GCIH Exam - GIAC Certified Incident Handler

NEW QUESTION 1
Which of the following is the most common vulnerability that can affect desktop applications written in native code?

• A. SpyWare
• B. DDoS attack
• C. Malware
• D. Buffer overflow

Answer: D

NEW QUESTION 2
Which of the following statements are true about a keylogger?
Each correct answer represents a complete solution. Choose all that apply.

• A. It records all keystrokes on the victim's computer in a predefined log file.
• B. It can be remotely installed on a computer system.
• C. It is a software tool used to trace all or specific activities of a user on a computer.
• D. It uses hidden code to destroy or scramble data on the hard disk.

Answer: ABC

NEW QUESTION 3
Which of the following tools can be used for stress testing of a Web server?
Each correct answer represents a complete solution. Choose two.

• A. Internet bots
• B. Scripts
• C. Anti-virus software
• D. Spyware

Answer: AB

NEW QUESTION 4
Which of the following statements is true about a Trojan engine?

• A. It limits the system resource usage.
• B. It specifies the signatures that keep a watch for a host or a network sending multiple packets to a single host or a single network.
• C. It specifies events that occur in a related manner within a sliding time interval.
• D. It analyzes the nonstandard protocols, such as TFN2K and BO2K.

Answer: D

NEW QUESTION 5
You send SYN packets with the exact TTL of the target system starting at port 1 and going up to port 1024 using hping2 utility. This attack is known as __________.

• A. Port scanning
• B. Cloaking
• C. Firewalking
• D. Spoofing

Answer: C

NEW QUESTION 6
Which of the following are the rules by which an organization operates?

• A. Acts
• B. Policies
• C. Rules
• D. Manuals

Answer: B

NEW QUESTION 7
Which of the following programming languages are NOT vulnerable to buffer overflow attacks?
Each correct answer represents a complete solution. Choose two.

• A. C
• B. Java
• C. C++
• D. Perl

Answer: BD

NEW QUESTION 8
Which of the following statements about buffer overflow are true?
Each correct answer represents a complete solution. Choose two.

• A. It is a situation that occurs when a storage device runs out of space.
• B. It is a situation that occurs when an application receives more data than it is configured to accept.
• C. It can improve application performance.
• D. It can terminate an application.

Answer: BD

NEW QUESTION 9
Adam works as a Security Analyst for Umbrella Inc. Company has a Windows-based network. All computers run on Windows XP. Manager of the Sales department complains Adam about the unusual behavior of his computer. He told Adam that some pornographic contents are suddenly appeared on his computer overnight. Adam suspects that some malicious software or Trojans have been installed on the computer. He runs some diagnostics programs and Port scanners and found that the Port 12345, 12346, and 20034 are open. Adam also noticed some tampering with the Windows registry, which causes one application to run every time when Windows start.
Which of the following is the most likely reason behind this issue?

• A. Cheops-ng is installed on the computer.
• B. Elsave is installed on the computer.
• C. NetBus is installed on the computer.
• D. NetStumbler is installed on the computer.

Answer: C

NEW QUESTION 10
Adam works as a sales manager for Umbrella Inc. He wants to download software from the Internet. As the software comes from a site in his untrusted zone, Adam wants to ensure that the downloaded software has not been Trojaned. Which of the following options would indicate the best course of action for Adam?

• A. Compare the file size of the software with the one given on the Website.
• B. Compare the version of the software with the one published on the distribution media.
• C. Compare the file's virus signature with the one published on the distribution.
• D. Compare the file's MD5 signature with the one published on the distribution media.

Answer: D

NEW QUESTION 11
Andrew, a bachelor student of Faulkner University, creates a gmail account. He uses 'Faulkner' as the password for the gmail account. After a few days, he starts receiving a lot of e-mails stating that his gmail account has been hacked. He also finds that some of his important mails have been deleted by someone. Which of the following methods has the attacker used to crack Andrew's password?
Each correct answer represents a complete solution. Choose all that apply.

• A. Denial-of-service (DoS) attack
• B. Zero-day attack
• C. Brute force attack
• D. Social engineering
• E. Buffer-overflow attack
• F. Rainbow attack
• G. Password guessing
• H. Dictionary-based attack

Answer: CDFGH

NEW QUESTION 12
Jason, a Malicious Hacker, is a student of Baker university. He wants to perform remote hacking on the server of DataSoft Inc. to hone his hacking skills. The company has a Windows-based network. Jason successfully enters the target system remotely by using the advantage of vulnerability. He places a Trojan to maintain future access and then disconnects the remote session. The employees of the company complain to Mark, who works as a Professional Ethical Hacker for DataSoft Inc., that some computers are very slow. Mark diagnoses the network and finds that some irrelevant log files and signs of Trojans are present on the computers. He suspects that a malicious hacker has accessed the network. Mark takes the help from Forensic Investigators and catches Jason.
Which of the following mistakes made by Jason helped the Forensic Investigators catch him?

• A. Jason did not perform a vulnerability assessment.
• B. Jason did not perform OS fingerprinting.
• C. Jason did not perform foot printing.
• D. Jason did not perform covering tracks.
• E. Jason did not perform port scanning.

Answer: D

NEW QUESTION 13
Which of the following attacks are examples of Denial-of-service attacks (DoS)?
Each correct answer represents a complete solution. Choose all that apply.

• A. Fraggle attack
• B. Smurf attack
• C. Birthday attack
• D. Ping flood attack

Answer: ABD

NEW QUESTION 14
Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform a user must install a packet capture library.
What is the name of this library?

• A. PCAP
• B. SysPCap
• C. WinPCap
• D. libpcap

Answer: C

NEW QUESTION 15
Which of the following tools uses common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures of the rootkits?

• A. rkhunter
• B. OSSEC
• C. chkrootkit
• D. Blue Pill

Answer: C

NEW QUESTION 16
Your network is being flooded by ICMP packets. When you trace them down they come from multiple different IP addresses. What kind of attack is this?

• A. Syn flood
• B. Ping storm
• C. Smurf attack
• D. DDOS

Answer: D

NEW QUESTION 17
A user is sending a large number of protocol packets to a network in order to saturate its resources and to disrupt connections to prevent communications between services. Which type of attack is this?

• A. Vulnerability attack
• B. Impersonation attack
• C. Social Engineering attack
• D. Denial-of-Service attack

Answer: D

NEW QUESTION 18
......