New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GSNA Exam - Topic 2 Question 21 Discussion

Actual exam question for GIAC's GSNA exam
Question #: 21
Topic #: 2
[All GSNA Questions]

You are concerned about rootkits on your network communicating with attackers outside your network. Without using an IDS how can you detect this sort of activity?

Show Suggested Answer Hide Answer
Suggested Answer: D

Firewall logs will show all incoming and outgoing traffic. By examining those logs you can detect anomalous traffic, which can indicate the presence of malicious code such as rootkits.

Answer B is incorrect. While an IDS might be the most obvious solution in this scenario, it is not the only one.

Answer C is incorrect. It is very unlikely that anything in your domain controller logs will show the presence of a rootkit, unless that

rootkit is on the domain controller itself.

Answer A is incorrect. A DMZ is an excellent firewall configuration but will not aid in detecting rootkits.


by Kanisha at May 06, 2022, 02:39 PM

Limited Time Offer

25%

Off

Get Premium GSNA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Casey
4 months ago
Domain controller logs can show suspicious activity too!
upvoted 0 times
...
Lourdes
4 months ago
Really? Can you actually catch rootkits without an IDS?
upvoted 0 times
...
Stevie
4 months ago
DMZ won't help with rootkit detection, just saying.
upvoted 0 times
...
Kimbery
4 months ago
Totally agree, firewall logs are key!
upvoted 0 times
...
Estrella
5 months ago
You can check firewall logs for unusual traffic.
upvoted 0 times
...
Alise
5 months ago
I believe checking the domain controller logs could show some signs of compromise, but I’m leaning towards firewall logs being more effective.
upvoted 0 times
...
King
5 months ago
I’m a bit confused. I thought a DMZ was more about segmentation than detection. Can it really help with rootkits?
upvoted 0 times
...
Deandrea
5 months ago
I remember discussing how examining logs can help identify unusual patterns, but I'm not sure if it's enough without an IDS.
upvoted 0 times
...
Winfred
5 months ago
I think we practiced a similar question about using logs to detect anomalies. I feel like firewall logs could be useful here.
upvoted 0 times
...
Tawny
5 months ago
Ah, I've seen this type of issue before. The key here is to use a network capture tool like Wireshark or Netmon to analyze the traffic. That will give you visibility into what's actually being sent to and from the client, which should help you identify the problem.
upvoted 0 times
...
Sherita
5 months ago
Okay, let me think this through. We need to insert a comment that says the page validates as HTML5 and who the author is. I'm pretty sure the HTML comment syntax is the right approach, so I'll select option D.
upvoted 0 times
...
Alex
5 months ago
This seems like a pretty straightforward question about Cisco UCS components. I'll need to remember the key functions of the Cisco Integrated Management Controller and how it relates to the other UCS components.
upvoted 0 times
...
Elke
5 months ago
I've got this! The key is to look at the network diagram and see where the routers are located. That will help me determine the type of BGP sessions.
upvoted 0 times
...

Save Cancel