GIAC Certified Incident Handler (GCIH) — Question 185

You are monitoring your network's behavior. You find a sudden increase in traffic on the network. It seems to come in bursts and emanate from one specific machine. You have been able to determine that a user of that machine is unaware of the activity and lacks the computer knowledge required to be responsible for a computer attack. What attack might this indicate?

Answer options

• A. Spyware
• B. Ping Flood
• C. Denial of Service
• D. Session Hijacking

Correct answer: A

Explanation

The correct answer is A, Spyware, as it often operates stealthily on a machine, generating unexpected traffic without the user's knowledge. The other options are less likely; a Ping Flood is a specific type of Denial of Service attack that requires intent, while Session Hijacking involves taking control of an active session, which also implies user knowledge. Denial of Service typically involves overwhelming a service, not a single machine's unnoticed traffic.