GIAC Exam GCED Topic 7 Question 39 Discussion

Actual exam question for GIAC's GCED exam

Question #: 39
Topic #: 7

[All GCED Questions]

Why would an incident handler acquire memory on a system being investigated?

ATo determine whether a malicious DLL has been injected into an application

BTo identify whether a program is set to auto-run through a registry hook

CTo list which services are installed on they system

DTo verify which user accounts have root or admin privileges on the system

Show Suggested Answer

Suggested Answer: C

In a case study of a redirect tunnel set up on a router, some anomalies were noticed while watching network traffic with the TCPdump packet sniffer.

Packets going to port 25 (Simple Mail Transfer Protocol [SMTP] used by mail servers and other Mail Transfer Agents [MTAs] to send and receive e-mail) were apparently taking a different network path. The TLs were consistently three less than other destination ports, indicating another three network hops were taken.

Other IP header values listed, such as fragment offset. The acknowledgement number is a TCP, not IP, header field.

by Tegan at May 09, 2024, 05:10 PM

Limited Time Offer

25%

23 days ago

I think an incident handler would acquire memory to check for malicious DLLs.

upvoted 0 times

...