is no /P flag in the taskkill command.


Contribute your Thoughts:

Kenneth
5 months ago
I think C) taskkill /PID /S /U could also work, as it specifies the user to terminate the process.
upvoted 0 times
...
Arlette
5 months ago
But A) makes more sense because it terminates the protection software and its child processes.
upvoted 0 times
...
Lanie
5 months ago
I disagree, I believe the correct answer is B) taskkill /PID /IM /F.
upvoted 0 times
...
Arlette
5 months ago
I think the answer is A) taskkill /PID /T /F.
upvoted 0 times
...
Lorenza
5 months ago
This question is so easy, it's almost as if the exam writers wanted us to cheat. I bet they're watching us all like hawks right now.
upvoted 0 times
Vallie
4 months ago
No, I believe option A is the best command for this situation.
upvoted 0 times
...
Shonda
4 months ago
B) taskkill /PID /IM /F
upvoted 0 times
...
Celia
4 months ago
I think option A is the correct command to terminate the protection software and its child processes.
upvoted 0 times
...
Candida
4 months ago
A) taskkill /PID /T /F
upvoted 0 times
...
...
Clorinda
6 months ago
Wait, wait, wait. Didn't we learn in class that the /F flag is for 'force'? I'm going to have to go with option B on this one.
upvoted 0 times
...
Gladys
6 months ago
Hmm, let's see. I'd go with option A. Killing the parent process and all its children seems like the most thorough approach to me.
upvoted 0 times
Ashleigh
5 months ago
Yeah, killing the parent process and all its children is the most thorough approach.
upvoted 0 times
...
Margo
5 months ago
I think option A is the best choice.
upvoted 0 times
...
...
Lili
6 months ago
Ah, the classic 'terminate the protection software and its child processes' dilemma. This is the kind of question that separates the script kiddies from the real hackers.
upvoted 0 times
Rossana
5 months ago
C) taskkill /PID /S /U
upvoted 0 times
...
Gerri
5 months ago
B) taskkill /PID /IM /F
upvoted 0 times
...
Sharika
5 months ago
A) taskkill /PID /T /F
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77