GIAC GCIH Free Practice Questions

NEW QUESTION 1
Which of the following functions in c/c++ can be the cause of buffer overflow?
Each correct answer represents a complete solution. Choose two.

• A. printf()
• B. strcat()
• C. strcpy()
• D. strlength()

Answer: BC

NEW QUESTION 2
Which of the following commands is used to access Windows resources from Linux workstation?

• A. mutt
• B. scp
• C. rsync
• D. smbclient

Answer: D

NEW QUESTION 3
CORRECT TEXT
Fill in the blank with the appropriate term.
_______is the practice of monitoring and potentially restricting the flow of information outbound from one network to another

• A.

Answer: Egressfiltering

NEW QUESTION 4
Which of the following can be used as a countermeasure against the SQL injection attack?
Each correct answer represents a complete solution. Choose two.

• A. mysql_real_escape_string()
• B. session_regenerate_id()
• C. mysql_escape_string()
• D. Prepared statement

Answer: AD

NEW QUESTION 5
An attacker sends a large number of packets to a target computer that causes denial of service.
Which of the following type of attacks is this?

• A. Spoofing
• B. Snooping
• C. Phishing
• D. Flooding

Answer: D

NEW QUESTION 6
You check performance logs and note that there has been a recent dramatic increase in the amount of broadcast traffic. What is this most likely to be an indicator of?

• A. Virus
• B. Syn flood
• C. Misconfigured router
• D. DoS attack

Answer: D

NEW QUESTION 7
Which of the following is a process of searching unauthorized modems?

• A. Espionage
• B. Wardialing
• C. System auditing
• D. Scavenging

Answer: B

NEW QUESTION 8
John, a part-time hacker, has accessed in unauthorized way to the www.yourbank.com banking Website and stolen the bank account information of its users and their credit card numbers by using the SQL injection attack. Now, John wants to sell this information to malicious person Mark and make a deal to get a good amount of money. Since, he does not want to send the hacked information in the clear text format to Mark; he decides to send information in hidden text. For this, he takes a steganography tool and hides the information in ASCII text by appending whitespace to the end of lines and encrypts the hidden information by using the IDEA encryption algorithm. Which of the following tools is John using for steganography?

• A. Image Hide
• B. 2Mosaic
• C. Snow.exe
• D. Netcat

Answer: C

NEW QUESTION 9
John visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1.
Original cookie values:
ItemID1=2
ItemPrice1=900
ItemID2=1
ItemPrice2=200
Modified cookie values:
ItemID1=2
ItemPrice1=1
ItemID2=1
ItemPrice2=1
Now, he clicks the Buy button, and the prices are sent to the server that calculates the total price.
Which of the following hacking techniques is John performing?

• A. Computer-based social engineering
• B. Man-in-the-middle attack
• C. Cross site scripting
• D. Cookie poisoning

Answer: D

NEW QUESTION 10
What is the major difference between a worm and a Trojan horse?

• A. A worm spreads via e-mail, while a Trojan horse does not.
• B. A worm is a form of malicious program, while a Trojan horse is a utility.
• C. A worm is self replicating, while a Trojan horse is not.
• D. A Trojan horse is a malicious program, while a worm is an anti-virus software.

Answer: C

NEW QUESTION 11
CORRECT TEXT
Fill in the blank with the appropriate option to complete the statement below.
You want to block all UDP packets coming to the Linux server using the portsentry utility. For this, you have to enable the ______ option in the portsentry configuration file.

• A.

Answer: BLOCK_UDP

NEW QUESTION 12
Which of the following US Acts emphasized a "risk-based policy for cost-effective security" and makes mandatory for agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the agency's information security program and report the results to Office of Management and Budget?

• A. The Electronic Communications Privacy Act of 1986 (ECPA)
• B. The Fair Credit Reporting Act (FCRA)
• C. The Equal Credit Opportunity Act (ECOA)
• D. Federal Information Security Management Act of 2002 (FISMA)

Answer: D

NEW QUESTION 13
Which of the following statements about buffer overflow are true?
Each correct answer represents a complete solution. Choose two.

• A. It is a situation that occurs when a storage device runs out of space.
• B. It is a situation that occurs when an application receives more data than it is configured to accept.
• C. It can improve application performance.
• D. It can terminate an application.

Answer: BD

NEW QUESTION 14
Which of the following reads and writes data across network connections by using the TCP/IP protocol?

• A. Fpipe
• B. NSLOOKUP
• C. Netcat
• D. 2Mosaic

Answer: C

NEW QUESTION 15
Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up a Trojan and joins it with chess.exe. Which of the following tools are required in such a scenario?
Each correct answer represents a part of the solution. Choose three.

• A. NetBus
• B. Absinthe
• C. Yet Another Binder
• D. Chess.exe

Answer: ACD

NEW QUESTION 16
Which of the following Trojans is used by attackers to modify the Web browser settings?

• A. Win32/FlyStudio
• B. Trojan.Lodear
• C. WMA/TrojanDownloader.GetCodec
• D. Win32/Pacex.Gen

Answer: A

NEW QUESTION 17
Adam works as an Incident Handler for Umbrella Inc. He has been sent to the California unit to train the members of the incident response team. As a demo project he asked members of the incident response team to perform the following actions:
Remove the network cable wires.
Isolate the system on a separate VLAN
Use a firewall or access lists to prevent communication into or out of the system.
Change DNS entries to direct traffic away from compromised system
Which of the following steps of the incident handling process includes the above actions?

• A. Identification
• B. Containment
• C. Eradication
• D. Recovery

Answer: B

NEW QUESTION 18
Which of the following virus is a script that attaches itself to a file or template?

• A. Boot sector
• B. Trojan horse
• C. Macro virus
• D. E-mail virus

Answer: C

NEW QUESTION 19
Which of the following commands can be used for port scanning?

• A. nc -t
• B. nc -z
• C. nc -w
• D. nc -g

Answer: B

NEW QUESTION 20
You work as a System Administrator for Happy World Inc. Your company has a server named uC1 that runs Windows Server 2008. The Windows Server virtualization role service is installed on the uC1 server which hosts one virtual machine that also runs Windows Server 2008. You are required to install a new application on the virtual machine. You need to ensure that in case of a failure of the application installation, you are able to quickly restore the virtual machine to its original state.
Which of the following actions will you perform to accomplish the task?

• A. Use the Virtualization Management Console to save the state of the virtual machine.
• B. Log on to the virtual host and create a new dynamically expanding virtual hard disk.
• C. Use the Virtualization Management Console to create a snapshot of the virtual machine.
• D. Use the Edit Virtual Hard Disk Wizard to copy the virtual hard disk of the virtual machine.

Answer: C

NEW QUESTION 21
......