nerdexam
ExamsGCIHQuestions#347
GIAC

GCIH · Question #347

GCIH Question #347: Real Exam Question with Answer & Explanation

The correct answer is A: Byte offset 8-11. Covert_TCP allows for transmitting information by entering ASCII data in the following TCP - TCP initial sequence number - TCP acknowledgement sequence number The image reveals that these fields are in Byte offsets 4-7 and 8-11.

Malware Analysis & Advanced Persistent Threats

Question

Covert_TCP will use which of the following byte offsets on the TCP header to carry ASCII data?

Exhibit

GCIH question #347 exhibit

Options

  • AByte offset 8-11
  • BByte offset 20-23
  • CByte offset 14 and 15
  • DByte offset 18 and 19

Explanation

Covert_TCP allows for transmitting information by entering ASCII data in the following TCP - TCP initial sequence number - TCP acknowledgement sequence number The image reveals that these fields are in Byte offsets 4-7 and 8-11.

Topics

#Covert_TCP#TCP header offsets#covert channel#data exfiltration

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice