GIAC-GCIH

An investigator performing an initial analysis of a memory image identified a suspicious URL while using the strings utility. A second investigator attempting to recreate the results cannot find the same URL when executing the command below. What could be the cause?$ strings CASE-43110.mem > case-43110.strings.txt

The tools and techniques used in memory analysis closely resembles which other type of investigation?

Which of the following Metasploit module types would contain scanning capabilities?

Which of the following persistence techniques will be identified using the Autoruns utility?

What is the destination endpoint host for the SSH session shown below?ssh - L 1777:192.168.1.80:23 [email protected]

Which of the following files would grow to a large size as a result of a brute force attack?

Which malware investigation approach provides a detailed log of a system’s file system, network, registry and process activities?

Which PowerShell cmdlet will display the command line parameters used to launch a Windows process?

Which of the following logs could be queried to identify Azure, Amazon and Google storage use in an organization?

What is the outcome of the command below?hashcat -m 0 -a 3 ntds.dat --potfile-path ntds.potfile -1 ?d?d?d?d?d?d

What hash type is being cracked in the command below?hashcat -m 1800 -a 0 customer.ntds wordlist.txt --potfile-path ./hashcat.potfile

What UNIX component can be used to enforce password complexity requirements?

Which web application log keyword would be associated with a SQL injection attack?

Which endpoint security bypass technique leverages existing system tools instead of adding executable?

Based on the nmap data in the screenshot the analyst would choose which IP address for a DNS attack?

An attacker is hoping to discover as many IP addresses associated with a target domain as possible. Which command would be helpful?

The following output shows reconnaissance activity against which platform?

A security examiner has been given permission by senior management to conduct a password audit. What should the examiner ensure after the process completes?

What is downloaded when the following command is executed?$ bucket_finder.rb words --download

Which Windows process would an attacker target to steal credentials from a user who logs into applications with a Password Manager?

What is the first decision point of an incident investigation?

While examining multiple compromised systems, an investigator lists a priority for each machine based on executive input and the type of service and data each machine provides the organization. Which investigative technique does this describe?

Which activity helps readdress security tasks identified in past incident reports?

What is the Linux administrator doing with the commands below?$ rpcclient -U fezzik florinrpcclient $> enumdomusers

Which of the following can the rpcclient application do?

What task is a Windows administrator performing with the command below, executed from a file server with an IP address of 46.95.101.82?C:\> net session \\46.95.101.109 /del

How does the use of endpoint application allow lists impact malware attacks against the system?

What shortcoming of the traditional PICERL incident response model is addressed by adopting a dynamic incident response model like DAIR?

Which of the following SSH commands will start a SOCKS proxy server on the local system?

A web application receives the following input from a malicious request. What is the attacker attempting to do?select accountbalance from user where name = jake' OR 'z'='z';