GIAC-GCIH

After running the command shown below, which output field contains the user’s cleartext account name?aws sts get-caller-identity

What action is being performed in the following session?

What goal would an attacker achieve with the following Set of commands?

Which of the following is shown in the screenshot?

What does the term any instruct tcpdump to capture in the following command?tcpdump -A -i any 'port 21 && host 192.168.100.1'

A Windows workstation was clean a few days ago but now appears to be infected. Based on results from tasklist, which was run last week, which connection or connections shown in netstat -naob, run today, most likely indicates the host is now infected?

What is a common characteristic of both a watering hole attack and a drive-by attack?

What password attack uses a stolen password breach list?

Which of the following describes code wrapping?

A victim browses to a news aggregator website through a link sent to them by an attacker. The attacker then alters the page delivered to the victim's browser and includes malicious links. What flaw on the news aggregator website allowed this attack to happen?

Which Windows command cruted the output below?

An attacker at IP address 11.22.33.44 set up a reverse shell so he could execute commands on a server (internal IP address 192.168.20.21) that sits behind a site firewall blocking incoming SSH traffic but allowing all outbound traffic. What command would he run on the server?

Using the command below, to which share will the user be connected on 192.168.99.10?C:\> net use \\192.168.99.10

How do DNS tunneling tools like DNSCat2 avoid DNS caching?

Which tool can generate source code that can be used as a payload on a Windows system using the following command?msbuild.exe shellwrapper.csproj

Which file is critical to remove from a domain controller after a password audit?

An analyst finds that a malicious program contains the instructions add 10, eax followed by sub 10, eax. What technique was the attacker likely using?

How should an incident handler classify the following event shown in the output below?

Which of the following accounts is an Administrator account?

A popular forum for ICS professionals to discuss techniques includes code that loads scripts and ads from multiple external sites. How would an adversary leverage this forum to compromise ICS industry targets?

What john format should be specified to crack an 18 character Windows password?

You have gained access to a Linux box. Which of the following methods would enable you to launch attacks against other systems and send the sessions back to your home PC (10.2.200.1) without altering system config files on the Linux box that might alert the sysadmin?

Considering Volatility, why would psscan return more results than pslist?

An organization has an SSH server that was compromised. Given the following evidence, what most likely occurred?

For what purpose would an auditor obtain a copy of the /etc/passwd file for a password audit of a linux machine?

A consultant provides an organization with a report that contains their users' most popular passwords, data on password sharing, and a breakdown of password length by department. Which tool could generate this report?

Which command produced the following output?

Which of the processes, shown in the output below, should be prioritized for examination during live response?Command run: C:\> netstat -naob -Output: see screen capture (irrelevant lines of output omitted for space)

Which of the following statements describes the Volatility pstree plugin data shown in the image?