GIAC Certified Incident Handler (GCIH) — Question 24

Which endpoint security bypass technique leverages existing system tools instead of adding executable?

Answer options

• A. Living Off the Land
• B. Code signing
• C. Compile After Delivery
• D. Ghostwriting

Correct answer: C

Explanation

The correct answer is C, Compile After Delivery, as it refers to a technique that exploits built-in system tools to execute malicious actions without needing additional executables. Options A, B, and D do not specifically describe the method of using existing tools for evasion; Living Off the Land is about using legitimate tools, Code signing pertains to verifying software integrity, and Ghostwriting refers to impersonating another user.