GCIH Exam - GIAC Certified Incident Handler

NEW QUESTION 1
Which of the following tasks can be performed by using netcat utility?
Each correct answer represents a complete solution. Choose all that apply.

• A. Checking file integrity
• B. Creating a Backdoor
• C. Firewall testing
• D. Port scanning and service identification

Answer: BCD

NEW QUESTION 2
Rick works as a Computer Forensic Investigator for BlueWells Inc. He has been informed that some confidential information is being leaked out by an employee of the company. Rick suspects that someone is sending the information through email. He checks the emails sent by some employees to other networks. Rick finds out that Sam, an employee of the Sales department, is continuously sending text files that contain special symbols, graphics, and signs. Rick suspects that Sam is using the Steganography technique to send data in a disguised form. Which of the following techniques is Sam using?
Each correct answer represents a part of the solution. Choose all that apply.

• A. Linguistic steganography
• B. Perceptual masking
• C. Technical steganography
• D. Text Semagrams

Answer: AD

NEW QUESTION 3
James works as a Database Administrator for Techsoft Inc. The company has a SQL Server 2005 computer. The computer has a database named Sales. Users complain that the performance of the database has deteriorated. James opens the System Monitor tool and finds that there is an increase in network traffic. What kind of attack might be the cause of the performance deterioration?

• A. Denial-of-Service
• B. Injection
• C. Internal attack
• D. Virus

Answer: A

NEW QUESTION 4
In which of the following attacks does an attacker spoof the source address in IP packets that are sent to the victim?

• A. Dos
• B. DDoS
• C. Backscatter
• D. SQL injection

Answer: C

NEW QUESTION 5
You are the Administrator for a corporate network. You are concerned about denial of service attacks.
Which of the following would be the most help against Denial of Service (DOS) attacks?

• A. Packet filtering firewall
• B. Network surveys.
• C. Honey pot
• D. Stateful Packet Inspection (SPI) firewall

Answer: D

NEW QUESTION 6
Which of the following types of scan does not open a full TCP connection?

• A. FIN scan
• B. ACK scan
• C. Stealth scan
• D. Idle scan

Answer: C

NEW QUESTION 7
Peter works as a Network Administrator for the Exambible Inc. The company has a Windows- based network. All client computers run the Windows XP operating system. The employees of the company complain that suddenly all of the client computers have started working slowly. Peter finds that a malicious hacker is attempting to slow down the computers by flooding the network with a large number of requests. Which of the following attacks is being implemented by the malicious hacker?

• A. SQL injection attack
• B. Denial-of-Service (DoS) attack
• C. Man-in-the-middle attack
• D. Buffer overflow attack

Answer: B

NEW QUESTION 8
Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?

• A. Kernel keylogger
• B. Software keylogger
• C. Hardware keylogger
• D. OS keylogger

Answer: C

NEW QUESTION 9
Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use Steganographic file system method to encrypt and hide some secret information. Which of the following disk spaces will he use to store this secret information?
Each correct answer represents a complete solution. Choose all that apply.

• A. Slack space
• B. Hidden partition
• C. Dumb space
• D. Unused Sectors

Answer: ABD

NEW QUESTION 10
Which of the following refers to applications or files that are not classified as viruses or Trojan horse programs, but can still negatively affect the performance of the computers on your network and introduce significant security risks to your organization?

• A. Hardware
• B. Grayware
• C. Firmware
• D. Melissa

Answer: B

NEW QUESTION 11
Which of the following are types of access control attacks?
Each correct answer represents a complete solution. Choose all that apply.

• A. Spoofing
• B. Brute force attack
• C. Dictionary attack
• D. Mail bombing

Answer: ABC

NEW QUESTION 12
Which of the following incident response team members ensures that the policies of the organization are enforced during the incident response?

• A. Information Security representative
• B. Legal representative
• C. Human Resource
• D. Technical representative

Answer: C

NEW QUESTION 13
Which of the following is a version of netcat with integrated transport encryption capabilities?

• A. Encat
• B. Nikto
• C. Socat
• D. Cryptcat

Answer: D

NEW QUESTION 14
Which of the following ensures that the investigation process of incident response team does not break any laws during the response to an incident?

• A. Information Security representative
• B. Lead Investigator
• C. Legal representative
• D. Human Resource

Answer: C

NEW QUESTION 15
Which of the following applications is NOT used for passive OS fingerprinting?

• A. Networkminer
• B. Satori
• C. p0f
• D. Nmap

Answer: D

NEW QUESTION 16
Which of the following commands is used to access Windows resources from Linux workstation?

• A. mutt
• B. scp
• C. rsync
• D. smbclient

Answer: D

NEW QUESTION 17
203 ms 22.670 ms 20.111 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153) 30.929 ms 24.858 ms

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 18
......