
2022 GCIH dumps review - Professional Quiz Study Materials
GCIH Test Prep Training Practice Exam Questions Practice Tests
GIAC GCIH Exam Syllabus Topics:
| Topic | Details |
|---|---|
| SMB Scanning | - The candidate will demonstrate an understanding of how to identify, defend against, and mitigate reconnaissance and scanning of SMB services. |
| Covering Tracks on the Network | - The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against methods attackers use to remove evidence of compromise on the network. |
| Domain Attacks | - The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against Domain attacks in Windows environments. |
| Memory and Malware Investigations | - The candidate will demonstrate an understanding of the steps necessary to perform basic memory forensics, including collection and analysis of processes and network connections and basic malware analysis. |
| Drive-By Attacks | - The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against drive-by attacks in modern environments. |
| Metasploit | - The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against the use of Metasploit. |
| Incident Handling and Digital Investigations | - The candidate will demonstrate an understanding of what Incident Handling is, why it is important, an understanding of the PICERL incident handling process, and industry best practices in Incident Handling and Digital Investigations. |
| Netcat | - The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against the use of covert tools such as netcat. |
| Reconnaissance and Open-Source Intelligence | - The candidate will demonstrate an understanding of how to identify, defend against, and mitigate public and open source reconnaissance techniques. |
| Endpoint Attacks and Pivoting | - The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against attacks against endpoints and attack pivoting. |
| Physical Access Attacks | - The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against physical access attacks. |
| Scanning and Mapping | - The candidate will demonstrate an understanding the fundamentals of how to identify, defend against, and mitigate against scanning; to discover and map networks and hosts, and reveal services and vulnerabilities. |
| Web App Attacks | - The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against Web Application Attacks. |
| Password Attacks | - The candidate will demonstrate a detailed understanding of the three methods of password cracking. |
| Network Investigations | - The candidate will demonstrate an understanding of the steps necessary to perform effective digital investigations of network data. |
| Covering Tracks on Hosts | - The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against methods attackers use to remove evidence of compromise on hosts. |
NEW QUESTION 93
Adam works as a Senior Programmer for Umbrella Inc. A project has been assigned to him to write a short program to gather user input for a Web application. He wants to keep his program neat and simple. His chooses to use printf(str) where he should have ideally used printf("%s", str).
What attack will his program expose the Web application to?
- A. Format string attack
- B. Sequence++ attack
- C. Cross Site Scripting attack
- D. SQL injection attack
Answer: A
NEW QUESTION 94
Jason, a Malicious Hacker, is a student of Baker university. He wants to perform remote hacking on the server of DataSoft Inc. to hone his hacking skills. The company has a Windows-based network. Jason successfully enters the target system remotely by using the advantage of vulnerability. He places a Trojan to maintain future access and then disconnects the remote session. The employees of the company complain to Mark, who works as a Professional Ethical Hacker for DataSoft Inc., that some computers are very slow. Mark diagnoses the network and finds that some irrelevant log files and signs of Trojans are present on the computers. He suspects that a malicious hacker has accessed the network. Mark takes the help from Forensic Investigators and catches Jason.
Which of the following mistakes made by Jason helped the Forensic Investigators catch him?
- A. Jason did not perform port scanning.
- B. Jason did not perform OS fingerprinting.
- C. Jason did not perform a vulnerability assessment.
- D. Jason did not perform covering tracks.
- E. Jason did not perform foot printing.
Answer: D
NEW QUESTION 95
In the DNS Zone transfer enumeration, an attacker attempts to retrieve a copy of the entire zone file for a domain
from a DNS server. The information provided by the DNS zone can help an attacker gather user names, passwords, and
other valuable information. To attempt a zone transfer, an attacker must be connected to a DNS server that is the
authoritative server for that zone. Besides this, an attacker can launch a Denial of Service attack against the zone's
DNS servers by flooding them with a lot of requests. Which of the following tools can an attacker use to perform a
DNS zone transfer?
Each correct answer represents a complete solution. Choose all that apply.
- A. Dig
- B. Host
- C. NSLookup
- D. DSniff
Answer: A,B,C
NEW QUESTION 96
Which of the following practices come in the category of denial of service attack?
Each correct answer represents a complete solution. Choose three.
- A. Sending lots of ICMP packets to an IP address
- B. Disrupting services to a specific computer
- C. Sending thousands of malformed packets to a network for bandwidth consumption
- D. Performing Back door attack on a system
Answer: A,B,C
NEW QUESTION 97
You send SYN packets with the exact TTL of the target system starting at port 1 and going up to port 1024 using hping2 utility. This attack is known as __________.
- A. Firewalking
- B. Cloaking
- C. Spoofing
- D. Port scanning
Answer: A
Explanation:
Section: Volume B
NEW QUESTION 98
Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?
- A. Software keylogger
- B. Kernel keylogger
- C. Hardware keylogger
- D. OS keylogger
Answer: C
Explanation:
Section: Volume B
NEW QUESTION 99
You work as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company uses Check Point SmartDefense to provide security to the network of the company. You use SmartDefense on the HTTP servers of the company to fix the limitation for the maximum number of response headers allowed.
Which of the following attacks will be blocked by defining this limitation?
Each correct answer represents a complete solution. Choose all that apply.
- A. Land attack
- B. User-defined worm
- C. Code red worm
- D. Backdoor attack
Answer: B,C
NEW QUESTION 100
Which of the following malicious software travels across computer networks without the assistance of a user?
- A. Virus
- B. Worm
- C. Trojan horses
- D. Hoax
Answer: B
NEW QUESTION 101
You run the following command while using Nikto Web scanner:
perl nikto.pl -h 192.168.0.1 -p 443
What action do you want to perform?
- A. Seting Nikto for network sniffing
- B. Updating Nikto
- C. Port scanning
- D. Using it as a proxy server
Answer: C
NEW QUESTION 102
Which of the following techniques does an attacker use to sniff data frames on a local area network and modify the
traffic?
- A. ARP spoofing
- B. Email spoofing
- C. IP address spoofing
- D. MAC spoofing
Answer: A
NEW QUESTION 103
You run the following PHP script:
<?php $name = mysql_real_escape_string($_POST["name"]);
$password = mysql_real_escape_string($_POST["password"]); ?>
What is the use of the mysql_real_escape_string() function in the above script.
Each correct answer represents a complete solution. Choose all that apply.
- A. It can be used as a countermeasure against a SQL injection attack.
- B. It can be used to mitigate a cross site scripting attack.
- C. It escapes all special characters from strings $_POST["name"] and $_POST["password"] except ' and ".
- D. It escapes all special characters from strings $_POST["name"] and $_POST["password"].
Answer: A,D
Explanation:
Section: Volume C
NEW QUESTION 104
Which of the following tools can be used for steganography?
Each correct answer represents a complete solution. Choose all that apply.
- A. Anti-x
- B. Snow.exe
- C. Stegbreak
- D. Image hide
Answer: B,D
NEW QUESTION 105
Which of the following tools are used as a network traffic monitoring tool in the Linux operating
system?
Each correct answer represents a complete solution. Choose all that apply.
- A. MRTG
- B. Netbus
- C. Ntop
- D. IPTraf
Answer: A,C,D
NEW QUESTION 106
Which of the following is an Internet mapping technique that relies on various BGP collectors that collect information
such as routing updates and tables and provide this information publicly?
- A. AS Route Inference
- B. Firewalking
- C. Path MTU discovery (PMTUD)
- D. AS PATH Inference
Answer: D
NEW QUESTION 107
Which of the following penetration testing phases involves gathering data from whois, DNS, and network scanning,
which helps in mapping a target network and provides valuable information regarding the operating system and
applications running on the systems?
- A. On-attack phase
- B. Attack phase
- C. Post-attack phase
- D. Pre-attack phase
Answer: D
NEW QUESTION 108
Which of the following attacks allows an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether?
- A. Session hijacking
- B. ARP spoofing
- C. Man-in-the-middle
- D. Port scanning
Answer: B
Explanation:
Section: Volume C
NEW QUESTION 109
You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process to handle the events and incidents. You identify Denial of Service attack (DOS) from a network linked to your internal enterprise network. Which of the following phases of the Incident handling process should you follow next to handle this incident?
- A. Containment
- B. Recovery
- C. Identification
- D. Preparation
Answer: A
Explanation:
Section: Volume C
NEW QUESTION 110
Which of the following reads and writes data across network connections by using the TCP/IP protocol?
- A. 2Mosaic
- B. Netcat
- C. Fpipe
- D. NSLOOKUP
Answer: B
Explanation:
Section: Volume B
NEW QUESTION 111
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against __________.
- A. NetBIOS NULL session
- B. IIS buffer overflow
- C. DNS zone transfer
- D. SNMP enumeration
Answer: B
NEW QUESTION 112
Which of the following tools can be used for stress testing of a Web server?
Each correct answer represents a complete solution. Choose two.
- A. Internet bots
- B. Scripts
- C. Spyware
- D. Anti-virus software
Answer: A,B
Explanation:
Section: Volume A
NEW QUESTION 113
Which of the following statements are true about a keylogger?
Each correct answer represents a complete solution. Choose all that apply.
- A. It is a software tool used to trace all or specific activities of a user on a computer.
- B. It uses hidden code to destroy or scramble data on the hard disk.
- C. It records all keystrokes on the victim's computer in a predefined log file.
- D. It can be remotely installed on a computer system.
Answer: A,C,D
Explanation:
Section: Volume A
NEW QUESTION 114
Which of the following steps of incident response is steady in nature?
- A. Containment
- B. Preparation
- C. Eradication
- D. Recovery
Answer: B
NEW QUESTION 115
Which of the following tasks can be performed by using netcat utility?
Each correct answer represents a complete solution. Choose all that apply.
- A. Checking file integrity
- B. Firewall testing
- C. Creating a Backdoor
- D. Port scanning and service identification
Answer: B,C,D
NEW QUESTION 116
Adam works as an Incident Handler for Umbrella Inc. He is informed by the senior authorities that the server of the marketing department has been affected by a malicious hacking attack. Supervisors are also claiming that some sensitive data are also stolen.
Adam immediately arrived to the server room of the marketing department and identified the event as an incident. He isolated the infected network from the remaining part of the network and started preparing to image the entire system. He captures volatile data, such as running process, ram, and network connections.
Which of the following steps of the incident handling process is being performed by Adam?
- A. Containment
- B. Eradication
- C. Recovery
- D. Identification
Answer: A
NEW QUESTION 117
......
Exam Questions Answers Braindumps GCIH Exam Dumps PDF Questions: https://www.actualcollection.com/GCIH-exam-questions.html
GCIH Exam Dumps, GCIH Practice Test Questions: https://drive.google.com/open?id=1SVnT4tViXn5nui51q-0F05E02f_Xb_97