New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCFA Exam - Topic 6 Question 73 Discussion

Actual exam question for GIAC's GCFA exam
Question #: 73
Topic #: 6
[All GCFA Questions]

John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Ruth at Aug 14, 2025, 10:14 PM

Limited Time Offer

25%

Off

Get Premium GCFA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Susana
2 months ago
Not sure about that, but it seems like a bold move!
upvoted 0 times
...
Isaiah
2 months ago
Wait, is he really trying to corrupt the IDS database? That's risky!
upvoted 0 times
...
Vernell
2 months ago
Sounds like a classic evasion attack to me.
upvoted 0 times
...
Joye
3 months ago
Definitely a polymorphic shell code attack!
upvoted 0 times
...
Darell
3 months ago
I think it's more of an evasion attack, not session splicing.
upvoted 0 times
...
Yaeko
3 months ago
I’m a bit confused; I thought evasion attacks were more about avoiding detection in general, but this specific signature-changing tactic seems unique.
upvoted 0 times
...
Denny
3 months ago
This scenario seems similar to a practice question we did on session splicing, but I think the focus on changing signatures points more towards polymorphic attacks.
upvoted 0 times
...
Leontine
4 months ago
I'm not entirely sure, but I feel like this could also be an evasion attack since he's trying to bypass the IDS.
upvoted 0 times
...
Sheron
4 months ago
I remember studying IDS evasion techniques, and I think this might be related to how polymorphic viruses change their signatures.
upvoted 0 times
...
Marcelle
4 months ago
This is a tricky one, but I think the answer is D - Polymorphic shell code attack. The virus is continuously changing its signature to avoid detection, which is a classic polymorphic attack technique. I feel pretty confident about this, but I'll double-check my work just to be sure.
upvoted 0 times
...
Layla
4 months ago
Hmm, I'm not entirely sure about this one. The question mentions corrupting the IDS signature database, but it doesn't specify how the virus is doing that. I'm torn between A and D, but I'll need to think it through a bit more before making a decision.
upvoted 0 times
...
Mindy
4 months ago
Okay, I think I've got this. The key here is that the virus is changing its signature to avoid detection by the IDS. That sounds like an evasion attack, so I'm going to go with option A.
upvoted 0 times
...
Wynell
4 months ago
I'm a bit confused by this question. The details about the virus and IDS signature database are making it tricky for me to figure out the right answer. I'll need to re-read the question carefully to make sure I understand it fully before selecting an answer.
upvoted 0 times
...
Talia
5 months ago
This question seems straightforward. I think the answer is D - Polymorphic shell code attack, since the virus is continuously changing its signature to avoid detection by the IDS.
upvoted 0 times
...
Goldie
5 months ago
I think John is performing a Polymorphic shell code attack.
upvoted 0 times
...
Gail
6 months ago
Ah, the old polymorphic shell code attack! John's really going to town on that IDS signature database. It's like a sneaky virus with a thousand faces, always one step ahead of the system. Gotta hand it to him, he's keeping the We-are-secure team on their toes!
upvoted 0 times
Desire
5 months ago
User 2: Yeah, it's like a virus with a thousand faces, always changing to avoid detection.
upvoted 0 times
...
Janine
5 months ago
User 1: John is really going all out with that polymorphic shell code attack!
upvoted 0 times
...
...

Save Cancel