nerdexam
GIAC

GPEN · Question #279

GPEN Question #279: Real Exam Question with Answer & Explanation

The correct answer is D. Session hijacking. Antivirus software is a defensive tool for detecting and removing malware; session hijacking is an offensive network attack technique entirely outside its scope.

Question

Which of the following tasks is NOT performed by antiviruses?

Options

  • AActivity blocking
  • BHeuristic scanning
  • CIntegrity scanning
  • DSession hijacking

Explanation

Antivirus software is a defensive tool for detecting and removing malware; session hijacking is an offensive network attack technique entirely outside its scope.

Common mistakes.

  • A. Activity blocking is a standard antivirus capability that prevents suspicious or malicious processes from executing on the host based on behavioral rules.
  • B. Heuristic scanning is a core antivirus technique used to detect unknown or zero-day malware by analyzing code behavior and structure rather than relying solely on known signatures.
  • C. Integrity scanning is performed by antivirus software to detect unauthorized file modifications by comparing current file hashes or attributes against a trusted baseline.

Concept tested. Antivirus software capabilities versus offensive attack techniques

Reference. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/next-generation-protection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice