GIAC Certified Incident Handler (GCIH) — Question 7

What is one of the simplest AND most common ways for an attacker to camouflage files on a UNIX system?

Answer options

• A. Use S-Tools to embed the files into a graphic image
• B. Run "chmod 600" on the files to be hidden
• C. Use a dot-space or dot-dot-space as the file or directory name
• D. Insert the data into an alternate data stream using the colon (:)
• E. Install a kernel-level rootkit

Correct answer: C

Explanation

The correct answer, C, indicates that using a dot-space or dot-dot-space in the file or directory name makes it hidden from standard directory listings in UNIX. Options A, B, D, and E are not common methods for camouflaging files; for instance, 'chmod 600' restricts access but does not hide files, while inserting data into alternate streams and using rootkits is more complex and less common.