• Home
  • Blogs
  • Free GCIH Exam Files Verified & Correct Answers Downloaded Instantly [Q115-Q137]

Free GCIH Exam Files Verified & Correct Answers Downloaded Instantly [Q115-Q137]

Share

Free GCIH Exam Files Verified & Correct Answers Downloaded Instantly

Instant Download GCIH Dumps Q&As Provide PDF&Test Engine


The GCIH exam is offered by GIAC (Global Information Assurance Certification), a leading provider of information security certifications. GIAC is well-respected in the industry for its rigorous testing standards and its focus on practical, hands-on skills. The GCIH certification is recognized by employers around the world as a mark of excellence in incident handling and response.

 

NEW QUESTION # 115
John is a malicious attacker. He illegally accesses the server of We-are-secure Inc. He then places a backdoor in the
We-are-secure server and alters its log files. Which of the following steps of malicious hacking includes altering the
server log files?

  • A. Maintaining access
  • B. Gaining access
  • C. Covering tracks
  • D. Reconnaissance

Answer: C


NEW QUESTION # 116
Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?

  • A. Rainbow attack
  • B. Brute Force attack
  • C. Dictionary attack
  • D. Hybrid attack

Answer: A

Explanation:
Section: Volume A


NEW QUESTION # 117
In which of the following methods does an hacker use packet sniffing to read network traffic between two parties to steal the session cookies?

  • A. Physical accessing
  • B. Session fixation
  • C. Cross-site scripting
  • D. Session sidejacking

Answer: D

Explanation:
Section: Volume B


NEW QUESTION # 118
Session splicing is an IDS evasion technique in which an attacker delivers data in multiple small-sized packets to the
target computer. Hence, it becomes very difficult for an IDS to detect the attack signatures of such attacks. Which of
the following tools can be used to perform session splicing attacks?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Nessus
  • B. Fragroute
  • C. Whisker
  • D. Y.A.T.

Answer: A,C


NEW QUESTION # 119
Maria works as a professional Ethical Hacker. She recently got a project to test the security of www.we-are-secure.com.
Arrange the three pre-test phases of the attack to test the security of weare-secure.

Answer:

Explanation:


NEW QUESTION # 120
Which of the following statements are true regarding SYN flood attack?

  • A. SYN cookies provide protection against the SYN flood by eliminating the resources allocated on the target host.
  • B. SYN flood is a form of Denial-of-Service (DoS) attack.
  • C. The attacker sends a succession of SYN requests to a target system.
  • D. The attacker sends thousands and thousands of ACK packets to the victim.

Answer: A,B,C


NEW QUESTION # 121
Which of the following actions is performed by the netcat command given below?
nc 55555 < /etc/passwd

  • A. It changes the /etc/passwd file when connected to the UDP port 55555.
  • B. It grabs the /etc/passwd file when connected to UDP port 55555.
  • C. It fills the incoming connections to /etc/passwd file.
  • D. It resets the /etc/passwd file to the UDP port 55555.

Answer: B


NEW QUESTION # 122
Which of the following statements are true about tcp wrappers?
Each correct answer represents a complete solution. Choose all that apply.

  • A. tcp wrapper allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens to filter for access control purposes.
  • B. When a user uses a TCP wrapper, the inetd daemon runs the wrapper program tcpd instead of running the server program directly.
  • C. tcp wrapper protects a Linux server from IP address spoofing.
  • D. tcp wrapper provides access control, host address spoofing, client username lookups, etc.

Answer: A,B,D


NEW QUESTION # 123
Which of the following is a method of gaining access to a system that bypasses normal authentication?

  • A. Teardrop
  • B. Trojan horse
  • C. Smurf
  • D. Back door

Answer: D

Explanation:
Section: Volume C


NEW QUESTION # 124
Which of the following techniques is used when a system performs the penetration testing with the objective of accessing unauthorized information residing inside a computer?

  • A. Port scanning
  • B. Van Eck Phreaking
  • C. Biometrician
  • D. Phreaking

Answer: A


NEW QUESTION # 125
SIMULATION
Fill in the blank with the appropriate term.
_______is the practice of monitoring and potentially restricting the flow of information outbound from one network to another

Answer:

Explanation:
Egress filtering


NEW QUESTION # 126
John works as a Professional Ethical Hacker for NetPerfect Inc. The company has a Linux-based network. All client computers are running on Red Hat 7.0 Linux. The Sales Manager of the company complains to John that his system contains an unknown package named as tar.gz and his documents are exploited. To resolve the problem, John uses a Port scanner to enquire about the open ports and finds out that the HTTP server service port on 27374 is open. He suspects that the other computers on the network are also facing the same problem.
John discovers that a malicious application is using the synscan tool to randomly generate IP addresses.
Which of the following worms has attacked the computer?

  • A. Code red
  • B. Nimda
  • C. LoveLetter
  • D. Ramen

Answer: D

Explanation:
Section: Volume C
Explanation/Reference:


NEW QUESTION # 127
In which of the following steps of the incident handling processes does the Incident Handler make sure that all business processes and functions are back to normal and then also wants to monitor the system or processes to ensure that the system is not compromised again?

  • A. Eradication
  • B. Containment
  • C. Lesson Learned
  • D. Recovery

Answer: D


NEW QUESTION # 128
Which of the following techniques can be used to map 'open' or 'pass through' ports on a gateway?

  • A. Traceport
  • B. Tracefire
  • C. Tracegate
  • D. Traceroute

Answer: D


NEW QUESTION # 129
Mark works as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The
company uses Check Point SmartDefense to provide security to the network. Mark uses SmartDefense on the HTTP
servers of the company to fix the limitation for the maximum response header length. Which of the following attacks
can be blocked by defining this limitation?

  • A. Melissa virus attack
  • B. Ramen worm attack
  • C. HTR Overflow worms and mutations
  • D. Shoulder surfing attack

Answer: C


NEW QUESTION # 130
Victor wants to send an encrypted message to his friend. He is using certain steganography technique to accomplish
this task. He takes a cover object and changes it accordingly to hide information. This secret information is recovered
only when the algorithm compares the changed cover with the original cover. Which of the following Steganography
methods is Victor using to accomplish the task?

  • A. The substitution technique
  • B. The cover generation technique
  • C. The distortion technique
  • D. The spread spectrum technique

Answer: C


NEW QUESTION # 131
Adam has installed and configured his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router.
Adam notices that when he uses his wireless connection, the speed is sometimes 16 Mbps and sometimes it is only 8 Mbps or less. Adam connects to the management utility wireless router and finds out that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has the same MAC address as his laptop.
Which of the following attacks has been occurred on the wireless network of Adam?

  • A. MAC spoofing
  • B. NAT spoofing
  • C. ARP spoofing
  • D. DNS cache poisoning

Answer: A


NEW QUESTION # 132
Which of the following are the primary goals of the incident handling team?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Prevent any further damage.
  • B. Inform higher authorities.
  • C. Repair any damage caused by an incident.
  • D. Freeze the scene.

Answer: A,C,D

Explanation:
Section: Volume A


NEW QUESTION # 133
John works as a Penetration Tester in a security service providing firm named you-are-secure Inc. Recently, John's
company has got a project to test the security of a promotional Website www.missatlanta.com and assigned the pen-
testing work to John. When John is performing penetration testing, he inserts the following script in the search box at
the company home page:
<script>alert('Hi, John')</script>
After pressing the search button, a pop-up box appears on his screen with the text - "Hi, John." Which of the following
attacks can be performed on the Web site tested by john while considering the above scenario?

  • A. CSRF attack
  • B. Replay attack
  • C. XSS attack
  • D. Buffer overflow attack

Answer: C


NEW QUESTION # 134
Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up a Trojan and joins it to chess.exe.
The size of chess.exe was 526,895 bytes originally, and after joining this chess file to the Trojan, the file size increased to 651,823 bytes. When he gives you this new game, you install the infected chess.exe file on your computer. He now performs various malicious tasks on your computer remotely. But you suspect that someone has installed a Trojan on your computer and begin to investigate it. When you enter the netstat command in the command prompt, you get the following results:
C:\WINDOWS>netstat -an | find "UDP" UDP IP_Address:31337 *:*
Now you check the following registry address:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices In the above address, you notice a 'default' key in the 'Name' field having " .exe" value in the corresponding
'Data' field. Which of the following Trojans do you think your friend may have installed on your computer on the basis of the above evidence?

  • A. Donald Dick
  • B. Back Orifice
  • C. Tini
  • D. Qaz

Answer: B

Explanation:
Section: Volume C


NEW QUESTION # 135
Adam works as a Penetration Tester for Umbrella Inc. A project has been assigned to him check the security of
wireless network of the company. He re-injects a captured wireless packet back onto the network. He does this
hundreds of times within a second. The packet is correctly encrypted and Adam assumes it is an ARP request packet.
The wireless host responds with a stream of responses, all individually encrypted with different IVs.
Which of the following types of attack is Adam performing?

  • A. MAC Spoofing attack
  • B. Replay attack
  • C. Network injection attack
  • D. Caffe Latte attack

Answer: B


NEW QUESTION # 136
Adam works as a Security administrator for Umbrella Inc. He runs the following traceroute and notices that hops 19 and 20 both show the same IP address.
1 172.16.1.254 (172.16.1.254) 0.724 ms 3.285 ms 0.613 ms 2 ip68-98-176-1.nv.nv.cox.net (68.98.176.1) 12.169 ms 14.958 ms 13.416 ms 3 ip68-98-176-1.nv.nv.cox.net (68.98.176.1) 13.948 ms ip68-100-0-1.nv.nv. cox.net (68.100.0.1) 16.743 ms 16.207 ms 4 ip68-100-0-
137.nv.nv.cox.net (68.100.0.137) 17.324 ms 13.933 ms 20.938 ms 5 68.1.1.4 (68.1.1.4) 12.439 ms 220.166 ms 204.170 ms
6 so-6-0-0.gar2.wdc1.Level3.net (67.29.170.1) 16.177 ms 25.943 ms 14.104 ms 7 unknown.Level3.net (209.247.9.173) 14.227 ms 17.553 ms 15.415 ms "PassGuide" - 8 so-0-1-
0.bbr1.NewYork1.level3.net (64.159.1.41) 17.063 ms 20.960 ms 19.512 ms 9 so-7-0-0.gar1.
NewYork1.Level3.net (64.159.1.182) 20.334 ms 19.440 ms 17.938 ms 10 so-4-0-
0.edge1.NewYork1.Level3.
net (209.244.17.74) 27.526 ms 18.317 ms 21.202 ms 11 uunet-level3- oc48.NewYork1.Level3.net (209.244.160.12) 21.411 ms 19.133 ms 18.830 ms 12 0.so-6-0-0.XL1.NYC4.ALTER.NET (152.63.21.78)
21.203 ms 22.670 ms 20.111 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153) 30.929 ms 24.858 ms
23.108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 37.894 ms 33.244 ms
33.910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms
49.466 ms 16 0.so-3-0-0.XR1.MIA4.ALTER.
NET (152.63.101.41) 50.937 ms 49.005 ms 51.055 ms 17 117.ATM6- 0.GW5.MIA1.ALTER.NET (152.63.82.73) 51.897 ms 50.280 ms 53.647 ms 18 PassGuidegw1. customer.alter.net (65.195.239.14)
51.921 ms 51.571 ms 56.855 ms 19 www.PassGuide.com (65.195.239.22) 52.191 ms 52.571 ms 56.855 ms 20 www.PassGuide.com (65.195.239.22) 53.561 ms 54.121 ms 58.333 ms Which of the following is the most like cause of this issue?

  • A. Intrusion Detection System
  • B. Network Intrusion system
  • C. An application firewall
  • D. A stateful inspection firewall

Answer: D

Explanation:
Section: Volume A


NEW QUESTION # 137
......


Obtaining the GCIH certification can open up a variety of career opportunities in the cybersecurity industry. Employers value candidates who are certified in incident handling because it demonstrates their expertise in this critical area. In addition, the GCIH certification is recognized globally, meaning that certified individuals can pursue job opportunities both domestically and internationally.


GIAC GCIH certification is highly respected in the cybersecurity industry and is recognized by employers around the world. Holding this certification demonstrates a candidate's knowledge and skills in incident handling and response, which is essential for protecting an organization's sensitive data and systems. It also helps IT professionals advance their careers and open up new job opportunities in the field of cybersecurity.

 

Exam Valid Dumps with Instant Download Free Updates: https://www.lead1pass.com/GIAC/GCIH-practice-exam-dumps.html

Fast Exam Updates GCIH dumps with PDF Test Engine Practice: https://drive.google.com/open?id=1aHF4dxxRkqidxzE9ZuHdsausf9aZIL9v

Related Blogs

more
GIAC GCIH Certification Practice Exam