nerdexam
ExamsGCIHQuestions#136
GIAC

GCIH · Question #136

GCIH Question #136: Real Exam Question with Answer & Explanation

The correct answer is D: It analyzes the nonstandard protocols, such as TFN2K and BO2K.. This question tests knowledge of the Trojan engine component in intrusion detection systems, which is specialized to detect traffic from known Trojan programs using nonstandard protocols.

Malware Analysis & Advanced Persistent Threats

Question

Which of the following statements is true about a Trojan engine?

Options

  • AIt limits the system resource usage.
  • BIt specifies the signatures that keep a watch for a host or a network sending multiple
  • CIt specifies events that occur in a related manner within a sliding time interval.
  • DIt analyzes the nonstandard protocols, such as TFN2K and BO2K.

Explanation

This question tests knowledge of the Trojan engine component in intrusion detection systems, which is specialized to detect traffic from known Trojan programs using nonstandard protocols.

Common mistakes.

  • A. Limiting system resource usage describes a function of resource throttling or rate-limiting controls, which is not a capability or purpose of a Trojan detection engine.
  • B. Watching for a host or network sending multiple packets matching signatures describes signature-based or threshold detection logic found in a general signature engine, not a Trojan-specific engine.
  • C. Detecting events that occur in a related manner within a sliding time interval describes the behavior of a correlation or anomaly-based detection engine, not a Trojan engine.

Concept tested. Trojan engine IDS detection of proprietary protocols

Topics

#Trojan#TFN2K#BO2K#covert channel protocols

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice
Which of the following statements is true about a Trojan engine? | GCIH Q#136 Answer | NerdExam