GIAC Foundational Cybersecurity Technologies Practice Test

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the GIAC Foundational Cybersecurity Technologies Test. Explore quizzes and multiple-choice questions, each with hints and explanations. Get ready to excel in your exam!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

An alert indicates that a compromised host was used by an attacker to run a network scanning command such as nmap -sV or netstat -an. What was the attacker attempting to do?

  1. Map a network drive to a remote host

  2. Identify services running on network hosts

  3. Execute a script on a remote host

  4. Send spoofed packets to network hosts

The correct answer is: Identify services running on network hosts

The attacker was attempting to identify services running on network hosts, which is the primary function of the commands mentioned in the alert. Tools like nmap, particularly with the `-sV` option, are specifically designed to detect open ports and determine what services are active on those ports. This process provides valuable information about the system's configuration and vulnerabilities, ultimately aiding the attacker in planning further actions. By executing the `netstat -an` command, the attacker can view active network connections and listening ports, further allowing them to gather insight into the services operating on the compromised host. This reconnaissance step is crucial for attackers, as it informs their decisions on potential exploitation methods based on the detected services. In contrast, the other options do not align with the goals associated with running the specified commands. Mapping a network drive, executing scripts, or sending spoofed packets are not the direct functions or outcomes associated with either nmap or netstat's output. Thus, option B accurately captures the intent behind the attacker's actions.

More Questions Like This