Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCED Exam - Topic 3 Question 29 Discussion

Actual exam question for GIAC's GCED exam
Question #: 29
Topic #: 3
[All GCED Questions]

What would a penetration tester expect to access after the following metasploit payload is delivered successfully?

Set PAYLOAD windows / shell / reverse _ tcp

Show Suggested Answer Hide Answer
Suggested Answer: A

A company needs to classify its information as a key step in valuing it and knowing where to focus its protection.

Rotation of duties and separation of duties are both key elements in reducing the scope of information access and the ability to conceal malicious behavior.

Separation of duties helps minimize ''empire building'' within a company, keeping one individual from controlling a great deal of information, reducing the insider threat.

Security awareness programs can help other employees notice the signs of an insider attack and thus reduce the insider threat.

Detection is a reactive method and only occurs after an attack occurs. Only preventative methods can stop or limit an attack.


by Annelle at Nov 21, 2023, 05:33 PM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Paris
6 months ago
Wait, can you really expect that from this payload?
upvoted 0 times
...
Elliot
6 months ago
100% agree, it's a command prompt!
upvoted 0 times
...
Hollis
6 months ago
A netcat listener? Not sure about that one.
upvoted 0 times
...
Vonda
7 months ago
I thought it would be a meterpreter prompt?
upvoted 0 times
...
Benedict
7 months ago
Definitely a command prompt on the target.
upvoted 0 times
...
Abel
7 months ago
I feel like I’ve seen a question like this before, and it was definitely about getting a meterpreter session, but I can't recall the specifics.
upvoted 0 times
...
Solange
7 months ago
I’m a bit confused; I thought reverse TCP was more about establishing a shell, so maybe it’s the command prompt option?
upvoted 0 times
...
Glennis
8 months ago
I remember practicing with Metasploit, and I feel like the meterpreter prompt is what we usually get, but this one seems different.
upvoted 0 times
...
Chun
8 months ago
I think the reverse TCP payload is supposed to give us a command prompt on the target, but I'm not entirely sure.
upvoted 0 times
...
Jacklyn
8 months ago
The key here is to pay attention to the specific payload being used. A reverse TCP shell should give you a command prompt on the target, so I'm going to go with that option.
upvoted 0 times
...
Julio
8 months ago
Wait, is it a meterpreter prompt? I'm a little confused about the different types of payloads and what they give you access to. I'll have to review my notes on this.
upvoted 0 times
...
Malika
8 months ago
Hmm, I'm not too sure about this. The Metasploit commands can get a bit tricky sometimes. I'll have to think this through carefully.
upvoted 0 times
...
Alpha
8 months ago
This looks like a pretty straightforward Metasploit question. I'm pretty confident I can handle this one.
upvoted 0 times
...
Joye
8 months ago
Okay, let's see. The payload is set to "windows/shell/reverse_tcp", so I'm guessing we're looking for a command prompt on the target system. I think I've got this.
upvoted 0 times
...
Alisha
8 months ago
I'm a bit confused by the specifics of this setup. I'll need to review my networking notes to make sure I understand the requirements.
upvoted 0 times
...
Devora
8 months ago
Not so fast. While end-users are important, I don't think they're the only stakeholders involved. Budget holders and other internal stakeholders likely play a role as well.
upvoted 0 times
...
Jackie
8 months ago
I'm a little confused by the options. Is B correct, using the pipe to send messages to both the log file and the virtual console? Or is that not the right approach? I'll have to review my syslog notes to be sure.
upvoted 0 times
...
Julian
1 year ago
Wait, is this a trick question? I bet the correct answer is actually a surprise zombie apocalypse scenario. Better stock up on canned goods just in case.
upvoted 0 times
...
Art
1 year ago
VNC server session? Are you kidding me? I'm gonna get that sweet, sweet meterpreter shell, baby!
upvoted 0 times
Farrah
12 months ago
I agree, meterpreter is much more powerful than VNC server session.
upvoted 0 times
...
Arlette
1 year ago
Yeah, meterpreter is definitely the best option for a penetration tester.
upvoted 0 times
...
Evangelina
1 year ago
I'm with you on that one! Meterpreter is the way to go.
upvoted 0 times
...
...
Kerrie
1 year ago
Haha, netcat listener? What is this, the 90s? C'mon, we all know it's meterpreter all the way!
upvoted 0 times
Malinda
12 months ago
Agreed, meterpreter is the go-to for penetration testers.
upvoted 0 times
...
Alaine
1 year ago
Definitely, meterpreter gives you so much more control.
upvoted 0 times
...
Kimberely
1 year ago
Yeah, netcat is old school. Meterpreter is the way to go.
upvoted 0 times
...
...
Kizzy
1 year ago
I'm going with D. A good old command prompt is all I need to wreak havoc on that target.
upvoted 0 times
...
Alaine
1 year ago
A meterpreter prompt? That's the obvious choice, isn't it? Metasploit all the way!
upvoted 0 times
Derrick
12 months ago
It's the best way to maintain access and control over the target system.
upvoted 0 times
...
Kristal
1 year ago
I always go for meterpreter when I deliver a payload successfully.
upvoted 0 times
...
Carma
1 year ago
Agreed, with meterpreter you can do so much more than just a command prompt.
upvoted 0 times
...
Andree
1 year ago
Yes, definitely a meterpreter prompt. It's the most powerful tool in Metasploit.
upvoted 0 times
...
...
Stevie
1 year ago
I believe the correct answer is C) A meterpreter prompt on the target, as it allows for more control and flexibility during the assessment.
upvoted 0 times
...
Ahmed
1 year ago
I agree with Cletus, because meterpreter provides more advanced features for post-exploitation tasks.
upvoted 0 times
...
Cletus
1 year ago
I think a penetration tester would expect to access a meterpreter prompt on the target.
upvoted 0 times
...

Save Cancel