Free GCIH Exam Braindumps

You are a member of your organization’s IT Security Team. The following were found in the hosts file on a Windows workstation that is on your network. The system administrator thought these were “interesting” snippers from the hosts file. Which of the entries listed below are cause for further investigation?

  1. 4
  2. 3
  3. 1
  4. 2

Answer(s): C

Explanation:

Entries in the hosts file that map domain names to the local loopback address (127.0.0.1) are often entered by malware to prevent users from accessing well known anti-virus web sites after the computer has been infected.
#102.54.94.97 is a sample entry in a Windows 7 hosts file, while 127.0.0.1, 0.0.0.0, and ::1 are default entries in a Windows 7 hosts file.



An attacker issues the command shown below. Which of the following best describes what the attacker is attempting to do?

C:\> nc.exe –L –p 43567 –e cmd.exe

  1. Start a netcat listener on port 43567 that when connected to will provide access to the Windows Command Prompt
  2. Connect to a netcat listener with a process id of 43567 and subsequently receive access to the Windows Command Prompt
  3. Connect to a netcat listener on port 43567 and subsequently receive access to the Windows Command Prompt
  4. Start a netcat listener with a process id of 43567 that when connected to will provide access to the Windows Command Prompt

Answer(s): A

Explanation:

This command, when executed, will activate Netcat so that it listens persistently (-L) on TCP port 43567. When someone connects, the Netcat listener will run cmd.exe.



Free GCIH Exam Questions & Answers