2024 GCIH exam torrent GCIH Study Guide
Easily pass GCIH Exam with our Dumps & PDF Test Engine
GIAC GCIH (GIAC Certified Incident Handler) exam is a certification that validates an individual’s ability to handle and respond to security incidents. It is a highly respected certification in the cybersecurity industry that demonstrates an individual’s knowledge and skills in incident handling, incident response, and computer forensics. The GCIH certification is designed for professionals who are responsible for detecting, responding to, and preventing security incidents in their organizations.
NEW QUESTION # 181
Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?
- A. Identification phase
- B. Containment phase
- C. Recovery phase
- D. Eradication phase
- E. Preparation phase
Answer: E
Explanation:
Section: Volume A
NEW QUESTION # 182
Which of the following statements about reconnaissance is true?
- A. It describes an attempt to transfer DNS zone data.
- B. It is also known as half-open scanning.
- C. It is a computer that is used to attract potential intruders or attackers.
- D. It is any program that allows a hacker to connect to a computer without going through the normal authentication process.
Answer: A
NEW QUESTION # 183
Which of the following statements are true about worms?
Each correct answer represents a complete solution. Choose all that apply.
- A. Worms replicate themselves from one system to another without using a host file.
- B. Worms can exist inside files such as Word or Excel documents.
- C. Worms cause harm to the network by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
- D. One feature of worms is keystroke logging.
Answer: A,B,C
Explanation:
Section: Volume A
NEW QUESTION # 184
In which of the following malicious hacking steps does email tracking come under?
- A. Gaining access
- B. Maintaining Access
- C. Reconnaissance
- D. Scanning
Answer: C
NEW QUESTION # 185
You work as a Network Penetration tester in the Secure Inc. Your company takes the projects to test the security of various companies. Recently, Secure Inc. has assigned you a project to test the security of a Web site. You go to the Web site login page and you run the following SQL query:
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = '[email protected]'; DROP TABLE members; --'
What task will the above SQL query perform?
- A. Deletes the rows of members table where email id is '[email protected]' given.
- B. Performs the XSS attacks.
- C. Deletes the database in which members table resides.
- D. Deletes the entire members table.
Answer: D
NEW QUESTION # 186
Which of the following statements are true about netcat?
Each correct answer represents a complete solution. Choose all that apply.
- A. It provides outbound and inbound connections for TCP and UDP ports.
- B. It provides special tunneling, such as UDP to TCP, with the possibility of specifying all network parameters.
- C. It can be used as a file transfer solution.
- D. The nc -z command can be used to redirect stdin/stdout from a program.
Answer: A,B,C
Explanation:
Section: Volume A
NEW QUESTION # 187
Which of the following malicious software travels across computer networks without the assistance of a user?
- A. Worm
- B. Hoax
- C. Trojan horses
- D. Virus
Answer: A
Explanation:
Section: Volume A
NEW QUESTION # 188
Which of the following controls is described in the statement given below?
"It ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at."
- A. Role-based Access Control
- B. Mandatory Access Control
- C. Discretionary Access Control
- D. Attribute-based Access Control
Answer: B
Explanation:
Section: Volume C
NEW QUESTION # 189
Which of the following procedures is designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denialof- service, or unauthorized changes to system hardware, software, or data?
- A. Crisis Communication Plan
- B. Cyber Incident Response Plan
- C. Occupant Emergency Plan
- D. Disaster Recovery Plan
Answer: B
NEW QUESTION # 190
John works as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company uses Check Point SmartDefense to provide security to the network of the company. On the HTTP servers of the company, John defines a rule for dropping any kind of userdefined URLs. Which of the following types of attacks can be prevented by dropping the user-defined URLs?
- A. PTC worms and mutations
- B. Morris worm
- C. Code red worm
- D. Hybrid attacks
Answer: A
NEW QUESTION # 191
Which of the following is used to gather information about a remote network protected by a firewall?
- A. Wardialing
- B. Firewalking
- C. Firechalking
- D. Warchalking
Answer: B
Explanation:
Section: Volume C
NEW QUESTION # 192
You want to integrate the Nikto tool with nessus vulnerability scanner. Which of the following steps will you take to accomplish the task?
Each correct answer represents a complete solution. Choose two.
- A. Place the directory containing nikto.pl in root's PATH environment variable.
- B. Restart nessusd service.
- C. Place nikto.pl file in the /etc/nessus directory.
- D. Place nikto.pl file in the /var/www directory.
Answer: A,B
NEW QUESTION # 193
John works as a Network Security Professional. He is assigned a project to test the security of
www.we-are-secure.com. He establishes a connection to a target host running a Web service with netcat and sends a bad html request in order to retrieve information about the service on the host.
Which of the following attacks is John using?
- A. Eavesdropping
- B. Sniffing
- C. War driving
- D. Banner grabbing
Answer: D
NEW QUESTION # 194
John works as a Penetration Tester in a security service providing firm named you-are-secure Inc. Recently, John's
company has got a project to test the security of a promotional Website www.missatlanta.com and assigned the pen-
testing work to John. When John is performing penetration testing, he inserts the following script in the search box at
the company home page:
<script>alert('Hi, John')</script>
After pressing the search button, a pop-up box appears on his screen with the text - "Hi, John." Which of the following
attacks can be performed on the Web site tested by john while considering the above scenario?
- A. Buffer overflow attack
- B. Replay attack
- C. XSS attack
- D. CSRF attack
Answer: C
NEW QUESTION # 195
Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up a Trojan and joins it with chess.exe. Which of the following tools are required in such a scenario?
Each correct answer represents a part of the solution. Choose three.
- A. NetBus
- B. Yet Another Binder
- C. Chess.exe
- D. Absinthe
Answer: A,B,C
NEW QUESTION # 196
You send SYN packets with the exact TTL of the target system starting at port 1 and going up to port 1024 using hping2 utility. This attack is known as __________.
- A. Cloaking
- B. Firewalking
- C. Port scanning
- D. Spoofing
Answer: B
Explanation:
Section: Volume B
Explanation/Reference:
NEW QUESTION # 197
Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?
- A. Hardware keylogger
- B. OS keylogger
- C. Kernel keylogger
- D. Software keylogger
Answer: A
NEW QUESTION # 198
Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform a user must install a packet capture library.
What is the name of this library?
- A. libpcap
- B. SysPCap
- C. PCAP
- D. WinPCap
Answer: D
NEW QUESTION # 199
......
GCIH PDF Pass Leader, GCIH Latest Real Test: https://www.actualcollection.com/GCIH-exam-questions.html
Valid GCIH Test Answers & GCIH Exam PDF: https://drive.google.com/open?id=1SVnT4tViXn5nui51q-0F05E02f_Xb_97