New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCIH Exam - Topic 7 Question 31 Discussion

Actual exam question for GIAC's GCIH exam
Question #: 31
Topic #: 7
[All GCIH Questions]

John works as a Professional Ethical Hacker for NetPerfect Inc. The company has a Linux-based network. All client computers are running on Red Hat 7.0 Linux. The Sales Manager of the company complains to John that his system contains an unknown package named as tar.gz and his documents are exploited. To resolve the problem, John uses a Port scanner to enquire about the open ports and finds out that the HTTP server service port on 27374 is open. He suspects that the other computers on the network are also facing the same problem. John discovers that a malicious application is using the synscan tool to randomly generate IP addresses.

Which of the following worms has attacked the computer?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Arthur at Sep 17, 2024, 07:40 PM

Limited Time Offer

25%

Off

Get Premium GCIH Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Justine
3 months ago
I think it’s definitely Nimda, too many signs pointing there.
upvoted 0 times
...
Sharee
3 months ago
Wait, are we sure it’s not a false alarm?
upvoted 0 times
...
Lachelle
3 months ago
Ramen is more about DoS, not this.
upvoted 0 times
...
Roy
4 months ago
Definitely Code Red vibes here!
upvoted 0 times
...
Gayla
4 months ago
Sounds like a classic Nimda attack.
upvoted 0 times
...
Deangelo
4 months ago
If I recall correctly, Code Red was notorious for targeting IIS servers, so I don't think it's that one. Nimda seems more likely based on the symptoms described.
upvoted 0 times
...
Ahmed
4 months ago
I practiced a similar question on worms last week, and I think Ramen was mentioned in that context, but I don't recall the details.
upvoted 0 times
...
Karol
4 months ago
I think it might be Nimda since it was known for exploiting vulnerabilities in web servers, but I'm not completely confident.
upvoted 0 times
...
Susana
5 months ago
I remember studying about different types of worms, but I'm not entirely sure which one specifically uses synscan.
upvoted 0 times
...
Luis
5 months ago
This seems like a tricky one, but I think I've got a strategy. I'll start by reviewing the characteristics of the major Linux worms - Code Red, Ramen, LoveLetter, and Nimda. Then I'll match up the details in the question to see which one fits best. Methodical elimination is key here.
upvoted 0 times
...
Angelyn
5 months ago
I'm a little confused by all the technical details in this question. The port scanning, the synscan tool, and the different worm names - it's a lot to keep track of. I'll need to read through it a few times and try to break down the key evidence before I can make a solid guess.
upvoted 0 times
...
Layla
5 months ago
Okay, let's see here. The Linux-based network, the open HTTP port, and the random IP address scanning - that sounds a lot like the Nimda worm to me. I'm pretty confident that's the right answer, but I'll double-check the other options just to be sure.
upvoted 0 times
...
Jamal
5 months ago
Hmm, I'm a bit unsure about this one. The details about the open port and the malicious application are clear, but I'm not totally sure which specific worm it could be. I'll need to think through the different worm characteristics carefully to make the right call.
upvoted 0 times
...
Amie
5 months ago
This seems like a classic case of a worm attack. The open HTTP server port, the tar.gz file, and the random IP address generation all point to a specific type of worm. I think I've got a good handle on the key details here.
upvoted 0 times
...
Erick
5 months ago
Upgrading the CPU sounds like the logical choice here. If the system is struggling with multiple applications, that's likely a CPU bottleneck.
upvoted 0 times
...
Cristina
1 year ago
Wait, there's a worm called the 'LoveLetter'? That's a pretty cheesy name for a cybersecurity threat. I wonder if it's as harmless as it sounds.
upvoted 0 times
...
Raelene
1 year ago
Hmm, I'm not sure about this one. I'll have to think it over. Maybe I should ask the person sitting next to me for a second opinion.
upvoted 0 times
...
Kati
1 year ago
This question is a piece of cake! Anyone who's been paying attention in class would know that the answer is B) Ramen.
upvoted 0 times
Albert
1 year ago
D) Nimda
upvoted 0 times
...
Roosevelt
1 year ago
C) LoveLetter
upvoted 0 times
...
Lili
1 year ago
B) Ramen
upvoted 0 times
...
Rodrigo
1 year ago
A) Code red
upvoted 0 times
...
...
Tanesha
1 year ago
I'm not sure, but I think Ramen could also be a possibility.
upvoted 0 times
...
Barney
1 year ago
D) Nimda is the correct answer. The synscan tool used to generate random IP addresses is a telltale sign of the Nimda worm.
upvoted 0 times
Dylan
1 year ago
Nimda is the correct answer. The synscan tool used to generate random IP addresses is a telltale sign of the Nimda worm.
upvoted 0 times
...
Margot
1 year ago
D) Nimda
upvoted 0 times
...
Zena
1 year ago
C) LoveLetter
upvoted 0 times
...
Shawna
1 year ago
B) Ramen
upvoted 0 times
...
Trinidad
1 year ago
A) Code red
upvoted 0 times
...
...
Hildred
1 year ago
I think the answer is B) Ramen. The tar.gz file and the open HTTP server port on 27374 are clear signs of a Ramen worm attack.
upvoted 0 times
Osvaldo
1 year ago
D) Nimda
upvoted 0 times
...
Margot
1 year ago
C) LoveLetter
upvoted 0 times
...
Lottie
1 year ago
B) Ramen
upvoted 0 times
...
Pauline
1 year ago
A) Code red
upvoted 0 times
...
...
Daren
1 year ago
I agree with Allene, Nimda seems like the most likely culprit.
upvoted 0 times
...
Allene
1 year ago
I think the worm that attacked the computer is Nimda.
upvoted 0 times
...

Save Cancel