• Home
  • Articles
  • Reliable GCIH Dumps Questions Available as Web-Based Practice Test Engine [Q197-Q222]

Reliable GCIH Dumps Questions Available as Web-Based Practice Test Engine [Q197-Q222]

Share

Reliable GCIH Dumps Questions Available as Web-Based Practice Test Engine

Correct and Up-to-date GIAC GCIH BrainDumps


The GCIH certification program is designed to meet the needs of professionals who are responsible for managing and responding to security incidents within their organizations. This includes incident response teams, security engineers, security analysts, and security consultants. GIAC Certified Incident Handler certification helps candidates develop their skills in managing and responding to incidents, which is a critical aspect of cybersecurity.


GIAC GCIH certification is designed for individuals who are responsible for detecting, responding to, and resolving security incidents. This includes security professionals, incident responders, network administrators, and other IT professionals who are responsible for securing and protecting sensitive data. The GCIH certification provides candidates with the knowledge and skills necessary to identify and respond to security incidents in a timely and effective manner.

 

NEW QUESTION # 197
Which of the following tools will you use to prevent from session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Rlogin
  • B. SSL
  • C. OpenSSH
  • D. Telnet

Answer: B,C


NEW QUESTION # 198
Which of the following methods can be used to detect session hijacking attack?

  • A. ntop
  • B. nmap
  • C. sniffer
  • D. Brutus

Answer: C


NEW QUESTION # 199
Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?

  • A. Brute Force attack
  • B. Rainbow attack
  • C. Dictionary attack
  • D. Hybrid attack

Answer: B


NEW QUESTION # 200
OutGuess is used for __________ attack.

  • A. Web password cracking
  • B. Steganography
  • C. Man-in-the-middle
  • D. SQL injection

Answer: B


NEW QUESTION # 201
Which of the following is used to gather information about a remote network protected by a firewall?

  • A. Firechalking
  • B. Firewalking
  • C. Warchalking
  • D. Wardialing

Answer: B


NEW QUESTION # 202
Brutus is a password cracking tool that can be used to crack the following authentications:
l HTTP (Basic Authentication)
l HTTP (HTML Form/CGI)
l POP3 (Post Office Protocol v3)
l FTP (File Transfer Protocol)
l SMB (Server Message Block)
l Telnet
Which of the following attacks can be performed by Brutus for password cracking?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Dictionary attack
  • B. Man-in-the-middle attack
  • C. Replay attack
  • D. Brute force attack
  • E. Hybrid attack

Answer: A,D,E

Explanation:
Section: Volume C


NEW QUESTION # 203
You are concerned about rootkits on your network communicating with attackers outside your network. Without
using an IDS how can you detect this sort of activity?

  • A. You cannot, you need an IDS.
  • B. By examining your domain controller server logs.
  • C. By setting up a DMZ.
  • D. By examining your firewall logs.

Answer: D


NEW QUESTION # 204
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. The
company is aware of various types of security attacks and wants to impede them. Hence, management has assigned
John a project to port scan the company's Web Server. For this, he uses the nmap port scanner and issues the
following command to perform idle port scanning:
nmap -PN -p- -sI IP_Address_of_Company_Server
He analyzes that the server's TCP ports 21, 25, 80, and 111 are open.
Which of the following security policies is the company using during this entire process to mitigate the risk of hacking
attacks?

  • A. Audit policy
  • B. Antivirus policy
  • C. Non-disclosure agreement
  • D. Acceptable use policy

Answer: A


NEW QUESTION # 205
You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently,
your company has assigned you a project to test the security of the we-aresecure.com Web site. For this, you want to
perform the idle scan so that you can get the ports open in the we-are-secure.com server. You are using GIACing tool
to perform the idle scan by using a zombie computer. While scanning, you notice that every IPID is being incremented
on every query, regardless whether the ports are open or close. Sometimes, IPID is being incremented by more than
one value.
What may be the reason?

  • A. GIACing does not perform idle scanning.
  • B. The zombie computer is not connected to the we-are-secure.com Web server.
  • C. The firewall is blocking the scanning process.
  • D. The zombie computer is the system interacting with some other system besides your computer.

Answer: D


NEW QUESTION # 206
As a professional hacker, you want to crack the security of secureserver.com. For this, in the information gathering
step, you performed scanning with the help of nmap utility to retrieve as many different protocols as possible being
used by the secureserver.com so that you could get the accurate knowledge about what services were being used by
the secure server.com. Which of the following nmap switches have you used to accomplish the task?

  • A. nmap -sO
  • B. nmap -sT
  • C. nmap -sS
  • D. nmap -vO

Answer: A


NEW QUESTION # 207
In which of the following malicious hacking steps does email tracking come under?

  • A. Maintaining Access
  • B. Scanning
  • C. Reconnaissance
  • D. Gaining access

Answer: C

Explanation:
Section: Volume B


NEW QUESTION # 208
You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws
in those applications allowing some attacker to get into your network. What method would be best for finding such
flaws?

  • A. Vulnerability scanning
  • B. Manual penetration testing
  • C. Automated penetration testing
  • D. Code review

Answer: A


NEW QUESTION # 209
Adam works as a sales manager for Umbrella Inc. He wants to download software from the Internet. As the software comes from a site in his untrusted zone, Adam wants to ensure that the downloaded software has not been Trojaned. Which of the following options would indicate the best course of action for Adam?

  • A. Compare the file size of the software with the one given on the Website.
  • B. Compare the file's virus signature with the one published on the distribution.
  • C. Compare the version of the software with the one published on the distribution media.
  • D. Compare the file's MD5 signature with the one published on the distribution media.

Answer: D

Explanation:
Section: Volume A


NEW QUESTION # 210
Which of the following procedures is designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denialof-service, or unauthorized changes to system hardware, software, or data?

  • A. Crisis Communication Plan
  • B. Disaster Recovery Plan
  • C. Cyber Incident Response Plan
  • D. Occupant Emergency Plan

Answer: C


NEW QUESTION # 211
Which of the following services CANNOT be performed by the nmap utility?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Port scanning
  • B. Active OS fingerprinting
  • C. Sniffing
  • D. Passive OS fingerprinting

Answer: C,D


NEW QUESTION # 212
Which of the following penetration testing phases involves gathering data from whois, DNS, and network scanning, which helps in mapping a target network and provides valuable information regarding the operating system and applications running on the systems?

  • A. On-attack phase
  • B. Post-attack phase
  • C. Attack phase
  • D. Pre-attack phase

Answer: D

Explanation:
Section: Volume C


NEW QUESTION # 213
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?

  • A. Cross site scripting
  • B. Session fixation
  • C. Firewalking
  • D. Replay

Answer: D


NEW QUESTION # 214
John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure Website login page, he enters ='or''=' as a username and successfully logs on to the user page of the Web site. Now, John asks the we-aresecure Inc. to improve the login page PHP script. Which of the following suggestions can John give to improve the security of the we-are- secure Website login page from the SQL injection attack?

  • A. Use the mysql_real_escape_string() function for escaping input
  • B. Use the session_regenerate_id() function
  • C. Use the escapeshellcmd() function
  • D. Use the escapeshellarg() function

Answer: A

Explanation:
Section: Volume A


NEW QUESTION # 215
John visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1.
Original cookie values:
ItemID1=2 ItemPrice1=900 ItemID2=1 ItemPrice2=200
Modified cookie values:
ItemID1=2 ItemPrice1=1 ItemID2=1 ItemPrice2=1 Now, he clicks the Buy button, and the prices are sent to the server that calculates the total price.
Which of the following hacking techniques is John performing?

  • A. Cross site scripting
  • B. Man-in-the-middle attack
  • C. Computer-based social engineering
  • D. Cookie poisoning

Answer: D


NEW QUESTION # 216
Which of the following procedures is designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denialof-service, or unauthorized changes to system hardware, software, or data?

  • A. Crisis Communication Plan
  • B. Disaster Recovery Plan
  • C. Cyber Incident Response Plan
  • D. Occupant Emergency Plan

Answer: C

Explanation:
Section: Volume C


NEW QUESTION # 217
Which of the following malicious code can have more than one type of trigger, multiple task capabilities, and can replicate itself in more than one manner?

  • A. Macro virus
  • B. Trojan
  • C. Boot sector virus
  • D. Blended threat

Answer: D


NEW QUESTION # 218
You have inserted a Trojan on your friend's computer and you want to put it in the startup so that whenever the computer reboots the Trojan will start to run on the startup. Which of the following registry entries will you edit to accomplish the task?

  • A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Auto
  • B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Start
  • C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Startup
  • D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Answer: D

Explanation:
Section: Volume A


NEW QUESTION # 219
Which of the following characters will you use to check whether an application is vulnerable to an SQL injection attack?

  • A. Dash (-)
  • B. Double quote (")
  • C. Semi colon (;)
  • D. Single quote (')

Answer: D


NEW QUESTION # 220
Which of the following statements are true about firewalking?
Each correct answer represents a complete solution. Choose all that apply.

  • A. To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP
    address of a host located behind the firewall.
  • B. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall.
  • C. Firewalking works on the UDP packets.
  • D. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.

Answer: A,B,D


NEW QUESTION # 221
James works as a Database Administrator for Techsoft Inc. The company has a SQL Server 2005 computer. The computer has a database named Sales. Users complain that the performance of the database has deteriorated. James opens the System Monitor tool and finds that there is an increase in network traffic. What kind of attack might be the cause of the performance deterioration?

  • A. Internal attack
  • B. Injection
  • C. Virus
  • D. Denial-of-Service

Answer: D


NEW QUESTION # 222
......

100% Reliable Microsoft GCIH Exam Dumps Test Pdf Exam Material: https://www.passtorrent.com/GCIH-latest-torrent.html

Related Articles

more
GIAC GCIH Certification Practice Exam

Our exam sure pass torrent with the latest and accurate questions & answers help you pass the actual test with 100% assurance. Now, you can download the free demo for practice and try. You can easily pass with our training torrent.

Tags

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 PassTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy