Master the GCIH GIAC Certified Incident Handler content and be ready for exam day success quickly with this Certleader GCIH book. We guarantee it!We make it a reality and give you real GCIH questions in our GIAC GCIH braindumps.Latest 100% VALID GIAC GCIH Exam Questions Dumps at below page. You can use our GIAC GCIH braindumps and pass your exam.
Free GCIH Demo Online For GIAC Certifitcation:
NEW QUESTION 1
Adam works as an Incident Handler for Umbrella Inc. He is informed by the senior authorities that the server of the marketing department has been affected by a malicious hacking attack. Supervisors are also claiming that some sensitive data are also stolen.
Adam immediately arrived to the server room of the marketing department and identified the event as an incident. He isolated the infected network from the remaining part of the network and started preparing to image the entire system. He captures volatile data, such as running process, ram, and network connections.
Which of the following steps of the incident handling process is being performed by Adam?
- A. Recovery
- B. Eradication
- C. Identification
- D. Containment
Answer: D
NEW QUESTION 2
You are hired as a Database Administrator for Jennifer Shopping Cart Inc. You monitor the server health through the System Monitor and found that there is a sudden increase in the number of logins.
A case study is provided in the exhibit. Which of the following types of attack has occurred? (Click the Exhibit button on the toolbar to see the case study.)
- A. Injection
- B. Virus
- C. Worm
- D. Denial-of-service
Answer: D
NEW QUESTION 3
John works as a Network Administrator for We-are-secure Inc. He finds that TCP port 7597 of the Weare- secure server is open. He suspects that it may be open due to a Trojan installed on the server. He presents a report to the company describing the symptoms of the Trojan. A summary of the report is given below:
Once this Trojan has been installed on the computer, it searches Notpad.exe, renames it Note.com, and then copies itself to the computer as Notepad.exe. Each time Notepad.exe is executed, the Trojan executes and calls the original Notepad to avoid being noticed.
Which of the following Trojans has the symptoms as the one described above?
- A. NetBus
- B. Qaz
- C. eBlaster
- D. SubSeven
Answer: B
NEW QUESTION 4
Which of the following wireless network security solutions refers to an authentication process in which a user can connect wireless access points to a centralized server to ensure that all hosts are properly authenticated?
- A. Remote Authentication Dial-In User Service (RADIUS)
- B. IEEE 802.1x
- C. Wired Equivalent Privacy (WEP)
- D. Wi-Fi Protected Access 2 (WPA2)
Answer: B
NEW QUESTION 5
Which of the following is a process of searching unauthorized modems?
- A. Espionage
- B. Wardialing
- C. System auditing
- D. Scavenging
Answer: B
NEW QUESTION 6
What is the major difference between a worm and a Trojan horse?
- A. A worm spreads via e-mail, while a Trojan horse does not.
- B. A worm is a form of malicious program, while a Trojan horse is a utility.
- C. A worm is self replicating, while a Trojan horse is not.
- D. A Trojan horse is a malicious program, while a worm is an anti-virus software.
Answer: C
NEW QUESTION 7
Which of the following is the most common vulnerability that can affect desktop applications written in native code?
- A. SpyWare
- B. DDoS attack
- C. Malware
- D. Buffer overflow
Answer: D
NEW QUESTION 8
Which of the following tools is used to attack the Digital Watermarking?
- A. Active Attacks
- B. 2Mosaic
- C. Steg-Only Attack
- D. Gifshuffle
Answer: B
NEW QUESTION 9
You work as a Network Administrator for InformSec Inc. You find that the TCP port number 23476 is open on your server. You suspect that there may be a Trojan named Donald Dick installed on your server. Now you want to verify whether Donald Dick is installed on it or not. For this, you want to know the process running on port 23476, as well as the process id, process name, and the path of the process on your server. Which of the following applications will you most likely use to accomplish the task?
- A. Tripwire
- B. SubSeven
- C. Netstat
- D. Fport
Answer: D
NEW QUESTION 10
CORRECT TEXT
Fill in the blank with the appropriate term.
______ is a free Unix subsystem that runs on top of Windows.
- A.
Answer: Cygwin
NEW QUESTION 11
Which of the following attacks saturates network resources and disrupts services to a specific computer?
- A. Replay attack
- B. Teardrop attack
- C. Denial-of-Service (DoS) attack
- D. Polymorphic shell code attack
Answer: C
NEW QUESTION 12
Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?
- A. Preparation phase
- B. Eradication phase
- C. Identification phase
- D. Recovery phase
- E. Containment phase
Answer: A
NEW QUESTION 13
You work as a Network Administrator for Marioxnet Inc. You have the responsibility of handling two routers with BGP protocol for the enterprise's network. One of the two routers gets flooded with an unexpected number of data packets, while the other router starves with no packets reaching it. Which of the following attacks can be a potential cause of this?
- A. Packet manipulation
- B. Denial-of-Service
- C. Spoofing
- D. Eavesdropping
Answer: B
NEW QUESTION 14
Adam works as an Incident Handler for Umbrella Inc. He has been sent to the California unit to train the members of the incident response team. As a demo project he asked members of the incident response team to perform the following actions:
Remove the network cable wires.
Isolate the system on a separate VLAN
Use a firewall or access lists to prevent communication into or out of the system.
Change DNS entries to direct traffic away from compromised system
Which of the following steps of the incident handling process includes the above actions?
- A. Identification
- B. Containment
- C. Eradication
- D. Recovery
Answer: B
NEW QUESTION 15
Which of the following tools are used as a network traffic monitoring tool in the Linux operating system?
Each correct answer represents a complete solution. Choose all that apply.
- A. Netbus
- B. IPTraf
- C. MRTG
- D. Ntop
Answer: BCD
NEW QUESTION 16
Peter works as a Network Administrator for the Exambible Inc. The company has a Windows- based network. All client computers run the Windows XP operating system. The employees of the company complain that suddenly all of the client computers have started working slowly. Peter finds that a malicious hacker is attempting to slow down the computers by flooding the network with a large number of requests. Which of the following attacks is being implemented by the malicious hacker?
- A. SQL injection attack
- B. Denial-of-Service (DoS) attack
- C. Man-in-the-middle attack
- D. Buffer overflow attack
Answer: B
NEW QUESTION 17
Which of the following tools can be used to perform brute force attack on a remote database?
Each correct answer represents a complete solution. Choose all that apply.
- A. SQLBF
- B. SQLDict
- C. FindSA
- D. nmap
Answer: ABC
NEW QUESTION 18
......
100% Valid and Newest Version GCIH Questions & Answers shared by Allfreedumps.com, Get Full Dumps HERE: https://www.allfreedumps.com/GCIH-dumps.html (New 328 Q&As)