• Home
  • Articles
  • [Apr 28, 2023] GIAC GCIH Real Exam Questions and Answers FREE [Q56-Q72]

[Apr 28, 2023] GIAC GCIH Real Exam Questions and Answers FREE [Q56-Q72]

Share

[Apr 28, 2023] GIAC GCIH Real Exam Questions and Answers FREE

Pass GIAC GCIH Exam Info and Free Practice Test

NEW QUESTION 56
As a professional hacker, you want to crack the security of secureserver.com. For this, in the information gathering step, you performed scanning with the help of nmap utility to retrieve as many different protocols as possible being used by the secureserver.com so that you could get the accurate knowledge about what services were being used by the secure server.com. Which of the following nmap switches have you used to accomplish the task?

  • A. nmap -vO
  • B. nmap -sT
  • C. nmap -sS
  • D. nmap -sO

Answer: D

 

NEW QUESTION 57
In which of the following attacks does an attacker use packet sniffing to read network traffic between two parties to steal the session cookie?

  • A. ARP spoofing
  • B. Session fixation
  • C. Cross-site scripting
  • D. Session sidejacking

Answer: D

 

NEW QUESTION 58
You are concerned about rootkits on your network communicating with attackers outside your network.
Without using an IDS how can you detect this sort of activity?

  • A. By examining your firewall logs.
  • B. You cannot, you need an IDS.
  • C. By examining your domain controller server logs.
  • D. By setting up a DMZ.

Answer: A

 

NEW QUESTION 59
Which of the following statements about threats are true?
Each correct answer represents a complete solution. Choose all that apply.

  • A. A threat is a sequence of circumstances and events that allows a human or other agent to cause an information-
    related misfortune by exploiting vulnerability in an IT product.
  • B. A threat is a potential for violation of security which exists when there is a circumstance, capability, action, or event
    that could breach security and cause harm.
  • C. A threat is a weakness or lack of safeguard that can be exploited by vulnerability, thus causing
    harm to the information systems or networks.
  • D. A threat is any circumstance or event with the potential of causing harm to a system in the form of destruction,
    disclosure, modification of data, or denial of service.

Answer: A,B,D

 

NEW QUESTION 60
You work as a Network Penetration tester in the Secure Inc. Your company takes the projects to test the security of various companies. Recently, Secure Inc. has assigned you a project to test the security of a Web site. You go to the Web site login page and you run the following SQL query:
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = '[email protected]'; DROP TABLE members; --'
What task will the above SQL query perform?

  • A. Deletes the database in which members table resides.
  • B. Performs the XSS attacks.
  • C. Deletes the entire members table.
  • D. Deletes the rows of members table where email id is '[email protected]' given.

Answer: C

 

NEW QUESTION 61
Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform a user must install a packet capture library.
What is the name of this library?

  • A. SysPCap
  • B. libpcap
  • C. PCAP
  • D. WinPCap

Answer: D

Explanation:
Section: Volume C

 

NEW QUESTION 62
Which of the following statements about Denial-of-Service (DoS) attack are true?
Each correct answer represents a complete solution. Choose three.

  • A. It saturates network resources.
  • B. It disrupts connections between two computers, preventing communications between services.
  • C. It changes the configuration of the TCP/IP protocol.
  • D. It disrupts services to a specific computer.

Answer: A,B,D

 

NEW QUESTION 63
You have inserted a Trojan on your friend's computer and you want to put it in the startup so that whenever the computer reboots the Trojan will start to run on the startup. Which of the following registry entries will you edit to accomplish the task?

  • A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Start
  • B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
  • C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Auto
  • D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Startup

Answer: B

 

NEW QUESTION 64
Which of the following is the process of comparing cryptographic hash functions of system executables and configuration files?

  • A. Shoulder surfing
  • B. File integrity auditing
  • C. Reconnaissance
  • D. Spoofing

Answer: B

Explanation:
Section: Volume B
Explanation

 

NEW QUESTION 65
Which of the following is the Web 2.0 programming methodology that is used to create Web pages that are dynamic
and interactive?

  • A. XML
  • B. UML
  • C. Ajax
  • D. RSS

Answer: C

 

NEW QUESTION 66
You send SYN packets with the exact TTL of the target system starting at port 1 and going up to port 1024 using hping2 utility. This attack is known as __________.

  • A. Cloaking
  • B. Firewalking
  • C. Port scanning
  • D. Spoofing

Answer: B

Explanation:
Section: Volume B

 

NEW QUESTION 67
John works as an Ethical Hacker for PassGuide Inc. He wants to find out the ports that are open in PassGuide's server
using a port scanner. However, he does not want to establish a full TCP connection.
Which of the following scanning techniques will he use to accomplish this task?

  • A. TCP SYN/ACK
  • B. Xmas tree
  • C. TCP FIN
  • D. TCP SYN

Answer: D

 

NEW QUESTION 68
Which of the following tools is described in the statement given below?
"It has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and
commonly used web CGI scripts. Moreover, the database detects DdoS zombies and Trojans as well."

  • A. SARA
  • B. Nmap
  • C. Anti-x
  • D. Nessus

Answer: D

 

NEW QUESTION 69
Which of the following tasks can be performed by using netcat utility?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Port scanning and service identification
  • B. Creating a Backdoor
  • C. Firewall testing
  • D. Checking file integrity

Answer: A,B,C

Explanation:
Section: Volume C

 

NEW QUESTION 70
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to test the network
security of the company. He created a webpage to discuss the progress of the tests with employees who were
interested in following the test. Visitors were allowed to click on a company's icon to mark the progress of the test.
Adam successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the
network well and allows strict Internet access.
How was security compromised and how did the firewall respond?

  • A. The attack was social engineering and the firewall did not detect it.
  • B. Security was not compromised as the webpage was hosted internally.
  • C. Security was compromised as keylogger is invisible for firewall.
  • D. The attack was Cross Site Scripting and the firewall blocked it.

Answer: A

 

NEW QUESTION 71
You discover that all available network bandwidth is being used by some unknown service. You discover that UDP packets are being used to connect the echo service on one machine to the chargen service on another machine. What kind of attack is this?

  • A. Smurf
  • B. Evil Twin
  • C. Denial of Service
  • D. Virus

Answer: C

 

NEW QUESTION 72
......

Latest GCIH Exam Dumps GIAC Exam: https://2cram.actualtestsit.com/GIAC/GCIH-exam-prep-dumps.html

Related Articles

more
GIAC GCIH Certification Practice Exam