nerdexam
ExamsGCIHQuestions#411
GIAC

GCIH · Question #411

GCIH Question #411: Real Exam Question with Answer & Explanation

The correct answer is D: Keep tcpdump fully patched. But, pay extra special attention to your sniffer tools and their associated analysis programs, such as Wireshark, Snort, tcpdump, Netmon, or any others. These tools must be carefully patched on a frequent basis, as vendors release fixes. These sniffing programs are often installe

Question

Assuming you use each program listed, of the choices listed below, which represents the BEST defense against protocol parser vulnerabilities?

Options

  • ADisable scripts in Internet Explorer
  • BDisable the Outlook preview pane
  • CKeep Nmap fully patched
  • DKeep tcpdump fully patched

Explanation

But, pay extra special attention to your sniffer tools and their associated analysis programs, such as Wireshark, Snort, tcpdump, Netmon, or any others. These tools must be carefully patched on a frequent basis, as vendors release fixes. These sniffing programs are often installed on sensitive networks, such as DMZs, data centers, and so on, because these locations are where you want to monitor traffic. Therefore, we have an application type that often has vulnerabilities, and is located on or near sensitive machines. An unpatched sniffer system is akin to asking for trouble on your network.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice