A WMI event subscription recreates malware after reboot. Why is this effective persistence?
Multiple choice — select one answer
Answer choices
Architectural breakdown & explanation
WMI persistence is stealthy; hunters search for suspicious consumers.
Correct answer(s): b. WMI subscriptions can trigger payloads without classic Run key visibility
Exam domain: Startup persistence (20% weight on the official guide).
Official documentation & study links
Practice this certification
This page is one question from the KeyTrain's Key Training — Endpoint Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.