nerdexam
GIAC

GCFA · Question #1

GCFA Question #1: Real Exam Question with Answer & Explanation

The correct answer is C. Wiping the contents of the hard disk with zeros.. The bash loop alternately overwrites the entire hard disk with random data and then zeros, effectively destroying all data on the drive before the attacker disconnects.

Question

Adam, a malicious hacker has successfully gained unauthorized access to the Linux system of Umbrella Inc. Web server of the company runs on Apache. He has downloaded sensitive documents and database files from the computer. After performing these malicious tasks, Adam finally runs the following command on the Linux command box before disconnecting. for (( i = 0;i<11;i++ )); do dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda done Which of the following actions does Adam want to perform by the above command?

Options

  • AMaking a bit stream copy of the entire hard disk for later download.
  • BDeleting all log files present on the system.
  • CWiping the contents of the hard disk with zeros.
  • DInfecting the hard disk with polymorphic virus strings.

Explanation

The bash loop alternately overwrites the entire hard disk with random data and then zeros, effectively destroying all data on the drive before the attacker disconnects.

Common mistakes.

  • A. A bit-stream copy would read FROM the disk as input (dd if=/dev/hda of=<destination>), not write to it as output.
  • B. The command targets the raw block device /dev/hda, not any specific file path or log directory, so log files are not selectively deleted.
  • D. Writing zeros or random bytes to disk sectors does not constitute virus injection; no executable payload is being placed on the disk.

Concept tested. Destructive disk wiping using dd command

Reference. https://man7.org/linux/man-pages/man1/dd.1.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCFA Practice