GIAC Certified Incident Handler v1.0 (GCIH)

Page:    1 / 57   
Total 849 questions

Which of the following tools can be used to detect the steganography?

  • A. Dskprobe
  • B. Blindside
  • C. ImageHide
  • D. Snow


Answer : A

In which of the following scanning methods do Windows operating systems send only RST packets irrespective of whether the port is open or closed?

  • A. TCP FIN
  • B. FTP bounce
  • C. XMAS
  • D. TCP SYN


Answer : A

Which of the following tools is used to download the Web pages of a Website on the local system?

  • A. wget
  • B. jplag
  • C. Nessus
  • D. Ettercap


Answer : A

Many organizations create network maps of their network system to visualize the network and understand the relationship between the end devices and the transport layer that provide services.
Which of the following are the techniques used for network mapping by large organizations?
Each correct answer represents a complete solution. (Choose three.)

  • A. Packet crafting
  • B. Route analytics
  • C. SNMP-based approaches
  • D. Active Probing


Answer : BCD

Which of the following functions can you use to mitigate a command injection attack?
Each correct answer represents a part of the solution. (Choose all that apply.)

  • A. escapeshellarg()
  • B. escapeshellcmd()
  • C. htmlentities()
  • D. strip_tags()


Answer : AB

Which of the following takes control of a session between a server and a client using TELNET, FTP, or any other non-encrypted TCP/IP utility?

  • A. Dictionary attack
  • B. Session Hijacking
  • C. Trojan horse
  • D. Social Engineering


Answer : B

Adam works as a Senior Programmer for Umbrella Inc. A project has been assigned to him to write a short program to gather user input for a Web application. He wants to keep his program neat and simple. His chooses to use printf(str) where he should have ideally used printf("%s", str).
What attack will his program expose the Web application to?

  • A. Format string attack
  • B. Cross Site Scripting attack
  • C. SQL injection attack
  • D. Sequence++ attack


Answer : A

Adam works as a sales manager for Umbrella Inc. He wants to download software from the Internet. As the software comes from a site in his untrusted zone,
Adam wants to ensure that the downloaded software has not been Trojaned. Which of the following options would indicate the best course of action for Adam?

  • A. Compare the file size of the software with the one given on the Website.
  • B. Compare the version of the software with the one published on the distribution media.
  • C. Compare the file's virus signature with the one published on the distribution.
  • D. Compare the file's MD5 signature with the one published on the distribution media.


Answer : D

Maria works as a professional Ethical Hacker. She is assigned a project to test the security of www.we-are-secure.com. She wants to test a DoS attack on the
We-are-secure server. She finds that the firewall of the server is blocking the ICMP messages, but it is not checking the UDP packets. Therefore, she sends a large amount of UDP echo request traffic to the IP broadcast addresses. These UDP requests have a spoofed source address of the We-are-secure server. Which of the following DoS attacks is Maria using to accomplish her task?

  • A. Ping flood attack
  • B. Fraggle DoS attack
  • C. Teardrop attack
  • D. Smurf DoS attack


Answer : B

Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?

  • A. Preparation phase
  • B. Eradication phase
  • C. Identification phase
  • D. Recovery phase
  • E. Containment phase


Answer : A

Which of the following is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic?

  • A. Klez
  • B. Code red
  • C. SQL Slammer
  • D. Beast


Answer : C

Which of the following is designed to protect the Internet resolvers (clients) from forged DNS data created by DNS cache poisoning?

  • A. Stub resolver
  • B. BINDER
  • C. Split-horizon DNS
  • D. Domain Name System Extension (DNSSEC)


Answer : D

You work as a System Engineer for Cyber World Inc. Your company has a single Active Directory domain. All servers in the domain run Windows Server 2008.
The Microsoft Hyper-V server role has been installed on one of the servers, namely uC1. uC1 hosts twelve virtual machines. You have been given the task to configure the Shutdown option for uC1, so that each virtual machine shuts down before the main Hyper-V server shuts down. Which of the following actions will you perform to accomplish the task?

  • A. Enable the Shut Down the Guest Operating System option in the Automatic Stop Action Properties on each virtual machine.
  • B. Manually shut down each of the guest operating systems before the server shuts down.
  • C. Create a batch file to shut down the guest operating system before the server shuts down.
  • D. Create a logon script to shut down the guest operating system before the server shuts down.


Answer : A

You work as a Network Administrator for InformSec Inc. You find that the TCP port number 23476 is open on your server. You suspect that there may be a Trojan named Donald Dick installed on your server. Now you want to verify whether Donald Dick is installed on it or not. For this, you want to know the process running on port 23476, as well as the process id, process name, and the path of the process on your server. Which of the following applications will you most likely use to accomplish the task?

  • A. Tripwire
  • B. SubSeven
  • C. Netstat
  • D. Fport


Answer : D

Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?

  • A. Rainbow attack
  • B. Brute Force attack
  • C. Dictionary attack
  • D. Hybrid attack


Answer : A

Page:    1 / 57   
Total 849 questions