09 December, 2024

The Most Up-to-date Guide To GCIH Training Materials

Your success in GIAC GCIH is our sole target and we develop all our GCIH braindumps in a way that facilitates the attainment of this target. Not only is our GCIH study material the best you can find, it is also the most detailed and the most updated. GCIH Practice Exams for GIAC GCIH are written to the highest standards of technical accuracy.

Page: 1 / 27

Total 328 questions Full Exam Access

Question 1

A Denial-of-Service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network. It is also known as network saturation attack or bandwidth consumption attack. Attackers perform DoS attacks by sending a large number of protocol packets to a network. The problems caused by a DoS attack are as follows:
l Saturation of network resources
l Disruption of connections between two computers, thereby preventing communications between services
l Disruption of services to a specific computer
l Failure to access a Web site
l Increase in the amount of spam
Which of the following can be used as countermeasures against DoS attacks?
Each correct answer represents a complete solution. Choose all that apply.

Blocking undesired IP addresses

Applying router filtering

Disabling unneeded network services

Permitting network access only to desired traffic

Question 2

Which of the following incident response team members ensures that the policies of the organization are enforced during the incident response?

Information Security representative

Legal representative

Human Resource

Technical representative

Question 3

108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 37.894 ms 33.244 ms
Solution:

Does this meet the goal?

Yes

Question 4

Which of the following statements about threats are true?
Each correct answer represents a complete solution. Choose all that apply.

A threat is a weakness or lack of safeguard that can be exploited by vulnerability, thus causing harm to the information systems or networks.

A threat is a potential for violation of security which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.

A threat is a sequence of circumstances and events that allows a human or other agent to cause an information-related misfortune by exploiting vulnerability in an IT product.

A threat is any circumstance or event with the potential of causing harm to a system in the form of destruction, disclosure, modification of data, or denial of service.

Question 5

Which of the following statements are true about firewalking?
Each correct answer represents a complete solution. Choose all that apply.

To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall.

In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.

A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall.

Firewalking works on the UDP packets.

Question 6

John works as an Ethical Hacker for Exambible Inc. He wants to find out the ports that are open in Exambible's server using a port scanner. However, he does not want to establish a full TCP connection.
Which of the following scanning techniques will he use to accomplish this task?

TCP FIN

TCP SYN/ACK

TCP SYN

Xmas tree

Question 7

Which of the following tools is an automated tool that is used to implement SQL injections and to retrieve data from Web server databases?

Fragroute

Absinthe

Stick

ADMutate

Question 8

Which of the following protocol loggers is used to detect ping sweep?

lppi

pitl

dpsl

ippl

Question 9

Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up a Trojan and joins it with chess.exe. Which of the following tools are required in such a scenario?
Each correct answer represents a part of the solution. Choose three.

NetBus

Absinthe

Yet Another Binder

Chess.exe

Question 10

Which of the following rootkits patches, hooks, or replaces system calls with versions that hide information about the attacker?

Library rootkit

Kernel level rootkit

Hypervisor rootkit

Boot loader rootkit

Question 11

Which of the following is a process of searching unauthorized modems?

Espionage

Wardialing

System auditing

Scavenging

Question 12

Maria works as a professional Ethical Hacker. She recently got a project to test the security of www.we-are-secure.com. Arrange the three pre -test phases of the attack to test the security of weare-secure.
GCIH dumps exhibit

Solution:
GCIH dumps exhibit

Does this meet the goal?

Yes

Question 13

Which of the following tools combines two programs, and also encrypts the resulting package in an attempt to foil antivirus programs?

Trojan Man

EliteWrap

Tiny

NetBus

Question 14

Who are the primary victims of smurf attacks on the contemporary Internet system?

IRC servers are the primary victims to smurf attacks

FTP servers are the primary victims to smurf attacks

SMTP servers are the primary victims to smurf attacks

Mail servers are the primary victims to smurf attacks

Question 15

Which of the following characters will you use to check whether an application is vulnerable to an SQL injection attack?

Dash (-)

Double quote (")

Single quote (')

Semi colon (;)

Question 16

Your company has been hired to provide consultancy, development, and integration services for a company named Brainbridge International. You have prepared a case study to plan the upgrade for the company. Based on the case study, which of the following steps will you suggest for configuring WebStore1?
Each correct answer represents a part of the solution. Choose two.

Customize IIS 6.0 to display a legal warning page on the generation of the 404.2 and 404.3 errors.

Move the WebStore1 server to the internal network.

Configure IIS 6.0 on WebStore1 to scan the URL for known buffer overflow attacks.

Move the computer account of WebStore1 to the Remote organizational unit (OU).

Page: 1 / 27

Total 328 questions Full Exam Access