GIAC
GCIH · Question #521
GCIH Question #521: Real Exam Question with Answer & Explanation
Sign in or unlock GCIH to reveal the answer and full explanation for question #521. The question stem and answer options stay visible for context.
Question
Which of the following methods is the most likely to detect a user mode rootkit?
Options
- ARun the strings command on the /bin/login binary
- BUse the fc command to compare the kernel to a known good version
- CRun a file integrity checker such as Tripwire or AIDE from read-only media
- DCompare the output of the Is command against that of the 鈥find鈥 command
Unlock GCIH to see the answer
You've previewed enough free GCIH questions. Unlock GCIH for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.