Our pass rate is high to 98.9% and the similarity percentage between our GCIH study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the GIAC GCIH exam in just one try? I am currently studying for the GIAC GCIH exam. Latest GIAC GCIH Test exam practice questions and answers, Try GIAC GCIH Brain Dumps First.
Also have GCIH free dumps questions for you:
NEW QUESTION 1
Which of the following types of attacks is the result of vulnerabilities in a program due to poor programming techniques?
- A. Evasion attack
- B. Denial-of-Service (DoS) attack
- C. Ping of death attack
- D. Buffer overflow attack
Answer: D
NEW QUESTION 2
Which of the following scanning tools is also a network analysis tool that sends packets with nontraditional IP stack parameters and allows the scanner to gather information from the response packets generated?
- A. Tcpview
- B. Nessus
- C. Legion
- D. HPing
Answer: D
NEW QUESTION 3
You have inserted a Trojan on your friend's computer and you want to put it in the startup so that whenever the computer reboots the Trojan will start to run on the startup. Which of the following registry entries will you edit to accomplish the task?
- A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Startup
- B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Auto
- C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
- D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Start
Answer: C
NEW QUESTION 4
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against __________.
- A. IIS buffer overflow
- B. NetBIOS NULL session
- C. SNMP enumeration
- D. DNS zone transfer
Answer: A
NEW QUESTION 5
John works as a Penetration Tester in a security service providing firm named you-are-secure Inc. Recently, John's company has got a project to test the security of a promotional Website www.missatlanta.com and assigned the pen-testing work to John. When John is performing penetration testing, he inserts the following script in the search box at the company home page:
<script>alert('Hi, John')</script>
After pressing the search button, a pop-up box appears on his screen with the text - "Hi, John." Which of the following attacks can be performed on the Web site tested by john while considering the above scenario?
- A. Replay attack
- B. CSRF attack
- C. Buffer overflow attack
- D. XSS attack
Answer: D
NEW QUESTION 6
In which of the following attacks does the attacker gather information to perform an access attack?
- A. Land attack
- B. Reconnaissance attack
- C. Vulnerability attack
- D. DoS attack
Answer: B
NEW QUESTION 7
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. He is working on the Linux operating system. He wants to sniff the we- are-secure network and intercept a conversation between two employees of the company through session hijacking. Which of the following tools will John use to accomplish the task?
- A. Hunt
- B. IPChains
- C. Ethercap
- D. Tripwire
Answer: A
NEW QUESTION 8
You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 Active Directory-based single domain single forest network. The company has three Windows 2008 file servers, 150 Windows XP Professional, thirty UNIX-based client computers. The network users have identical user accounts for both Active Directory and the UNIX realm. You want to ensure that the UNIX clients on the network can access the file servers. You also want to ensure that the users are able to access all resources by logging on only once, and that no additional software is installed on the UNIX clients. What will you do to accomplish this task?
Each correct answer represents a part of the solution. Choose two.
- A. Configure a distributed file system (Dfs) on the file server in the network.
- B. Enable the Network File System (NFS) component on the file servers in the network.
- C. Configure ADRMS on the file servers in the network.
- D. Enable User Name Mapping on the file servers in the network.
Answer: BD
NEW QUESTION 9
Which of the following statements about threats are true?
Each correct answer represents a complete solution. Choose all that apply.
- A. A threat is a weakness or lack of safeguard that can be exploited by vulnerability, thus causing harm to the information systems or networks.
- B. A threat is a potential for violation of security which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.
- C. A threat is a sequence of circumstances and events that allows a human or other agent to cause an information-related misfortune by exploiting vulnerability in an IT product.
- D. A threat is any circumstance or event with the potential of causing harm to a system in the form of destruction, disclosure, modification of data, or denial of service.
Answer: BCD
NEW QUESTION 10
Which of the following are open-source vulnerability scanners?
- A. Nessus
- B. Hackbot
- C. NetRecon
- D. Nikto
Answer: ABD
NEW QUESTION 11
Against which of the following does SSH provide protection?
Each correct answer represents a complete solution. Choose two.
- A. DoS attack
- B. IP spoofing
- C. Password sniffing
- D. Broadcast storm
Answer: BC
NEW QUESTION 12
Andrew, a bachelor student of Faulkner University, creates a gmail account. He uses 'Faulkner' as the password for the gmail account. After a few days, he starts receiving a lot of e-mails stating that his gmail account has been hacked. He also finds that some of his important mails have been deleted by someone. Which of the following methods has the attacker used to crack Andrew's password?
Each correct answer represents a complete solution. Choose all that apply.
- A. Denial-of-service (DoS) attack
- B. Zero-day attack
- C. Brute force attack
- D. Social engineering
- E. Buffer-overflow attack
- F. Rainbow attack
- G. Password guessing
- H. Dictionary-based attack
Answer: CDFGH
NEW QUESTION 13
Which of the following terms describes an attempt to transfer DNS zone data?
- A. Reconnaissance
- B. Encapsulation
- C. Dumpster diving
- D. Spam
Answer: A
NEW QUESTION 14
Which of the following is a reason to implement security logging on a DNS server?
- A. For preventing malware attacks on a DNS server
- B. For measuring a DNS server's performance
- C. For monitoring unauthorized zone transfer
- D. For recording the number of queries resolved
Answer: C
NEW QUESTION 15
Which of the following attacks are examples of Denial-of-service attacks (DoS)?
Each correct answer represents a complete solution. Choose all that apply.
- A. Fraggle attack
- B. Smurf attack
- C. Birthday attack
- D. Ping flood attack
Answer: ABD
NEW QUESTION 16
Mark works as a Network Administrator for Perfect Inc. The company has both wired and wireless networks. An attacker attempts to keep legitimate users from accessing services that they require. Mark uses IDS/IPS sensors on the wired network to mitigate the attack. Which of the following attacks best describes the attacker's intentions?
- A. Internal attack
- B. Reconnaissance attack
- C. Land attack
- D. DoS attack
Answer: D
NEW QUESTION 17
Which of the following IP packet elements is responsible for authentication while using IPSec?
- A. Authentication Header (AH)
- B. Layer 2 Tunneling Protocol (L2TP)
- C. Internet Key Exchange (IKE)
- D. Encapsulating Security Payload (ESP)
Answer: A
NEW QUESTION 18
......
100% Valid and Newest Version GCIH Questions & Answers shared by DumpSolutions.com, Get Full Dumps HERE: https://www.dumpsolutions.com/GCIH-dumps/ (New 328 Q&As)