GIAC Certified Incident Handler (GCIH) — Question 157

What can you do to proactively protect against DLL injection on your organization's Exchange server?

Answer options

• A. Take away Full Control over important files from the Everyone group and monitor changes to important registry keys
• B. Script a comparison of the Is and echo commands and take cryptographic checksums of important files
• C. Limit Debug rights and take cryptographic checksums of important files
• D. Limit Debug rights to the Administrators' group and monitor changes to files in Event Viewer

Correct answer: A

Explanation

Option A is correct because removing Full Control access from the Everyone group minimizes the risk of unauthorized modifications, and monitoring registry changes enhances security. Options B and C involve checksums, but they do not address permissions effectively. Option D, while limiting Debug rights, fails to focus on critical file permissions necessary for preventing DLL injection.