GCIH Exam - GIAC Certified Incident Handler

NEW QUESTION 1
Which of the following protocols is a maintenance protocol and is normally considered a part of the IP layer, but has also been used to conduct denial-of-service attacks?

• A. ICMP
• B. L2TP
• C. TCP
• D. NNTP

Answer: A

NEW QUESTION 2
Victor wants to send an encrypted message to his friend. He is using certain steganography technique to accomplish this task. He takes a cover object and changes it accordingly to hide information. This secret information is recovered only when the algorithm compares the changed cover with the original cover.
Which of the following Steganography methods is Victor using to accomplish the task?

• A. The distortion technique
• B. The spread spectrum technique
• C. The substitution technique
• D. The cover generation technique

Answer: A

NEW QUESTION 3
Which of the following DoS attacks affects mostly Windows computers by sending corrupt UDP packets?

• A. Fraggle
• B. Ping flood
• C. Bonk
• D. Smurf

Answer: C

NEW QUESTION 4
Which of the following attacks come under the category of layer 2 Denial-of-Service attacks?
Each correct answer represents a complete solution. Choose all that apply.

• A. Spoofing attack
• B. SYN flood attack
• C. Password cracking
• D. RF jamming attack

Answer: AB

NEW QUESTION 5
Victor works as a professional Ethical Hacker for SecureEnet Inc. He wants to scan the wireless network of the company. He uses a tool that is a free open-source utility for network exploration. The tool uses raw IP packets to determine the following:
What ports are open on our network systems.
What hosts are available on the network.
Identify unauthorized wireless access points.
What services (application name and version) those hosts are offering.
What operating systems (and OS versions) they are running.
What type of packet filters/firewalls are in use.
Which of the following tools is Victor using?

• A. Nessus
• B. Kismet
• C. Nmap
• D. Sniffer

Answer: C

NEW QUESTION 6
Mark works as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company uses Check Point SmartDefense to provide security to the network. Mark uses SmartDefense on the HTTP servers of the company to fix the limitation for the maximum response header length. Which of the following attacks can be blocked by defining this limitation?

• A. HTR Overflow worms and mutations
• B. Ramen worm attack
• C. Melissa virus attack
• D. Shoulder surfing attack

Answer: A

NEW QUESTION 7
Which of the following is a method of gaining access to a system that bypasses normal authentication?

• A. Teardrop
• B. Trojan horse
• C. Back door
• D. Smurf

Answer: C

NEW QUESTION 8
Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform acts like account hijacking, history theft etc. Which of the following types of Cross-Site Scripting attack Ryan intends to do?

• A. Non persistent
• B. Document Object Model (DOM)
• C. SAX
• D. Persistent

Answer: D

NEW QUESTION 9
Which of the following systems is used in the United States to coordinate emergency preparedness and incident management among various federal, state, and local agencies?

• A. US Incident Management System (USIMS)
• B. National Disaster Management System (NDMS)
• C. National Emergency Management System (NEMS)
• D. National Incident Management System (NIMS)

Answer: D

NEW QUESTION 10
You are hired as a Database Administrator for Jennifer Shopping Cart Inc. You monitor the server health through the System Monitor and found that there is a sudden increase in the number of logins.
A case study is provided in the exhibit. Which of the following types of attack has occurred? (Click the Exhibit button on the toolbar to see the case study.)

• A. Injection
• B. Virus
• C. Worm
• D. Denial-of-service

Answer: D

NEW QUESTION 11
Which of the following is used by attackers to obtain an authenticated connection on a network?

• A. Denial-of-Service (DoS) attack
• B. Replay attack
• C. Man-in-the-middle attack
• D. Back door

Answer: B

NEW QUESTION 12
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?

• A. Replay
• B. Firewalking
• C. Session fixation
• D. Cross site scripting

Answer: A

NEW QUESTION 13
Which of the following is a network worm that exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system?

• A. Win32/Agent
• B. WMA/TrojanDownloader.GetCodec
• C. Win32/Conflicker
• D. Win32/PSW.OnLineGames

Answer: C

NEW QUESTION 14
CORRECT TEXT
Fill in the blank with the appropriate word.
StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft's /GS option use ______ defense against buffer overflow attacks.

• A.

Answer: canary

NEW QUESTION 15
CORRECT TEXT
Fill in the blank with the appropriate name of the rootkit.
A _______ rootkit uses device or platform firmware to create a persistent malware image.

• A.

Answer: firmware

NEW QUESTION 16
Which of the following statements about threats are true?
Each correct answer represents a complete solution. Choose all that apply.

• A. A threat is a weakness or lack of safeguard that can be exploited by vulnerability, thus causing harm to the information systems or networks.
• B. A threat is a potential for violation of security which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.
• C. A threat is a sequence of circumstances and events that allows a human or other agent to cause an information-related misfortune by exploiting vulnerability in an IT product.
• D. A threat is any circumstance or event with the potential of causing harm to a system in the form of destruction, disclosure, modification of data, or denial of service.

Answer: BCD

NEW QUESTION 17
Which of the following statements are true about worms?
Each correct answer represents a complete solution. Choose all that apply.

• A. Worms cause harm to the network by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
• B. Worms can exist inside files such as Word or Excel documents.
• C. One feature of worms is keystroke logging.
• D. Worms replicate themselves from one system to another without using a host file.

Answer: ABD

NEW QUESTION 18
......