Crucial Exams

CompTIA Server+ SK0-005 Practice Question

A Windows Server 2022 file server begins generating excessive outbound traffic to an unfamiliar IP address, and users notice slower response times.

Using Task Manager, the administrator finds a process named svcsched.exe running under the LocalSystem account and taking 40 % CPU. The executable resides in C:\Users\Public\svcsched.exe and is not digitally signed. sc qc "Update Orchestrator" reveals that a service with that name launches the same binary and is set to Automatic (Delayed Start). Memory and log captures have already been saved for later forensic review.

Which action is the BEST next step to contain this rogue service while preserving evidence for follow-up analysis?

  • Delete svcsched.exe and reboot the server immediately.

  • Run Windows Update to apply missing patches.

  • Stop the Update Orchestrator service and set its startup type to Disabled.

  • Create an outbound firewall rule that blocks port 443 for the server.

CompTIA Server+ SK0-005
Troubleshooting
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
SAVE $47
CompTIA Server+ Voucher
v5 / SK0-005
$390.00 $343.00
SAVE $53
CompTIA Server+ Voucher with Retake
v5 / SK0-005
Includes Retake
$439.00 $386.00
Bash, the Crucial Exams Chat Bot
AI Bot