a:[["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$28"}}],["$","div",null,{"className":"min-h-[calc(100vh_-_156px)] sm:min-h-[calc(100vh_-_166px)] flex w-full flex-col items-center bg-muted/60 sm:px-6","children":["$","div",null,{"className":"w-full max-w-[1110px] space-y-8 py-8 lg:space-y-10 lg:py-10","children":[["$","section","GXHfnOm1jP",{"className":"mx-auto space-y-8 rounded bg-white px-6 py-10 shadow-sm md:py-12","children":[["$","div",null,{"className":"group relative mx-auto max-w-[740px] overflow-hidden rounded-xl border-l-8 border-brand-active bg-gradient-to-br from-brand via-brand/95 to-brand/90 p-6 shadow-lg transition-all hover:shadow-xl","children":[["$","div",null,{"className":"absolute -right-12 -top-12 size-40 rounded-full bg-white/10 blur-3xl transition-all duration-700 group-hover:scale-125 group-hover:opacity-80"}],["$","div",null,{"className":"absolute -bottom-8 -left-8 size-24 rounded-full bg-white/5 blur-2xl transition-all duration-700 group-hover:scale-110"}],["$","div",null,{"className":"absolute left-1/2 top-1/2 size-60 -translate-x-1/2 -translate-y-1/2 rounded-full bg-white/5 opacity-0 blur-3xl transition-all duration-700 group-hover:opacity-60"}],["$","div",null,{"className":"relative flex flex-col items-center justify-between gap-6 md:flex-row","children":[["$","div",null,{"className":"flex items-center gap-x-5","children":[["$","div",null,{"className":"hidden rounded-full bg-white/15 p-3.5 shadow-inner backdrop-blur-sm transition-all duration-300 group-hover:scale-110 group-hover:bg-white/20 md:flex","children":["$","svg",null,{"width":"15","height":"15","viewBox":"0 0 15 15","fill":"none","xmlns":"http://www.w3.org/2000/svg","className":"size-6 text-white transition-transform group-hover:rotate-3","children":["$","path",null,{"d":"M3 2.5C3 2.22386 3.22386 2 3.5 2H9.08579C9.21839 2 9.34557 2.05268 9.43934 2.14645L11.8536 4.56066C11.9473 4.65443 12 4.78161 12 4.91421V12.5C12 12.7761 11.7761 13 11.5 13H3.5C3.22386 13 3 12.7761 3 12.5V2.5ZM3.5 1C2.67157 1 2 1.67157 2 2.5V12.5C2 13.3284 2.67157 14 3.5 14H11.5C12.3284 14 13 13.3284 13 12.5V4.91421C13 4.51639 12.842 4.13486 12.5607 3.85355L10.1464 1.43934C9.86514 1.15804 9.48361 1 9.08579 1H3.5ZM4.5 4C4.22386 4 4 4.22386 4 4.5C4 4.77614 4.22386 5 4.5 5H7.5C7.77614 5 8 4.77614 8 4.5C8 4.22386 7.77614 4 7.5 4H4.5ZM4.5 7C4.22386 7 4 7.22386 4 7.5C4 7.77614 4.22386 8 4.5 8H10.5C10.7761 8 11 7.77614 11 7.5C11 7.22386 10.7761 7 10.5 7H4.5ZM4.5 10C4.22386 10 4 10.2239 4 10.5C4 10.7761 4.22386 11 4.5 11H10.5C10.7761 11 11 10.7761 11 10.5C11 10.2239 10.7761 10 10.5 10H4.5Z","fill":"currentColor","fillRule":"evenodd","clipRule":"evenodd"}]}]}],["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-center font-heading text-xl font-medium tracking-tight text-white md:text-left","children":["GCIH"," Exam Questions"]}],["$","span",null,{"className":"mt-1.5 text-center text-sm text-white/90 md:text-left","children":"Browse all questions from this exam"}]]}]]}],["$","div",null,{"className":"flex items-center","children":["$","$L19",null,{"href":"/exams/giac/gcih","className":"inline-flex items-center font-medium justify-center whitespace-nowrap text-sm focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring disabled:pointer-events-none disabled:opacity-50 text-white active:bg-brand-active h-9 bg-brand-active hover:bg-white hover:text-brand-active transition-all duration-300 px-8 py-3 rounded-full shadow-md hover:shadow-lg","children":[["$","span",null,{"className":"font-medium","children":"Go to Exam"}],["$","svg",null,{"width":"15","height":"15","viewBox":"0 0 15 15","fill":"none","xmlns":"http://www.w3.org/2000/svg","className":"ml-2 size-4 transition-transform duration-300","children":["$","path",null,{"d":"M6.1584 3.13508C6.35985 2.94621 6.67627 2.95642 6.86514 3.15788L10.6151 7.15788C10.7954 7.3502 10.7954 7.64949 10.6151 7.84182L6.86514 11.8418C6.67627 12.0433 6.35985 12.0535 6.1584 11.8646C5.95694 11.6757 5.94673 11.3593 6.1356 11.1579L9.565 7.49985L6.1356 3.84182C5.94673 3.64036 5.95694 3.32394 6.1584 3.13508Z","fill":"currentColor","fillRule":"evenodd","clipRule":"evenodd"}]}]]}]}]]}]]}],["$","div",null,{"className":"mx-auto max-w-[740px] space-y-8","children":[["$","h1",null,{"className":"font-heading text-2xl font-bold text-stone-800","children":"GCIH Exam - Question 127"}],["$","hr",null,{"className":"border-stone-200"}],["$","article",null,{"className":"prose prose-sm prose-stone max-w-full md:prose-base","dangerouslySetInnerHTML":{"__html":"

How would an attacker hide an executable from being viewed by Windows Explorer?

"}}]]}],[["$","fieldset",null,{"className":"prose prose-sm prose-stone mx-auto max-w-[740px] space-y-4 rounded bg-muted/60 p-4 md:prose-base","children":[["$","label","v04TTP81ef",{"className":"flex items-start gap-1.5 md:gap-2 p-4 rounded transition-all duration-300 cursor-pointer bg-white focus:bg-muted/50 focus:outline-none focus:ring-2 focus:ring-brand/40 has-[:checked]:bg-blue-100","htmlFor":"option-0","children":[["$","div",null,{"className":"flex items-center","children":[["$","input",null,{"type":"checkbox","id":"option-0","name":"option-0","className":"rounded-full size-3 md:size-3.5 transition-colors duration-300 appearance-none border border-gray-300 checked:bg-brand checked:border-brand focus:outline-none focus:ring-2 focus:ring-brand/40"}],["$","span",null,{"className":"ml-1.5 font-semibold md:ml-2.5","children":["A","."]}]]}],["$","div",null,{"className":"prose prose-sm prose-stone md:prose-base","dangerouslySetInnerHTML":{"__html":"

Rename it to '..'

"}}]]}],["$","label","nuanHGD89K",{"className":"flex items-start gap-1.5 md:gap-2 p-4 rounded transition-all duration-300 cursor-pointer bg-white focus:bg-muted/50 focus:outline-none focus:ring-2 focus:ring-brand/40 has-[:checked]:bg-blue-100","htmlFor":"option-1","children":[["$","div",null,{"className":"flex items-center","children":[["$","input",null,{"type":"checkbox","id":"option-1","name":"option-1","className":"rounded-full size-3 md:size-3.5 transition-colors duration-300 appearance-none border border-gray-300 checked:bg-brand checked:border-brand focus:outline-none focus:ring-2 focus:ring-brand/40"}],["$","span",null,{"className":"ml-1.5 font-semibold md:ml-2.5","children":["B","."]}]]}],["$","div",null,{"className":"prose prose-sm prose-stone md:prose-base","dangerouslySetInnerHTML":{"__html":"

Change the extension from .exe to .dll

"}}]]}],["$","label","rSj84GnWm9",{"className":"flex items-start gap-1.5 md:gap-2 p-4 rounded transition-all duration-300 cursor-pointer bg-white focus:bg-muted/50 focus:outline-none focus:ring-2 focus:ring-brand/40 has-[:checked]:bg-blue-100","htmlFor":"option-2","children":[["$","div",null,{"className":"flex items-center","children":[["$","input",null,{"type":"checkbox","id":"option-2","name":"option-2","className":"rounded-full size-3 md:size-3.5 transition-colors duration-300 appearance-none border border-gray-300 checked:bg-brand checked:border-brand focus:outline-none focus:ring-2 focus:ring-brand/40"}],["$","span",null,{"className":"ml-1.5 font-semibold md:ml-2.5","children":["C","."]}]]}],["$","div",null,{"className":"prose prose-sm prose-stone md:prose-base","dangerouslySetInnerHTML":{"__html":"

Encrypt it with RC4

"}}]]}],["$","label","8L9bbeDfuX",{"className":"flex items-start gap-1.5 md:gap-2 p-4 rounded transition-all duration-300 cursor-pointer bg-white focus:bg-muted/50 focus:outline-none focus:ring-2 focus:ring-brand/40 has-[:checked]:bg-blue-100","htmlFor":"option-3","children":[["$","div",null,{"className":"flex items-center","children":[["$","input",null,{"type":"checkbox","id":"option-3","name":"option-3","className":"rounded-full size-3 md:size-3.5 transition-colors duration-300 appearance-none border border-gray-300 checked:bg-brand checked:border-brand focus:outline-none focus:ring-2 focus:ring-brand/40"}],["$","span",null,{"className":"ml-1.5 font-semibold md:ml-2.5","children":["D","."]}]]}],["$","div",null,{"className":"prose prose-sm prose-stone md:prose-base","dangerouslySetInnerHTML":{"__html":"

Place it into an ADS of a .txt file

"}}]]}]]}],["$","div",null,{"className":"mx-auto max-w-[740px]","children":["$","details",null,{"className":"group","children":[["$","summary",null,{"className":"flex h-10 w-fit cursor-pointer items-center justify-center gap-2 rounded-full bg-brand px-8 font-heading text-sm font-medium text-white hover:bg-brand/90","children":[["$","span",null,{"className":"group-open:hidden","children":"Show Answer"}],["$","span",null,{"className":"hidden group-open:inline","children":"Hide Answer"}]]}],["$","div",null,{"className":"prose prose-sm prose-stone mx-auto mt-4 max-w-[740px] overflow-hidden pb-6 pt-2 md:prose-base","children":[["$","span",null,{"className":"font-medium","children":"Correct Answer: D"}],["$","p",null,{"children":"An attacker can hide an executable from being viewed by Windows Explorer by placing it into an Alternate Data Stream (ADS) of a text file. ADS is a feature of NTFS file systems in Windows that allows more than one data stream to be associated with a filename, providing an effective way to hide data without it being easily detected through standard file browsing techniques."}]]}]]}]}]]]}],["$","section",null,{"className":"mx-auto space-y-6 rounded-xl border border-stone-100/80 bg-white px-5 py-8 shadow-sm backdrop-blur-sm backdrop-saturate-150 transition-all md:px-8 md:py-10","children":["$","div",null,{"className":"mx-auto max-w-[740px] space-y-6","children":[["$","div",null,{"className":"mb-6 flex items-center gap-3 border-b pb-4","children":[["$","svg",null,{"width":"15","height":"15","viewBox":"0 0 15 15","fill":"none","xmlns":"http://www.w3.org/2000/svg","className":"size-5 text-indigo-500","children":["$","path",null,{"d":"M12.5 3L2.5 3.00002C1.67157 3.00002 1 3.6716 1 4.50002V9.50003C1 10.3285 1.67157 11 2.5 11H7.50003C7.63264 11 7.75982 11.0527 7.85358 11.1465L10 13.2929V11.5C10 11.2239 10.2239 11 10.5 11H12.5C13.3284 11 14 10.3285 14 9.50003V4.5C14 3.67157 13.3284 3 12.5 3ZM2.49999 2.00002L12.5 2C13.8807 2 15 3.11929 15 4.5V9.50003C15 10.8807 13.8807 12 12.5 12H11V14.5C11 14.7022 10.8782 14.8845 10.6913 14.9619C10.5045 15.0393 10.2894 14.9965 10.1464 14.8536L7.29292 12H2.5C1.11929 12 0 10.8807 0 9.50003V4.50002C0 3.11931 1.11928 2.00003 2.49999 2.00002Z","fill":"currentColor","fillRule":"evenodd","clipRule":"evenodd"}]}],["$","h2",null,{"className":"font-heading text-lg font-medium text-stone-700 md:text-xl","children":"Discussion"}],["$","span",null,{"className":"ml-auto rounded-full border border-indigo-100/60 bg-indigo-50/80 px-3 py-1 text-xs font-medium text-indigo-700 shadow-sm","children":[1," ","comment"]}]]}],["$","$L29",null,{"question":{"id":"GXHfnOm1jP","slot":127,"body":"

How would an attacker hide an executable from being viewed by Windows Explorer?

","answer":"An attacker can hide an executable from being viewed by Windows Explorer by placing it into an Alternate Data Stream (ADS) of a text file. ADS is a feature of NTFS file systems in Windows that allows more than one data stream to be associated with a filename, providing an effective way to hide data without it being easily detected through standard file browsing techniques.","exam_id":"gcih","o_id":"102749-exam-gcih-topic-1-question-704-discussion","o_answer_long":"

","o_answer_short":"

Reference: https://www.bleepingcomputer.com/news/microsoft/hiding-windows-file-extensions-is-a-security-risk-enable-now/

","o_sect":1,"o_slot":704,"is_published":true,"created_at":"$D2025-05-11T04:03:41.214Z","updated_at":"$D2025-05-12T20:23:22.040Z","last_comment_at":"$D2024-09-16T03:23:00.000Z","options":[{"id":"v04TTP81ef","o_is_correct":false,"slot":0,"body":"

Rename it to '..'

","is_correct":false,"question_id":"GXHfnOm1jP","created_at":"$D2025-05-11T04:03:41.214Z","updated_at":"$D2025-05-12T20:23:22.041Z"},{"id":"nuanHGD89K","o_is_correct":true,"slot":1,"body":"

Change the extension from .exe to .dll

","is_correct":false,"question_id":"GXHfnOm1jP","created_at":"$D2025-05-11T04:03:41.214Z","updated_at":"$D2025-05-12T20:23:22.043Z"},{"id":"rSj84GnWm9","o_is_correct":false,"slot":2,"body":"

Encrypt it with RC4

","is_correct":false,"question_id":"GXHfnOm1jP","created_at":"$D2025-05-11T04:03:41.214Z","updated_at":"$D2025-05-12T20:23:22.044Z"},{"id":"8L9bbeDfuX","o_is_correct":false,"slot":3,"body":"

Place it into an ADS of a .txt file

","is_correct":true,"question_id":"GXHfnOm1jP","created_at":"$D2025-05-11T04:03:41.214Z","updated_at":"$D2025-05-12T20:23:22.046Z"}],"exam":{"code":"GCIH","id":"gcih","vendor_id":"giac"}},"session":null}],["$","div",null,{"className":"mt-8 space-y-8","children":[["$","div",null,{"className":"relative flex w-full","children":[false,["$","div",null,{"className":"flex flex-col w-full rounded-xl transition-colors duration-200","children":[["$","div",null,{"className":"relative flex items-center before:absolute before:left-[-5px] before:top-1/2 before:z-[15] before:size-[5px] before:-translate-y-1/2 before:bg-transparent","children":[["$","$L2a",null,{"className":"relative z-20 size-9 overflow-hidden rounded-full bg-stone-100 ring-2 ring-stone-50 transition-all duration-200 hover:ring-indigo-50","children":["$","$L2b",null,{"src":"$2c","alt":"XBal"}]}],["$","div",null,{"className":"flex flex-col items-start gap-1 pl-3","children":[["$","div",null,{"className":"flex items-center gap-x-2","children":[["$","span",null,{"className":"font-semibold text-stone-800","children":"XBal"}],""]}],["$","span",null,{"className":"text-xs text-stone-400","children":"Sep 16, 2024"}]]}]]}],["$","div",null,{"className":"relative","children":[["$","p",null,{"className":"prose prose-stone max-w-full whitespace-pre-line break-words py-3 text-[15px] leading-relaxed text-stone-600 [word-break:break-word]","children":"Answer should be \"D\""}],["$","$L2d",null,{"comment":{"id":"yyv1D9mHr5","body":"Answer should be \"D\"","created_at":"2024-09-16T03:23:00.000Z","parent_id":null,"user_id":"mamLe4LbO9","user_name":"XBal","user_image":null,"options":[null],"upvotes":1,"upvoted":false,"children":[]},"session":null,"question":"$2e"}]]}],false]}]]}]]}]]}]}]]}]}]]