GIAC Exam GCED Topic 3 Question 29 Discussion

Actual exam question for GIAC's GCED exam

Question #: 29
Topic #: 3

[All GCED Questions]

What would a penetration tester expect to access after the following metasploit payload is delivered successfully?

Set PAYLOAD windows / shell / reverse _ tcp

AVNC server session on the target

BA netcat listener on the target

CA meterpreter prompt on the target

DA command prompt on the target

Show Suggested Answer

Suggested Answer: A

A company needs to classify its information as a key step in valuing it and knowing where to focus its protection.

Rotation of duties and separation of duties are both key elements in reducing the scope of information access and the ability to conceal malicious behavior.

Separation of duties helps minimize ''empire building'' within a company, keeping one individual from controlling a great deal of information, reducing the insider threat.

Security awareness programs can help other employees notice the signs of an insider attack and thus reduce the insider threat.

Detection is a reactive method and only occurs after an attack occurs. Only preventative methods can stop or limit an attack.

by Annelle at Nov 21, 2023, 05:33 PM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Julian

6 days ago

Wait, is this a trick question? I bet the correct answer is actually a surprise zombie apocalypse scenario. Better stock up on canned goods just in case.

upvoted 0 times

...

Art

7 days ago

VNC server session? Are you kidding me? I'm gonna get that sweet, sweet meterpreter shell, baby!

upvoted 0 times

...

Kerrie

11 days ago

Haha, netcat listener? What is this, the 90s? C'mon, we all know it's meterpreter all the way!

upvoted 0 times

Kimberely

5 days ago

Yeah, netcat is old school. Meterpreter is the way to go.

upvoted 0 times

...

Kizzy

16 days ago

I'm going with D. A good old command prompt is all I need to wreak havoc on that target.

upvoted 0 times

...

Alaine

20 days ago

A meterpreter prompt? That's the obvious choice, isn't it? Metasploit all the way!

upvoted 0 times

Andree

22 hours ago

Yes, definitely a meterpreter prompt. It's the most powerful tool in Metasploit.

upvoted 0 times

...

Stevie

30 days ago

I believe the correct answer is C) A meterpreter prompt on the target, as it allows for more control and flexibility during the assessment.

upvoted 0 times

...

Ahmed

1 months ago

I agree with Cletus, because meterpreter provides more advanced features for post-exploitation tasks.

upvoted 0 times

...

Cletus

1 months ago

I think a penetration tester would expect to access a meterpreter prompt on the target.

upvoted 0 times

...