Summer Sale Coupon - 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sbfdisc

GCIH PDF

$44

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

GCIH PDF + Testing Engine

$70.4

$175.99

3 Months Free Update

  • Exam Name: GIAC Certified Incident Handler
  • Last Update: Apr 17, 2024
  • Questions and Answers: 328
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

GCIH Engine

$52.8

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

GCIH Practice Exam Questions with Answers GIAC Certified Incident Handler Certification

Question # 6

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

A.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

B.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

C.

HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"

D.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Full Access
Question # 7

Which of the following attacks is specially used for cracking a password?

A.

PING attack

B.

Dictionary attack

C.

Vulnerability attack

D.

DoS attack

Full Access
Question # 8

Which of the following refers to the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system?

A.

Piggybacking

B.

Hacking

C.

Session hijacking

D.

Keystroke logging

Full Access
Question # 9

Which of the following functions can you use to mitigate a command injection attack?

Each correct answer represents a part of the solution. Choose all that apply.

A.

escapeshellarg()

B.

escapeshellcmd()

C.

htmlentities()

D.

strip_tags()

Full Access
Question # 10

Who are the primary victims of smurf attacks on the contemporary Internet system?

A.

IRC servers are the primary victims to smurf attacks

B.

FTP servers are the primary victims to smurf attacks

C.

SMTP servers are the primary victims to smurf attacks

D.

Mail servers are the primary victims to smurf attacks

Full Access
Question # 11

You work as a Network Administrator for InformSec Inc. You find that the TCP port number 23476 is open on your server. You suspect that there may be a Trojan named Donald Dick installed on your server. Now you want to verify whether Donald Dick is installed on it or not. For this, you want to know the process running on port 23476, as well as the process id, process name, and the path of the process on your server. Which of the following applications will you most likely use to accomplish the task?

A.

Tripwire

B.

SubSeven

C.

Netstat

D.

Fport

Full Access
Question # 12

Which of the following is a network worm that exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system?

A.

Win32/Agent

B.

WMA/TrojanDownloader.GetCodec

C.

Win32/Conflicker

D.

Win32/PSW.OnLineGames

Full Access
Question # 13

Which of the following is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines?

A.

Demon dialing

B.

Warkitting

C.

War driving

D.

Wardialing

Full Access
Question # 14

Which of the following statements are true about worms?

Each correct answer represents a complete solution. Choose all that apply.

A.

Worms cause harm to the network by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

B.

Worms can exist inside files such as Word or Excel documents.

C.

One feature of worms is keystroke logging.

D.

Worms replicate themselves from one system to another without using a host file.

Full Access
Question # 15

Which of the following is the best method of accurately identifying the services running on a victim host?

A.

Use of the manual method of telnet to each of the open ports.

B.

Use of a port scanner to scan each port to confirm the services running.

C.

Use of hit and trial method to guess the services and ports of the victim host.

D.

Use of a vulnerability scanner to try to probe each port to verify which service is running.

Full Access
Question # 16

Which of the following tools can be used to perform brute force attack on a remote database?

Each correct answer represents a complete solution. Choose all that apply.

A.

SQLBF

B.

SQLDict

C.

FindSA

D.

nmap

Full Access
Question # 17

Which of the following tools is used for vulnerability scanning and calls Hydra to launch a dictionary attack?

A.

Whishker

B.

Nessus

C.

SARA

D.

Nmap

Full Access
Question # 18

In the DNS Zone transfer enumeration, an attacker attempts to retrieve a copy of the entire zone file for a domain from a DNS server. The information provided by the DNS zone can help an attacker gather user names, passwords, and other valuable information. To attempt a zone transfer, an attacker must be connected to a DNS server that is the authoritative server for that zone. Besides this, an attacker can launch a Denial of Service attack against the zone's DNS servers by flooding them with a lot of requests. Which of the following tools can an attacker use to perform a DNS zone transfer?

Each correct answer represents a complete solution. Choose all that apply.

A.

Host

B.

Dig

C.

DSniff

D.

NSLookup

Full Access
Question # 19

In which of the following malicious hacking steps does email tracking come under?

A.

Reconnaissance

B.

Gaining access

C.

Maintaining Access

D.

Scanning

Full Access
Question # 20

As a professional hacker, you want to crack the security of secureserver.com. For this, in the information gathering step, you performed scanning with the help of nmap utility to retrieve as many different protocols as possible being used by the secureserver.com so that you could get the accurate knowledge about what services were being used by the secure server.com. Which of the following nmap switches have you used to accomplish the task?

A.

nmap -vO

B.

nmap -sS

C.

nmap -sT

D.

nmap -sO

Full Access
Question # 21

You want to integrate the Nikto tool with nessus vulnerability scanner. Which of the following steps will you take to accomplish the task?

Each correct answer represents a complete solution. Choose two.

A.

Place nikto.pl file in the /etc/nessus directory.

B.

Place nikto.pl file in the /var/www directory.

C.

Place the directory containing nikto.pl in root's PATH environment variable.

D.

Restart nessusd service.

Full Access
Question # 22

Which of the following are countermeasures to prevent unauthorized database access attacks?

Each correct answer represents a complete solution. Choose all that apply.

A.

Session encryption

B.

Removing all stored procedures

C.

Applying strong firewall rules

D.

Input sanitization

Full Access
Question # 23

Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up a Trojan and joins it with chess.exe. Which of the following tools are required in such a scenario?

Each correct answer represents a part of the solution. Choose three.

A.

NetBus

B.

Absinthe

C.

Yet Another Binder

D.

Chess.exe

Full Access
Question # 24

James works as a Database Administrator for Techsoft Inc. The company has a SQL Server 2005 computer. The computer has a database named Sales. Users complain that the performance of the database has deteriorated. James opens the System Monitor tool and finds that there is an increase in network traffic. What kind of attack might be the cause of the performance deterioration?

A.

Denial-of-Service

B.

Injection

C.

Internal attack

D.

Virus

Full Access
Question # 25

Which of the following can be used to perform session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

A.

Cross-site scripting

B.

Session fixation

C.

ARP spoofing

D.

Session sidejacking

Full Access
Question # 26

Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?

A.

Kernel keylogger

B.

Software keylogger

C.

Hardware keylogger

D.

OS keylogger

Full Access
Question # 27

Which of the following tools uses common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures of the rootkits?

A.

rkhunter

B.

OSSEC

C.

chkrootkit

D.

Blue Pill

Full Access
Question # 28

Which of the following reads and writes data across network connections by using the TCP/IP protocol?

A.

Fpipe

B.

NSLOOKUP

C.

Netcat

D.

2Mosaic

Full Access
Question # 29

Which of the following can be used as a countermeasure against the SQL injection attack?

Each correct answer represents a complete solution. Choose two.

A.

mysql_real_escape_string()

B.

session_regenerate_id()

C.

mysql_escape_string()

D.

Prepared statement

Full Access
Question # 30

Firekiller 2000 is an example of a __________.

A.

Security software disabler Trojan

B.

DoS attack Trojan

C.

Data sending Trojan

D.

Remote access Trojan

Full Access
Question # 31

Fill in the blank with the appropriate name of the rootkit.

A _______ rootkit uses device or platform firmware to create a persistent malware image.

Full Access
Question # 32

Which of the following are the automated tools that are used to perform penetration testing?

Each correct answer represents a complete solution. Choose two.

A.

Pwdump

B.

Nessus

C.

EtherApe

D.

GFI LANguard

Full Access
Question # 33

Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:

1. Smoothening and decreasing contrast by averaging the pixels of the area where significant color transitions occurs.

2. Reducing noise by adjusting color and averaging pixel value.

3. Sharpening, Rotating, Resampling, and Softening the image.

Which of the following Steganography attacks is Victor using?

A.

Stegdetect Attack

B.

Chosen-Stego Attack

C.

Steg-Only Attack

D.

Active Attacks

Full Access
Question # 34

What is the purpose of configuring a password protected screen saver on a computer?

A.

For preventing unauthorized access to a system.

B.

For preventing a system from a Denial of Service (DoS) attack.

C.

For preventing a system from a social engineering attack.

D.

For preventing a system from a back door attack.

Full Access
Question # 35

An Active Attack is a type of steganography attack in which the attacker changes the carrier during the communication process. Which of the following techniques is used for smoothing the transition and controlling contrast on the hard edges, where there is significant color transition?

A.

Soften

B.

Rotate

C.

Sharpen

D.

Blur

Full Access
Question # 36

Which of the following statements about smurf is true?

A.

It is a UDP attack that involves spoofing and flooding.

B.

It is an ICMP attack that involves spoofing and flooding.

C.

It is an attack with IP fragments that cannot be reassembled.

D.

It is a denial of service (DoS) attack that leaves TCP ports open.

Full Access
Question # 37

Which of the following protocol loggers is used to detect ping sweep?

A.

lppi

B.

pitl

C.

dpsl

D.

ippl

Full Access
Question # 38

Which of the following protocols uses only User Datagram Protocol (UDP)?

A.

POP3

B.

FTP

C.

ICMP

D.

TFTP

Full Access
Question # 39

John works as a Network Administrator for We-are-secure Inc. He finds that TCP port 7597 of the Weare- secure server is open. He suspects that it may be open due to a Trojan installed on the server. He presents a report to the company describing the symptoms of the Trojan. A summary of the report is given below:

Once this Trojan has been installed on the computer, it searches Notpad.exe, renames it Note.com, and then copies itself to the computer as Notepad.exe. Each time Notepad.exe is executed, the Trojan executes and calls the original Notepad to avoid being noticed.

Which of the following Trojans has the symptoms as the one described above?

A.

NetBus

B.

Qaz

C.

eBlaster

D.

SubSeven

Full Access
Question # 40

You are the Administrator for a corporate network. You are concerned about denial of service attacks.

Which of the following would be the most help against Denial of Service (DOS) attacks?

A.

Packet filtering firewall

B.

Network surveys.

C.

Honey pot

D.

Stateful Packet Inspection (SPI) firewall

Full Access
Question # 41

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare- secure.com. He enters a single quote in the input field of the login page of the We-are-secure Web site and receives the following error message:

Microsoft OLE DB Provider for ODBC Drivers error '0x80040E14'

This error message shows that the We-are-secure Website is vulnerable to __________.

A.

A buffer overflow

B.

A Denial-of-Service attack

C.

A SQL injection attack

D.

An XSS attack

Full Access
Question # 42

Which of the following is a method of gaining access to a system that bypasses normal authentication?

A.

Teardrop

B.

Trojan horse

C.

Back door

D.

Smurf

Full Access
Question # 43

Which of the following options scans the networks for vulnerabilities regarding the security of a network?

A.

System enumerators

B.

Port enumerators

C.

Network enumerators

D.

Vulnerability enumerators

Full Access
Question # 44

Which of the following programs is used for bypassing normal authentication for securing remote access to a computer?

A.

Backdoor

B.

Worm

C.

Adware

D.

Spyware

Full Access
Question # 45

You are monitoring your network's behavior. You find a sudden increase in traffic on the network. It seems to come in bursts and emanate from one specific machine. You have been able to determine that a user of that machine is unaware of the activity and lacks the computer knowledge required to be responsible for a computer attack. What attack might this indicate?

A.

Spyware

B.

Ping Flood

C.

Denial of Service

D.

Session Hijacking

Full Access
Question # 46

You work as a System Administrator for Happy World Inc. Your company has a server named uC1 that runs Windows Server 2008. The Windows Server virtualization role service is installed on the uC1 server which hosts one virtual machine that also runs Windows Server 2008. You are required to install a new application on the virtual machine. You need to ensure that in case of a failure of the application installation, you are able to quickly restore the virtual machine to its original state.

Which of the following actions will you perform to accomplish the task?

A.

Use the Virtualization Management Console to save the state of the virtual machine.

B.

Log on to the virtual host and create a new dynamically expanding virtual hard disk.

C.

Use the Virtualization Management Console to create a snapshot of the virtual machine.

D.

Use the Edit Virtual Hard Disk Wizard to copy the virtual hard disk of the virtual machine.

Full Access
Question # 47

Which of the following threats is a combination of worm, virus, and Trojan horse characteristics?

A.

Spyware

B.

Heuristic

C.

Blended

D.

Rootkits

Full Access
Question # 48

Which of the following are the limitations for the cross site request forgery (CSRF) attack?

Each correct answer represents a complete solution. Choose all that apply.

A.

The attacker must determine the right values for all the form inputs.

B.

The attacker must target a site that doesn't check the referrer header.

C.

The target site should have limited lifetime authentication cookies.

D.

The target site should authenticate in GET and POST parameters, not only cookies.

Full Access
Question # 49

Which of the following are based on malicious code?

Each correct answer represents a complete solution. Choose two.

A.

Denial-of-Service (DoS)

B.

Biometrics

C.

Trojan horse

D.

Worm

Full Access