Proper study guides for Up to the immediate present GIAC GIAC Certified Incident Handler certified begins with GIAC GCIH preparation products which designed to deliver the Guaranteed GCIH questions by making you pass the GCIH test at your first time. Try the free GCIH demo right now.

Check GCIH free dumps before getting the full version:

Which of the following is used to determine the range of IP addresses that are mapped to a live hosts?

  • A. Port sweep
  • B. Ping sweep
  • C. IP sweep
  • D. Telnet sweep

Answer: B

Which of the following types of attacks come under the category of hacker attacks?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Smurf
  • B. IP address spoofing
  • C. Teardrop
  • D. Password cracking

Answer: BD

What is the major difference between a worm and a Trojan horse?

  • A. A worm spreads via e-mail, while a Trojan horse does not.
  • B. A worm is a form of malicious program, while a Trojan horse is a utility.
  • C. A worm is self replicating, while a Trojan horse is not.
  • D. A Trojan horse is a malicious program, while a worm is an anti-virus software.

Answer: C

Which of the following applications is an example of a data-sending Trojan?

  • A. SubSeven
  • B. Senna Spy Generator
  • C. Firekiller 2000
  • D. eBlaster

Answer: D

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

  • A. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
  • B. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • C. HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"
  • D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Answer: C

Which of the following practices come in the category of denial of service attack?
Each correct answer represents a complete solution. Choose three.

  • A. Performing Back door attack on a system
  • B. Disrupting services to a specific computer
  • C. Sending thousands of malformed packets to a network for bandwidth consumption
  • D. Sending lots of ICMP packets to an IP address

Answer: BCD

Adam works as a Network administrator for Umbrella Inc. He noticed that an ICMP ECHO requests is coming from some suspected outside sources. Adam suspects that some malicious hacker is trying to perform ping sweep attack on the network of the company. To stop this malicious activity, Adam blocks the ICMP ECHO request from any outside sources.
What will be the effect of the action taken by Adam?

  • A. Network turns completely immune from the ping sweep attacks.
  • B. Network is still vulnerable to ping sweep attack.
  • C. Network is protected from the ping sweep attack until the next reboot of the server.
  • D. Network is now vulnerable to Ping of death attack.

Answer: B

Which of the following options scans the networks for vulnerabilities regarding the security of a network?

  • A. System enumerators
  • B. Port enumerators
  • C. Network enumerators
  • D. Vulnerability enumerators

Answer: C

You run the following PHP script:
<?php $name = mysql_real_escape_string($_POST["name"]);
$password = mysql_real_escape_string($_POST["password"]); ?>
What is the use of the mysql_real_escape_string() function in the above script.
Each correct answer represents a complete solution. Choose all that apply.

  • A. It can be used to mitigate a cross site scripting attack.
  • B. It can be used as a countermeasure against a SQL injection attack.
  • C. It escapes all special characters from strings $_POST["name"] and $_POST["password"] except ' and ".
  • D. It escapes all special characters from strings $_POST["name"] and $_POST["password"].

Answer: BD

Which of the following statements are true about session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Use of a long random number or string as the session key reduces session hijacking.
  • B. It is used to slow the working of victim's network resources.
  • C. TCP session hijacking is when a hacker takes over a TCP session between two machines.
  • D. It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.

Answer: ACD

You run the following command while using Nikto Web scanner:
perl -h -p 443
What action do you want to perform?

  • A. Using it as a proxy server
  • B. Updating Nikto
  • C. Seting Nikto for network sniffing
  • D. Port scanning

Answer: D

You want to scan your network quickly to detect live hosts by using ICMP ECHO Requests. What type of scanning will you perform to accomplish the task?

  • A. Idle scan
  • B. TCP SYN scan
  • C. XMAS scan
  • D. Ping sweep scan

Answer: D

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple small- sized packets to the target computer. Hence, it becomes very difficult for an IDS to detect the attack signatures of such attacks. Which of the following tools can be used to perform session splicing attacks?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Whisker
  • B. Fragroute
  • C. Nessus
  • D. Y.A.T.

Answer: AC

Adam, a novice web user, is very conscious about the security. He wants to visit the Web site that is known to have malicious applets and code. Adam always makes use of a basic Web Browser to perform such testing.
Which of the following web browsers can adequately fill this purpose?

  • A. Mozilla Firefox
  • B. Internet explorer
  • C. Lynx
  • D. Safari

Answer: C

John works as a professional Ethical Hacker. He has been assigned a project to test the security of On the We-are-secure login page, he enters ='or''=' as a username and successfully logs in to the user page of the Web site.
The we-are-secure login page is vulnerable to a __________.

  • A. Dictionary attack
  • B. SQL injection attack
  • C. Replay attack
  • D. Land attack

Answer: B

You are hired as a Database Administrator for Jennifer Shopping Cart Inc. You monitor the server health through the System Monitor and found that there is a sudden increase in the number of logins.
A case study is provided in the exhibit. Which of the following types of attack has occurred? (Click the Exhibit button on the toolbar to see the case study.)

  • A. Injection
  • B. Virus
  • C. Worm
  • D. Denial-of-service

Answer: D

Which of the following types of scan does not open a full TCP connection?

  • A. FIN scan
  • B. ACK scan
  • C. Stealth scan
  • D. Idle scan

Answer: C

Which of the following is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines?

  • A. Demon dialing
  • B. Warkitting
  • C. War driving
  • D. Wardialing

Answer: D

You work as a Network Administrator in the SecureTech Inc. The SecureTech Inc. is using Linux- based server. Recently, you have updated the password policy of the company in which the server will disable passwords after four trials. What type of attack do you want to stop by enabling this policy?

  • A. Brute force
  • B. Replay
  • C. XSS
  • D. Cookie poisoning

Answer: A


P.S. Easily pass GCIH Exam with 328 Q&As Dumps & pdf Version, Welcome to Download the Newest GCIH Dumps: (328 New Questions)