nerdexam
ExamsGCIHQuestions#504
GIAC

GCIH · Question #504

GCIH Question #504: Real Exam Question with Answer & Explanation

The correct answer is B: A program that records user activity and sends logs to an external IP addresses. An Indicator of Compromise in an artifact or factor that can be measured on a system to identify the presence of a threat. A key logger that sends data to an external IP address is suspicious and should be investigated. A firewall rule on a web server that allows inbound TCP conn

Question

Which of the following is most likely to be an Indicator of Compromise (IOC)?

Options

  • AA firewall rule allowing inbound port 80 connections from external IP addresses
  • BA program that records user activity and sends logs to an external IP addresses
  • CAn employee request to install a computer game on a corporate laptop
  • DA workstation with an OS that is three versions behind the current patch release

Explanation

An Indicator of Compromise in an artifact or factor that can be measured on a system to identify the presence of a threat. A key logger that sends data to an external IP address is suspicious and should be investigated. A firewall rule on a web server that allows inbound TCP connections on port 80 is expected and normal. A workstation that hasn't been updated with the latest operating system patches may have an operational issue, but other factors are likely to contribute, and the computer itself is not an indicator of compromise.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice