New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCED Exam - Topic 7 Question 12 Discussion

Actual exam question for GIAC's GCED exam
Question #: 12
Topic #: 7
[All GCED Questions]

You are responding to an incident involving a Windows server on your company's network. During the investigation you notice that the system downloaded and installed two files, iexplorer.exe and iexplorer.sys. Based on the behavior of the system you suspect that these files are part of a rootkit. If this is the case what is the likely purpose of the .sys file?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Simona at May 08, 2022, 01:57 PM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ty
4 months ago
I thought .sys files were just for system stuff, this is wild!
upvoted 0 times
...
Krystal
4 months ago
Definitely a driver, no doubt about it.
upvoted 0 times
...
Sue
4 months ago
Wait, could it be a backdoor instead?
upvoted 0 times
...
Markus
4 months ago
Totally agree, it’s likely loading the rootkit.
upvoted 0 times
...
Teri
5 months ago
.sys files are usually device drivers.
upvoted 0 times
...
Na
5 months ago
I'm torn between A and C. A .sys file sounds like it would be more about loading something, but I guess it could also be used for logging.
upvoted 0 times
...
Jacqueline
5 months ago
I feel like I've seen a question like this before. If it's a rootkit, then the .sys file must be a driver to help it run undetected.
upvoted 0 times
...
Janey
5 months ago
I remember studying rootkits, and I think .sys files usually relate to drivers. But could it also be a backdoor?
upvoted 0 times
...
Cyndy
5 months ago
I think the .sys file is likely a device driver, but I'm not entirely sure. It seems like it could be used to load the rootkit, right?
upvoted 0 times
...
Ronny
5 months ago
This looks like a pretty straightforward OSPF configuration question. I think the key is to find the command that will prevent the router from sending OSPF hellos on the specified interface.
upvoted 0 times
...
Cammy
5 months ago
Okay, I've got this. Provisioning is about granting licensed modules the appropriate resource levels, so I'll go with option B.
upvoted 0 times
...
Buffy
5 months ago
I'm a little confused by the wording of the question. I'll need to re-read it a few times to make sure I'm understanding the requirements correctly before selecting an answer.
upvoted 0 times
...

Save Cancel