Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

GIAC Exam GSNA Topic 2 Question 21 Discussion

Actual exam question for GIAC's GSNA exam
Question #: 21
Topic #: 2
[All GSNA Questions]

You are concerned about rootkits on your network communicating with attackers outside your network. Without using an IDS how can you detect this sort of activity?

Show Suggested Answer Hide Answer
Suggested Answer: D

Firewall logs will show all incoming and outgoing traffic. By examining those logs you can detect anomalous traffic, which can indicate the presence of malicious code such as rootkits.

Answer B is incorrect. While an IDS might be the most obvious solution in this scenario, it is not the only one.

Answer C is incorrect. It is very unlikely that anything in your domain controller logs will show the presence of a rootkit, unless that

rootkit is on the domain controller itself.

Answer A is incorrect. A DMZ is an excellent firewall configuration but will not aid in detecting rootkits.


by Kanisha at May 06, 2022, 02:39 PM

Limited Time Offer

25%

Off

Get Premium GSNA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!


Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77