nerdexam
GIAC

GCIH · Question #144

Your IDS discovers that an intruder has gained access to your system. You immediately stop that access, change passwords for administrative accounts, and secure your network. You discover an odd accou

Sign in or unlock GCIH to reveal the answer and full explanation for question #144. The question stem and answer options stay visible for context.

Incident Response & Cyber Kill Chain

Question

Your IDS discovers that an intruder has gained access to your system. You immediately stop that access, change passwords for administrative accounts, and secure your network. You discover an odd account (not administrative) that has permission to remotely access the network. What is this most likely?

Options

  • AAn example of privilege escalation.
  • BA normal account you simply did not notice before. Large networks have a number of
  • CA backdoor the intruder created so that he can re-enter the network.
  • DAn example of IP spoofing.

Unlock GCIH to see the answer

You've previewed enough free GCIH questions. Unlock GCIH for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Topics

#backdoor#persistence#post-exploitation#incident response
Full GCIH Practice