GIAC-GCIH

What information is commonly found in both the header and the possession log of a Chain of Custody?

Which of the following Metasploit module types would contain privilege escalation capabilities?

Which of the following describes a suspicious event in the service data below? root@kali:~/volatility# ./vol.py -f ../mem/Desk005.vmem svcscan

Which file contains information about failed login attempts on a Unix system?

What is one of the simplest AND most common ways for an attacker to camouflage files on a UNIX system? E. Install a kernel-level rootkit

Which of the following packets saved in the file pingout.pcap would be returned with the following Berkley Packet Filters? tcpdump -nn -r pingout.pcap `˜icmp and (dst host 8.8.8.8)'

During the identification phase of a Web server compromise, you notice the following entries in the web server logs. If "admin" is a valid username, but its corresponding password is not "pass1", and "root" is not a valid username, what can you infer solely from these logs?

Which of the following Volatility commands will display the date and time an image was collected?

How would an attacker hide an executable from being viewed by Windows Explorer?

Which is the normal response from live hosts to the discovery packets sent during a default Nmap sweep?

Where would salted hashes be found on a Linux machine?

A fake installer exploit is delivered using which attack?

A company was a victim of bucket squatting. What process would help to prevent this type of attack?

Which encryption algorithm was replaced with the introduction of the /etc/shadow file in the Linux OS?

What can a Linux administrator use to take advantage of RADIUS?

An organization needs to protect its PHP web applications from Cross-Site Scripting attacks. Which action should they take?

The provided screenshot shows output from running the SysInternals "Strings" command against a suspected malware executable. Which of the following strings indicate that the attacker is attempting to gain persistence on the target system?

An attacker needs to relay SMB requests to another system outside of the local subnet using Responder. Which command arguments will achieve this goal?

A spike in Event ID 4625 is found in Windows event logs. Looking at individual accounts across the domain, no more than 5 failed logins are found for any single account. What is a likely explanation for this?

What is the size of the data transferred in the following Squid access log?

Inspecting developer code for functions like system, exec, and popen is recommended to reduce the likelihood of what type of public-facing attack?

Which of the following natively supports SMB encryption?

Which persistence mechanism will evade detection by Sysinternals AutoRuns?

Which attack technique does the enabled setting in the screenshot mitigate?

A security team is actively monitoring windows event IDs 4634, 4688, and 4697. Which persistence mechanism will they detect with this approach?

Which netcat command will listen on port 2222 for connections from a remote system (10.0.0.1)?

A popular forum, where ICS techniques are discussed, loads scripts and ads from multiple external sites. Which attack can an adversary use to leverage this situation to attack this particular industry?

What tool would an incident handler use to search for all autostart extensibility points (ASEPs) on a Windows host?

What action does the following command perform?C:\DefenderCheck.exe .\giac1.exe

Which of the following dumped hashes would be most useful to an attacker?