GCIH - Book 5 Exam Questions And Answers
Verified 100% Correct
The easiest way to hide files in UNIX is to name them... - ANSWER "." or ".." or " "
other popular locations include:
/dev
/temp
/etc
In UNIX, main log files can be found by viewing... - ANSWER /etc/sysog.conf
Shell history is written when the shell is exited. Recent commands are stored in RAM
until the shell is exited - ANSWER TRUE
kill -9 [pid] - ANSWER killing the shell, so that it cannot write the most recent shell
history
killall -9 bash - ANSWER kill bash shells
unset HISTFILE
kill -9 $$ - ANSWER changing the enviornment HISTFILE
utmp - ANSWER contains info about currently logged in users
/var/run/utmp
wtmp - ANSWER file contains data about past user logins
/var/log/wtmp
btmp - ANSWER file contains bad login entries for failed login attempts
/var/log/btmp
lastlog - ANSWER file shows login name, port and last login time for each user
/var/log/lastlog
to edit accounting files, an attacker must use a tool such as "remove" or "marry" -
ANSWER TRUE
File streaming applies only to NTFS partitions. It does not apply to FAT partitions -
ANSWER True
LADS - ANSWER a tool dedicated to finding alternate data streams in NTFS
, Streams - ANSWER a program that includes a very handy option for deleting a stream
without impacting the host file
By default in Windows, event logs are stored.... - ANSWER
C:\Windows\System32\winevt\Logs
Three primary Windows event types are stored temporarily in the following log files: -
ANSWER System.log
security.log
application.log
At a minimum, to erase traces of activity, an attacker would have to edit
BLANK -
ANSWER
Secevent.evt
Each log file is periodically overwritten into a .evt format automatically, in the
following
files: - ANSWER
sysevent.evtx
secevent.evtx
appevent.evtx
Tunneling - ANSWER one protocol is carried inside another protocol
i.e. carrying shell traffic inside ICMP packets
ptunnel - ANSWER carries TCP connections over ICMP Echo and Reply packets)
Loki - ANSWER carries shell between its linux client and linux server software using
ICMP echo and Reply packets
ICMPShell - ANSWER Linux shell tool
Pingchat - ANSWER a windows chat program that uses ICMP
ICMPCmd - ANSWER a windows shell tool using ICMP
ptunnel consists of two components - ANSWER client and proxy
Covert_TCP - ANSWER a tool that implements a covert channel using either the TCP
or IP header
Covert_TCP allows for transmitting information by entering ASCII in the following
TCP/IP header fields - ANSWER IP identification
TCP initial sequence number
TCP acknowledgment sequence number
Verified 100% Correct
The easiest way to hide files in UNIX is to name them... - ANSWER "." or ".." or " "
other popular locations include:
/dev
/temp
/etc
In UNIX, main log files can be found by viewing... - ANSWER /etc/sysog.conf
Shell history is written when the shell is exited. Recent commands are stored in RAM
until the shell is exited - ANSWER TRUE
kill -9 [pid] - ANSWER killing the shell, so that it cannot write the most recent shell
history
killall -9 bash - ANSWER kill bash shells
unset HISTFILE
kill -9 $$ - ANSWER changing the enviornment HISTFILE
utmp - ANSWER contains info about currently logged in users
/var/run/utmp
wtmp - ANSWER file contains data about past user logins
/var/log/wtmp
btmp - ANSWER file contains bad login entries for failed login attempts
/var/log/btmp
lastlog - ANSWER file shows login name, port and last login time for each user
/var/log/lastlog
to edit accounting files, an attacker must use a tool such as "remove" or "marry" -
ANSWER TRUE
File streaming applies only to NTFS partitions. It does not apply to FAT partitions -
ANSWER True
LADS - ANSWER a tool dedicated to finding alternate data streams in NTFS
, Streams - ANSWER a program that includes a very handy option for deleting a stream
without impacting the host file
By default in Windows, event logs are stored.... - ANSWER
C:\Windows\System32\winevt\Logs
Three primary Windows event types are stored temporarily in the following log files: -
ANSWER System.log
security.log
application.log
At a minimum, to erase traces of activity, an attacker would have to edit
BLANK -
ANSWER
Secevent.evt
Each log file is periodically overwritten into a .evt format automatically, in the
following
files: - ANSWER
sysevent.evtx
secevent.evtx
appevent.evtx
Tunneling - ANSWER one protocol is carried inside another protocol
i.e. carrying shell traffic inside ICMP packets
ptunnel - ANSWER carries TCP connections over ICMP Echo and Reply packets)
Loki - ANSWER carries shell between its linux client and linux server software using
ICMP echo and Reply packets
ICMPShell - ANSWER Linux shell tool
Pingchat - ANSWER a windows chat program that uses ICMP
ICMPCmd - ANSWER a windows shell tool using ICMP
ptunnel consists of two components - ANSWER client and proxy
Covert_TCP - ANSWER a tool that implements a covert channel using either the TCP
or IP header
Covert_TCP allows for transmitting information by entering ASCII in the following
TCP/IP header fields - ANSWER IP identification
TCP initial sequence number
TCP acknowledgment sequence number
