New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GPEN Exam - Topic 3 Question 38 Discussion

Actual exam question for GIAC's GPEN exam
Question #: 38
Topic #: 3
[All GPEN Questions]

Adam, a malicious hacker, hides a hacking tool from a system administrator of his company by using Alternate Data Streams (ADS) feature. Which of the following statements is true in context with the above scenario?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Audra at Dec 14, 2023, 08:59 AM

Limited Time Offer

25%

Off

Get Premium GPEN Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Annamaria
3 months ago
Adam must be using NTFS, that's the only way it works.
upvoted 0 times
...
Gerardo
3 months ago
Surprised people still think ADS is Linux-related!
upvoted 0 times
...
Latrice
3 months ago
Windows 98? No way, that's outdated for ADS.
upvoted 0 times
...
Ettie
4 months ago
Totally agree, it's definitely NTFS!
upvoted 0 times
...
Caprice
4 months ago
ADS is a feature of NTFS, not Linux.
upvoted 0 times
...
Nicolette
4 months ago
I vaguely recall something about FAT not supporting ADS either. So, C doesn't seem correct to me.
upvoted 0 times
...
Kris
4 months ago
I thought Windows 98 didn't support ADS, so B seems unlikely. I think it has to be NTFS for this to work.
upvoted 0 times
...
Dyan
4 months ago
I'm a bit unsure, but I feel like ADS isn't something you find in Linux. Wasn't there a question about file systems in our practice tests?
upvoted 0 times
...
Glory
5 months ago
I remember ADS is specifically a feature of NTFS, so I think D might be the right answer.
upvoted 0 times
...
Kirk
5 months ago
This seems straightforward to me. Alternate Data Streams is a Windows NTFS feature, not a Linux one. So the correct answer has to be D.
upvoted 0 times
...
Avery
5 months ago
I'm a bit unsure about this one. I know Alternate Data Streams can be used to hide files, but I'm not sure if it's a Linux or Windows feature. I'll have to review my notes on file systems before answering.
upvoted 0 times
...
Lillian
5 months ago
Okay, I've got this. Alternate Data Streams is a Windows feature, not Linux. And since the question mentions the hacker is using it, the file system must be NTFS, not FAT. So the answer is D.
upvoted 0 times
...
Kenneth
5 months ago
Hmm, I'm a bit confused here. I know Alternate Data Streams is used to hide files, but I'm not sure which operating system it's specific to. I'll have to think this through carefully.
upvoted 0 times
...
Lili
5 months ago
I'm pretty sure Alternate Data Streams is a feature of NTFS, not Linux. So I'm going to go with option D.
upvoted 0 times
...
Ezekiel
5 months ago
Okay, let me think this through. I know we need to cover things like code, functionality, and security policy. But I'm not sure if that's the complete set. I'll have to carefully consider each option before selecting my answer.
upvoted 0 times
...
Luke
5 months ago
Okay, let me think this through step-by-step. Search-time field extractions are used to extract data from the raw events, and that happens on the indexer, not the other components. I'm pretty sure the answer is C, the indexer.
upvoted 0 times
...
Goldie
5 months ago
Hmm, I'm not totally sure about this one. I'm debating between A and C. I'll have to think it through a bit more.
upvoted 0 times
...
Erasmo
10 months ago
Adam's got some serious skills if he's using ADS to hide his tools. Does he also have a secret underground lair and a cat to pet while he schemes? Jokes aside, A is the correct answer here.
upvoted 0 times
Twana
9 months ago
C) I bet he's got a whole setup going on.
upvoted 0 times
...
Kimi
9 months ago
B) No wonder he's able to hide his tools so well.
upvoted 0 times
...
Maricela
9 months ago
A) Adam is using NTFS file system.
upvoted 0 times
...
...
Skye
10 months ago
I bet Adam's the kind of guy who thinks he's the next L33t H4x0r. Hiding his tools in ADS? Classic. Definitely Windows and NTFS, not that Linux mumbo-jumbo. A all the way, my dude.
upvoted 0 times
Milly
9 months ago
C) Adam is using FAT file system.
upvoted 0 times
...
Danilo
9 months ago
Yeah, Adam definitely knows his way around Windows.
upvoted 0 times
...
Laurene
9 months ago
A) Adam is using NTFS file system.
upvoted 0 times
...
...
Jamal
10 months ago
Alternate Data Streams, huh? Sounds like Adam's been watching too many hacking tutorials on YouTube. I'm guessing he's not using a toaster oven to run his malware, so A is the way to go.
upvoted 0 times
...
Cammy
10 months ago
Ah, the old ADS trick. Gotta hand it to Adam, he's trying to be sneaky. But I think he's got the right operating system - Microsoft Windows, not Linux. Go with option A!
upvoted 0 times
Haley
9 months ago
Definitely, NTFS is the way to go for this kind of trick.
upvoted 0 times
...
Earnestine
10 months ago
I've heard of hackers using ADS to hide tools before, it's pretty clever.
upvoted 0 times
...
Art
10 months ago
Yeah, he's using NTFS file system, so option A is the right choice.
upvoted 0 times
...
Alison
10 months ago
I agree, Adam is definitely being sneaky with the ADS trick.
upvoted 0 times
...
...
Corinne
10 months ago
Well, this seems like a no-brainer. Adam is clearly using the NTFS file system, which is where Alternate Data Streams are a feature. Linux doesn't have this, and FAT doesn't either. As for Windows 98, that's just ridiculous.
upvoted 0 times
Karan
9 months ago
User 2: Yeah, Linux and FAT don't have Alternate Data Streams.
upvoted 0 times
...
Cordelia
9 months ago
User 1: Adam is definitely using the NTFS file system.
upvoted 0 times
...
Dannie
9 months ago
User 2: Yeah, that's the only option that makes sense. Linux and FAT don't have Alternate Data Streams.
upvoted 0 times
...
Candra
10 months ago
User 1: Adam must be using the NTFS file system.
upvoted 0 times
...
...
Ty
11 months ago
I'm not sure, but I think C) Adam is using FAT file system is incorrect because ADS is not supported in FAT.
upvoted 0 times
...
Andra
11 months ago
I agree with Ezekiel, because NTFS supports Alternate Data Streams.
upvoted 0 times
...
Ezekiel
11 months ago
I think the answer is A) Adam is using NTFS file system.
upvoted 0 times
...

Save Cancel