Which Windows service, abbreviated as 'RasAuto' in the material, is described as being abused by a China-based APT when disabled?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the SANS FOR508 Exam. Use flashcards and multiple-choice questions, each with hints and explanations. Maximize your readiness for the test!

Multiple Choice

Which Windows service, abbreviated as 'RasAuto' in the material, is described as being abused by a China-based APT when disabled?

Explanation:
The concept here is that Windows services used for automatic remote access can be abused to gain stealthy, persistent connectivity. RasAuto, the Remote Access Auto Connection Manager, is responsible for automatically dialing or establishing VPN/remote access connections without user intervention. Because it can trigger network connections on its own, attackers can exploit or manipulate it to maintain covert remote access or persistence even when defenses try to disable other entry points. The material’s note about a China-based APT abusing RasAuto when it’s disabled highlights how this automatic connection capability can be leveraged by adversaries. The other services have different roles: RasMan is a manager of remote connections but doesn’t itself initiate auto connections; NetLogon handles domain authentication; Dnscache caches DNS entries. Thus RasAuto is the one most described as being abused in this context.

The concept here is that Windows services used for automatic remote access can be abused to gain stealthy, persistent connectivity. RasAuto, the Remote Access Auto Connection Manager, is responsible for automatically dialing or establishing VPN/remote access connections without user intervention. Because it can trigger network connections on its own, attackers can exploit or manipulate it to maintain covert remote access or persistence even when defenses try to disable other entry points. The material’s note about a China-based APT abusing RasAuto when it’s disabled highlights how this automatic connection capability can be leveraged by adversaries. The other services have different roles: RasMan is a manager of remote connections but doesn’t itself initiate auto connections; NetLogon handles domain authentication; Dnscache caches DNS entries. Thus RasAuto is the one most described as being abused in this context.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy