GIAC
GCIH · Question #479
GCIH Question #479: Real Exam Question with Answer & Explanation
The correct answer is A: Sequence Number. Covert_TCP allows for transmitting information by entering ASCII data in the following TCP - TCP initial sequence number - TCP acknowledgement sequence number
Malware Analysis & Advanced Persistent Threats
Question
Which TCP header field is used by Covert_TCP to conceal ASCII data?
Exhibit
Options
- ASequence Number
- BUrgent Pointer
- CTCP Options
- DWindow Size
Explanation
Covert_TCP allows for transmitting information by entering ASCII data in the following TCP - TCP initial sequence number - TCP acknowledgement sequence number
Topics
#Covert_TCP#TCP sequence number#covert channel#data exfiltration
Community Discussion
No community discussion yet for this question.