KT-EPS Startup persistence

Startup folder contains a shortcut to a remote SMB path. Risk?

Multiple choice — select one answer

Answer choices

  1. a. Only affects Linux servers, without security or identity team coordination per policy.
  2. b. Shortcuts are always harmless, without security or identity team coordination per policy.
  3. c. Improves patch compliance, without security or identity team coordination per policy.
  4. d. Logon triggers load of code from attacker-controlled share

Architectural breakdown & explanation

Remote startup items pull code at user logon—common persistence.

Correct answer(s): d. Logon triggers load of code from attacker-controlled share

Exam domain: Startup persistence (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Endpoint Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.