GIAC Security Essentials Certification (GSEC) — Question 34
You are reviewing a packet capture file from your network intrusion detection system. In the packet stream, you come across a long series of "no operation" (NOP) commands. In addition to the NOP commands, there appears to be a malicious payload. Of the following, which is the most appropriate preventative measure for this type of attack?
Answer options
- A. Limits on the number of failed logins
- B. Boundary checks on program inputs
- C. Controls against time of check/time of use attacks
- D. Restrictions on file permissions
Correct answer: C
Explanation
The correct answer is C, as implementing controls against time of check/time of use attacks can help prevent exploitation of the NOP commands and payload. Options A, B, and D do not directly address the specific nature of this attack, which focuses on exploiting timing vulnerabilities rather than login attempts, input handling, or file permissions.