GAQM CPEH-001 Exam - Topic 6 Question 51 Discussion

Actual exam question for GAQM's CPEH-001 exam

Question #: 51
Topic #: 6

Joe the Hacker breaks into XYZ's Linux system and plants a wiretap program in order to sniff passwords and user accounts off the wire. The wiretap program is embedded as a Trojan horse in one of the network utilities. Joe is worried that network administrator might detect the wiretap program by querying the interfaces to see if they are running in promiscuous mode.

What can Joe do to hide the wiretap program from being detected by ifconfig command?

ABlock output to the console whenever the user runs ifconfig command by running screen capture utiliyu

BRun the wiretap program in stealth mode from being detected by the ifconfig command.

CReplace original ifconfig utility with the rootkit version of ifconfig hiding Promiscuous information being displayed on the console.

DYou cannot disable Promiscuous mode detection on Linux systems.

Show Suggested Answer

Suggested Answer: C

The normal way to hide these rogue programs running on systems is the use crafted commands like ifconfig and ls.

by Melissa at May 06, 2022, 08:13 PM

Limited Time Offer

25%

Off

Get Premium CPEH-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Merlyn

4 months ago

B seems like a solid choice, stealth mode is key.

upvoted 0 times

...

Veronika

4 months ago

Surprised that people think you can’t disable detection at all!

upvoted 0 times

...

Harris

4 months ago

A sounds too risky, blocking output could raise suspicion.

upvoted 0 times

...

Jin

4 months ago

I think D is misleading, there are ways to hide it.

upvoted 0 times

...

Raymon

5 months ago

C is the best option, definitely a classic rootkit move.

upvoted 0 times

...

Julene

5 months ago

I feel like I've read that you can't completely disable Promiscuous mode detection on Linux. That makes this question tricky!

upvoted 0 times

...

Karma

5 months ago

I practiced a question like this where stealth mode was mentioned. I wonder if that's what Joe should consider doing.

upvoted 0 times

...

Boris

5 months ago

I'm not entirely sure, but I think blocking output to the console could be a temporary fix. It seems risky though.

upvoted 0 times

...

Elenora

5 months ago

I remember something about rootkits being able to replace system utilities. That might be a way to hide the wiretap from ifconfig.

upvoted 0 times

...

Iluminada

5 months ago

This seems like a straightforward question about email marketing terminology. I'm pretty confident I know the answer, but I'll double-check my notes just to be sure.

upvoted 0 times

...

Ceola

5 months ago

Hmm, I'm a bit confused here. I'm not sure if the kubectl logs command would work for all the clusters, or if I need to do something else to get the logs from multiple clusters. Maybe B or D would be a better option?

upvoted 0 times

...

Harrison

5 months ago

I'm a bit unsure about this one. All of these project management concepts seem related to schedule development, so it's hard for me to quickly identify which one is the odd one out. I'll have to carefully consider the definitions of each input to make the right call.

upvoted 0 times

...

Leonida

5 months ago

This is a tricky one. I'm leaning towards C, since employees would need to follow the local privacy regulations where they're working. But the BCRs are the main thing, so I'm a bit conflicted. Guess I'll have to make an educated guess on this one.

upvoted 0 times

...