Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC Exam GCED Topic 4 Question 51 Discussion

Actual exam question for GIAC's GCED exam
Question #: 51
Topic #: 4
[All GCED Questions]

The security team wants to detect connections that can compromise credentials by sending them in plaintext across the wire. Which of the following rules should they enable on their IDS sensor?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Amalia at Sep 18, 2024, 11:23 AM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Xuan
2 months ago
Haha, who even uses Telnet these days? Might as well just turn off the whole network and call it a day. C is the clear winner though.
upvoted 0 times
...
Alverta
2 months ago
That makes sense too. We should consider the potential risks associated with each rule before making a final decision.
upvoted 0 times
...
An
2 months ago
Hmm, I'm not sure. I was thinking B might be the right one since X-Windows sessions could also potentially expose credentials. But I guess Telnet is the more obvious choice.
upvoted 0 times
Hana
1 months ago
Yeah, Telnet is definitely a common way credentials can be compromised.
upvoted 0 times
...
Maryanne
1 months ago
But Telnet is the more obvious choice for plaintext credentials.
upvoted 0 times
...
Helene
2 months ago
I think B might be the right one since X-Windows sessions could expose credentials.
upvoted 0 times
...
...
Luis
2 months ago
I disagree, I believe the correct answer is C) alert tcp any 23 <> any 23 as it targets Telnet connections which often send credentials in plaintext.
upvoted 0 times
...
Alverta
2 months ago
I think the answer is A) alert tcp any 22 <> any 22 because it specifically mentions SSH connections.
upvoted 0 times
...
Andra
3 months ago
I agree with Floyd. Telnet is an outdated protocol that doesn't use encryption, making it a security risk. C is the right answer here.
upvoted 0 times
Glennis
2 months ago
We should definitely enable the rule for detecting Telnet connections.
upvoted 0 times
...
Lucina
2 months ago
I agree, Telnet is outdated and doesn't use encryption.
upvoted 0 times
...
Shayne
2 months ago
I think C is the right answer. Telnet is definitely a security risk.
upvoted 0 times
...
...
Floyd
3 months ago
The correct answer is C. Telnet shell connections can expose credentials in plaintext, so the IDS rule to detect those would be the best choice.
upvoted 0 times
Loreen
1 months ago
Yes, that's why enabling the rule to detect Telnet connections is important for security.
upvoted 0 times
...
Ernie
2 months ago
Oh, I see. Telnet shell connections can expose credentials in plaintext.
upvoted 0 times
...
Carylon
2 months ago
No, I believe the correct answer is C) alert tcp any 23 <> any 23 (msg:Telnet shell; class type:misc-attack;sid:100; rev:1;)
upvoted 0 times
...
Jolene
2 months ago
I think the answer is A) alert tcp any 22 <> any 22 (msg:SSH connection; class type:misc-attack;sid: 122:rev:1;)
upvoted 0 times
...
...

Save Cancel