[Q138-Q162] Get instant access to GCIH Practice Tests 2024 Free Updated Today!

Get instant access to GCIH Practice Tests 2024 Free Updated Today!

Welcome to download the newest PassLeader GCIH PDF dumps ( 335 Q&As)

The benefit in Obtaining the GCIH Exam Certification

• Legal professional,
• A GCIH certified candidate can work as an incident manager
• Systems administrator
• IT manager, etc
• E-commerce security professional

Many business sectors are recruiting incident managers to protect their digital infrastructure and take appropriate measures against security breaches and other cybercrimes within an organization.

 

NEW QUESTION # 138
CORRECT TEXT
Fill in the blank with the appropriate option to complete the statement below.
You want to block all UDP packets coming to the Linux server using the portsentry utility. For this, you have to enable the ______ option in the portsentry configuration file.

Answer:

Explanation:
BLOCK
_UDP

NEW QUESTION # 139
Which of the following methods can be used to detect session hijacking attack?

• A. ntop
• B. Brutus
• C. nmap
• D. sniffer

Answer: D

NEW QUESTION # 140
Which of the following statements about buffer overflow is true?

• A. It is a condition in which an application receives more data than it is configured to accept.
• B. It is a collection of files used by Microsoft for software updates released between major service pack releases.
• C. It manages security credentials and public keys for message encryption.
• D. It is a false warning about a virus.

Answer: A

NEW QUESTION # 141
Which of the following is a type of computer security vulnerability typically found in Web applications that allow code
injection by malicious Web users into the Web pages viewed by other users?

• A. Privilege Escalation
• B. Cross-site scripting
• C. SID filtering
• D. Cookie poisoning

Answer: B

NEW QUESTION # 142
Which of the following types of channels is used by Trojans for communication?

• A. Covert channel
• B. Loop channel
• C. Overt channel
• D. Open channel

Answer: A

NEW QUESTION # 143
Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform a user must install a packet capture library.
What is the name of this library?

• A. SysPCap
• B. PCAP
• C. libpcap
• D. WinPCap

Answer: D

NEW QUESTION # 144
You want to add a netbus Trojan in the chess.exe game program so that you can gain remote access to a friend's computer. Which of the following tools will you use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

• A. Tripwire
• B. Pretator Wrapper
• C. Beast
• D. Yet Another Binder

Answer: B,D

NEW QUESTION # 145
Which of the following is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic?

• A. Code red
• B. SQL Slammer
• C. Klez
• D. Beast

Answer: B

Explanation:
Section: Volume A
Explanation/Reference:

NEW QUESTION # 146
You have configured a virtualized Internet browser on your Windows XP professional computer. Using the virtualized Internet browser, you can protect your operating system from which of the following?

• A. Brute force attack
• B. Distributed denial of service (DDOS) attack
• C. Mail bombing
• D. Malware installation from unknown Web sites

Answer: D

NEW QUESTION # 147
Which of the following tools can be used for network sniffing as well as for intercepting conversations through session
hijacking?

• A. Tripwire
• B. IPChains
• C. Ethercap
• D. Hunt

Answer: D

NEW QUESTION # 148
SIMULATION
Fill in the blank with the appropriate name of the tool.
______ scans for rootkits by comparing SHA-1 hashes of important files with known good ones in online database.

Answer:

Explanation:
rkhunter

NEW QUESTION # 149
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. He
installs a rootkit on the Linux server of the We-are-secure network. Which of the following statements are true about
rootkits?
Each correct answer represents a complete solution. Choose all that apply.

• A. They allow an attacker to run packet sniffers secretly to capture passwords.
• B. They allow an attacker to set a Trojan in the operating system and thus open a backdoor for
  anytime access.
• C. They allow an attacker to conduct a buffer overflow.
• D. They allow an attacker to replace utility programs that can be used to detect the attacker's
  activity.

Answer: A,B,D

NEW QUESTION # 150
James works as a Database Administrator for Techsoft Inc. The company has a SQL Server 2005 computer. The
computer has a database named Sales. Users complain that the performance of the database has deteriorated. James
opens the System Monitor tool and finds that there is an increase in network traffic. What kind of attack might be the
cause of the performance deterioration ?

• A. Injection
• B. Internal attack
• C. Virus
• D. Denial-of-Service

Answer: D

NEW QUESTION # 151
You enter the netstat -an command in the command prompt and you receive intimation that port number
7777 is open on your computer. Which of the following Trojans may be installed on your computer?

• A. NetBus
• B. Tini
• C. QAZ
• D. Donald Dick

Answer: B

NEW QUESTION # 152
Which of the following statements are true regarding SYN flood attack?

• A. SYN cookies provide protection against the SYN flood by eliminating the resources allocated on the target host.
• B. The attacker sends a succession of SYN requests to a target system.
• C. SYN flood is a form of Denial-of-Service (DoS) attack.
• D. The attacker sends thousands and thousands of ACK packets to the victim.

Answer: A,B,C

NEW QUESTION # 153
Which of the following characters will you use to check whether an application is vulnerable to an SQL injection attack?

• A. Double quote (")
• B. Dash (-)
• C. Semi colon (;)
• D. Single quote (')

Answer: D

NEW QUESTION # 154
Many organizations create network maps of their network system to visualize the network and understand the relationship between the end devices and the transport layer that provide services.
Which of the following are the techniques used for network mapping by large organizations?
Each correct answer represents a complete solution. Choose three.

• A. SNMP-based approaches
• B. Route analytics
• C. Active Probing
• D. Packet crafting

Answer: A,B,C

NEW QUESTION # 155
Which of the following malicious code can have more than one type of trigger, multiple task capabilities, and can replicate itself in more than one manner?

• A. Macro virus
• B. Blended threat
• C. Boot sector virus
• D. Trojan

Answer: B

NEW QUESTION # 156
Which of the following Linux rootkits allows an attacker to hide files, processes, and network connections?
Each correct answer represents a complete solution. Choose all that apply.

• A. Adore
• B. Phalanx2
• C. Beastkit
• D. Knark

Answer: A,D

Explanation:
Section: Volume C
Explanation/Reference:

NEW QUESTION # 157
Which of the following penetration testing phases involves gathering data from whois, DNS, and network scanning, which helps in mapping a target network and provides valuable information regarding the operating system and applications running on the systems?

• A. On-attack phase
• B. Attack phase
• C. Post-attack phase
• D. Pre-attack phase

Answer: D

NEW QUESTION # 158
Adam, a malicious hacker, wants to perform a reliable scan against a remote target. He is not concerned about being stealth at this point.
Which of the following type of scans would be most accurate and reliable?

• A. UDP sacn
• B. Fin scan
• C. TCP Connect scan
• D. ACK scan

Answer: C

NEW QUESTION # 159
In the DNS Zone transfer enumeration, an attacker attempts to retrieve a copy of the entire zone file for a domain from a DNS server. The information provided by the DNS zone can help an attacker gather user names, passwords, and other valuable information. To attempt a zone transfer, an attacker must be connected to a DNS server that is the authoritative server for that zone. Besides this, an attacker can launch a Denial of Service attack against the zone's DNS servers by flooding them with a lot of requests. Which of the following tools can an attacker use to perform a DNS zone transfer?
Each correct answer represents a complete solution. Choose all that apply.

• A. DSniff
• B. Dig
• C. Host
• D. NSLookup

Answer: B,C,D

NEW QUESTION # 160
Which of the following is the difference between SSL and S-HTTP?

• A. SSL operates at the application layer and S-HTTP operates at the transport layer.
• B. SSL operates at the transport layer and S-HTTP operates at the application layer.
• C. SSL operates at the network layer and S-HTTP operates at the application layer.
• D. SSL operates at the application layer and S-HTTP operates at the network layer.

Answer: B

Explanation:
Section: Volume C

NEW QUESTION # 161
Network mapping provides a security testing team with a blueprint of the organization. Which of the following steps is NOT a part of manual network mapping?

• A. Collecting employees information
• B. Performing Neotracerouting
• C. Banner grabbing
• D. Gathering private and public IP addresses

Answer: B

NEW QUESTION # 162
......

GIAC GCIH exam covers a wide range of topics related to incident handling and response, including incident response techniques, malware analysis, network forensics, and cyber threat intelligence. GCIH exam is designed to test candidates' knowledge and skills in these areas and to ensure that they have the necessary expertise to handle security incidents effectively. Candidates who pass the GCIH exam are considered to have a deep understanding of incident handling and response and are well-prepared to respond to security incidents in real-world situations.

 

May-2024 Latest BraindumpQuiz GCIH Exam Dumps with PDF and Exam Engine: https://www.braindumpquiz.com/GCIH-exam-material.html

Premium Quality GIAC GCIH Online dumps: https://drive.google.com/open?id=1mlhAbUFDob-D4toN_ma52OE9ye7uc-pm