GIAC Certified Incident Handler (GCIH) — Question 67

How does the use of endpoint application allow lists impact malware attacks against the system?

Answer options

• A. An attacker must encrypt their attack tools
• B. An attacker must obfuscate their code and scripts
• C. An attacker must generate new code hashes
• D. An attacker must modify their attack tool use

Correct answer: B

Explanation

The correct answer is B because endpoint application allow lists require that only approved applications run on the system, forcing attackers to obfuscate their code and scripts to bypass these controls. Options A, C, and D do not directly relate to the requirement imposed by allow lists, as they pertain to other aspects of malware evasion techniques that may not be necessary if the application is already blocked.