GIAC Certified Incident Handler (GCIH) — Question 22

Which endpoint security bypass technique modifies the assembly of an executable?

Answer options

• A. Living Off the Land
• B. Code signing
• C. Keyed payload
• D. Ghostwriting

Correct answer: B

Explanation

Code signing is the correct answer because it involves modifying the assembly of an executable to ensure its integrity and authenticity. The other options, such as Living Off the Land and Ghostwriting, do not specifically pertain to altering executable assemblies, and Keyed payload refers to a different technique unrelated to assembly modification.