GIAC
GCIH · Question #317
GCIH Question #317: Real Exam Question with Answer & Explanation
The correct answer is B: Covering tracks. In the malicious hacking methodology, covering tracks refers to any action taken to hide evidence of unauthorized access, including altering or deleting log files.
Incident Response & Cyber Kill Chain
Question
John is a malicious attacker. He illegally accesses the server of We-are-secure Inc. He then places a backdoor in the We-are-secure server and alters its log files. Which of the following steps of malicious hacking includes altering the server log files?
Options
- AMaintaining access
- BCovering tracks
- CGaining access
- DReconnaissance
Explanation
In the malicious hacking methodology, covering tracks refers to any action taken to hide evidence of unauthorized access, including altering or deleting log files.
Common mistakes.
- A. Maintaining access involves installing backdoors, rootkits, or Trojans to ensure continued entry into the system, not erasing evidence.
- C. Gaining access is the phase where vulnerabilities are exploited to initially compromise the target system.
- D. Reconnaissance is the information-gathering phase conducted before any intrusion attempt, involving scanning and footprinting.
Concept tested. Malicious hacking phases - covering tracks
Reference. https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/hacking-phases/
Topics
#covering tracks#log alteration#attack phases#cyber kill chain
Community Discussion
No community discussion yet for this question.