Get 100% Success with Latest GIAC Information Security GCIH Exam Dumps Nov 01, 2023 [Q166-Q188]

Share

Get 100% Success with Latest GIAC Information Security GCIH Exam Dumps Nov 01, 2023

The Best GCIH Exam Study Material and Preparation Test Question Dumps


GIAC Certified Incident Handler (GCIH) exam is designed to test the skills and knowledge of professionals who are responsible for detecting, responding to, and resolving computer security incidents. GCIH exam covers a wide range of topics, including incident handling processes, network traffic analysis, malware analysis, and digital forensics. By passing the GCIH exam, IT professionals can demonstrate their expertise in incident handling and their ability to protect their organization from cyber threats.

 

NEW QUESTION # 166
You see the career section of a company's Web site and analyze the job profile requirements. You conclude that the company wants professionals who have a sharp knowledge of Windows server 2003 and Windows active directory installation and placement. Which of the following steps are you using to perform hacking?

  • A. Reconnaissance
  • B. Gaining access
  • C. Scanning
  • D. Covering tracks

Answer: A


NEW QUESTION # 167
Which of the following malicious code can have more than one type of trigger, multiple task capabilities, and can replicate itself in more than one manner?

  • A. Macro virus
  • B. Trojan
  • C. Boot sector virus
  • D. Blended threat

Answer: D

Explanation:
Section: Volume B


NEW QUESTION # 168
Adam, a malicious hacker has successfully gained unauthorized access to the Linux system of Umbrella Inc. Web server of the company runs on Apache. He has downloaded sensitive documents and database files from the computer.
After performing these malicious tasks, Adam finally runs the following command on the Linux command box before disconnecting.
for (( i = 0;i<11;i++ )); do dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda done Which of the following actions does Adam want to perform by the above command?

  • A. Infecting the hard disk with polymorphic virus strings.
  • B. Wiping the contents of the hard disk with zeros.
  • C. Deleting all log files present on the system.
  • D. Making a bit stream copy of the entire hard disk for later download.

Answer: B


NEW QUESTION # 169
John, a part-time hacker, has accessed in unauthorized way to the www.yourbank.com banking Website and stolen
the bank account information of its users and their credit card numbers by using the SQL injection attack. Now, John
wants to sell this information to malicious person Mark and make a deal to get a good amount of money. Since, he
does not want to send the hacked information in the clear text format to Mark; he decides to send information in
hidden text. For this, he takes a steganography tool and hides the information in ASCII text by appending whitespace
to the end of lines and encrypts the hidden information by using the IDEA encryption algorithm. Which of the
following tools is John using for steganography?

  • A. Netcat
  • B. Snow.exe
  • C. 2Mosaic
  • D. Image Hide

Answer: B


NEW QUESTION # 170
Which of the following is the process of comparing cryptographic hash functions of system executables and configuration files?

  • A. Spoofing
  • B. File integrity auditing
  • C. Reconnaissance
  • D. Shoulder surfing

Answer: B


NEW QUESTION # 171
You are monitoring your network's behavior. You find a sudden increase in traffic on the network. It seems to come in bursts and emanate from one specific machine. You have been able to determine that a user of that machine is unaware of the activity and lacks the computer knowledge required to be responsible for a computer attack. What attack might this indicate?

  • A. Denial of Service
  • B. Ping Flood
  • C. Session Hijacking
  • D. Spyware

Answer: D


NEW QUESTION # 172
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we- are-secure.com. He performs Web vulnerability scanning on the We-are-secure server. The output of the scanning test is as follows:
C:\whisker.pl -h target_IP_address
-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = -
= Host: target_IP_address
= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1
mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22
+ 200 OK: HEAD /cgi-bin/printenv
John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?
Each correct answer represents a complete solution. Choose all that apply.

  • A. The countermeasure to 'printenv' vulnerability is to remove the CGI script.
  • B. This vulnerability helps in a cross site scripting attack.
  • C. With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.
  • D. 'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.

Answer: A,B,C

Explanation:
Section: Volume A


NEW QUESTION # 173
Which of the following attacks saturates network resources and disrupts services to a specific computer?

  • A. Teardrop attack
  • B. Denial-of-Service (DoS) attack
  • C. Replay attack
  • D. Polymorphic shell code attack

Answer: B


NEW QUESTION # 174
Which of the following tools is described in the statement given below?
"It has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and
commonly used web CGI scripts. Moreover, the database detects DdoS zombies and Trojans as well."

  • A. Anti-x
  • B. Nmap
  • C. SARA
  • D. Nessus

Answer: D


NEW QUESTION # 175
Which of the following tools can be used for steganography?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Image hide
  • B. Anti-x
  • C. Stegbreak
  • D. Snow.exe

Answer: A,D


NEW QUESTION # 176
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint.
Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?

  • A. nmap -sS
  • B. nmap -O -p
  • C. nmap -sU -p
  • D. nmap -sT

Answer: B

Explanation:
Section: Volume C


NEW QUESTION # 177
Which of the following rootkits is able to load the original operating system as a virtual machine, thereby enabling it to intercept all hardware calls made by the original operating system?

  • A. Library rootkit
  • B. Kernel level rootkit
  • C. Boot loader rootkit
  • D. Hypervisor rootkit

Answer: D

Explanation:
Section: Volume B


NEW QUESTION # 178
Adam, a novice computer user, works primarily from home as a medical professional. He just bought a brand new
Dual Core Pentium computer with over 3 GB of RAM. After about two months of working on his new computer, he
notices that it is not running nearly as fast as it used to. Adam uses antivirus software, anti-spyware software, and
keeps the computer up-to-date with Microsoft patches. After another month of working on the computer, Adam finds
that his computer is even more noticeably slow. He also notices a window or two pop-up on his screen, but they
quickly disappear. He has seen these windows show up, even when he has not been on the Internet. Adam notices
that his computer only has about 10 GB of free space available. Since his hard drive is a 200 GB hard drive, Adam
thinks this is very odd.
Which of the following is the mostly likely the cause of the problem?

  • A. Computer is infected with the Stealth Trojan Virus.
  • B. Computer is infected with the Self-Replication Worm.
  • C. Computer is infected with stealth virus.
  • D. Computer is infected with the stealth kernel level rootkit.

Answer: D


NEW QUESTION # 179
Which of the following types of attacks is often performed by looking surreptitiously at the keyboard or monitor of an employee's computer?

  • A. Denial-of-Service (DoS) attack
  • B. Shoulder surfing attack
  • C. Buffer-overflow attack
  • D. Man-in-the-middle attack

Answer: B


NEW QUESTION # 180
You work as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company uses Check Point SmartDefense to provide security to the network of the company. You use SmartDefense on the HTTP servers of the company to fix the limitation for the maximum number of response headers allowed.
Which of the following attacks will be blocked by defining this limitation?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Code red worm
  • B. User-defined worm
  • C. Backdoor attack
  • D. Land attack

Answer: A,B


NEW QUESTION # 181
Which of the following attacks allows an attacker to sniff data frames on a local area network (LAN) or stop the traffic
altogether?

  • A. Port scanning
  • B. ARP spoofing
  • C. Session hijacking
  • D. Man-in-the-middle

Answer: B


NEW QUESTION # 182
Which of the following statements about buffer overflow are true?
Each correct answer represents a complete solution. Choose two.

  • A. It can terminate an application.
  • B. It can improve application performance.
  • C. It is a situation that occurs when an application receives more data than it is configured to accept.
  • D. It is a situation that occurs when a storage device runs out of space.

Answer: A,C

Explanation:
Section: Volume C


NEW QUESTION # 183
Which of the following tools can be used to perform brute force attack on a remote database?
Each correct answer represents a complete solution. Choose all that apply.

  • A. SQLDict
  • B. FindSA
  • C. nmap
  • D. SQLBF

Answer: A,B,D

Explanation:
Section: Volume A


NEW QUESTION # 184
You see the career section of a company's Web site and analyze the job profile requirements. You conclude that the
company wants professionals who have a sharp knowledge of Windows server 2003 and Windows active directory
installation and placement. Which of the following steps are you using to perform hacking?

  • A. Reconnaissance
  • B. Gaining access
  • C. Scanning
  • D. Covering tracks

Answer: A


NEW QUESTION # 185
Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform a user must install a packet capture library.
What is the name of this library?

  • A. SysPCap
  • B. libpcap
  • C. WinPCap
  • D. PCAP

Answer: C


NEW QUESTION # 186
Which of the following refers to a condition in which a hacker sends a bunch of packets that leave TCP ports half open?

  • A. Spoofing
  • B. SYN attack
  • C. PING attack
  • D. Hacking

Answer: B

Explanation:
Section: Volume C


NEW QUESTION # 187
Which of the following tools is an automated tool that is used to implement SQL injections and to retrieve data from Web server databases?

  • A. Absinthe
  • B. Stick
  • C. Fragroute
  • D. ADMutate

Answer: A


NEW QUESTION # 188
......

Get Ready to Pass the GCIH exam Right Now Using Our GIAC Information Security Exam Package: https://practicetorrent.exam4pdf.com/GCIH-dumps-torrent.html