Cyber Monday Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GIAC GCIH - GIAC Certified Incident Handler

GIAC GCIH Premium Access     Download Demo    
Page: 4 / 10
Total 328 questions

Victor is a novice Ethical Hacker. He is learning the hacking process, i.e., the steps taken by malicious hackers to perform hacking. Which of the following steps is NOT included in the hacking process?

A.

Scanning

B.

Preparation

C.

gaining access

D.

Reconnaissance

Which of the following techniques does an attacker use to sniff data frames on a local area network and modify the traffic?

A.

MAC spoofing

B.

IP address spoofing

C.

Email spoofing

D.

ARP spoofing

Which of the following attacking methods allows the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer by changing the Media Access Control address?

A.

IP address spoofing

B.

VLAN hoping

C.

ARP spoofing

D.

MAC spoofing

You are the Administrator for a corporate network. You are concerned about denial of service attacks.

Which of the following measures would be most helpful in defending against a Denial-of-Service (DoS) attack?

A.

Implement network based antivirus.

B.

Place a honey pot in the DMZ.

C.

Shorten the timeout for connection attempts.

D.

Implement a strong password policy.

Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?

A.

Kernel keylogger

B.

Software keylogger

C.

Hardware keylogger

D.

OS keylogger

Which of the following techniques is used when a system performs the penetration testing with the objective of accessing unauthorized information residing inside a computer?

A.

Van Eck Phreaking

B.

Phreaking

C.

Biometrician

D.

Port scanning

John works as a Penetration Tester in a security service providing firm named you-are-secure Inc. Recently, John's company has got a project to test the security of a promotional Website www.missatlanta.com and assigned the pen-testing work to John. When John is performing penetration testing, he inserts the following script in the search box at the company home page:

<script>alert('Hi, John')</script>

After pressing the search button, a pop-up box appears on his screen with the text - "Hi, John." Which of the following attacks can be performed on the Web site tested by john while considering the above scenario?

A.

Replay attack

B.

CSRF attack

C.

Buffer overflow attack

D.

XSS attack

In which of the following steps of the incident handling processes does the Incident Handler make sure that all business processes and functions are back to normal and then also wants to monitor the system or processes to ensure that the system is not compromised again?

A.

Eradication

B.

Lesson Learned

C.

Recovery

D.

Containment

Which of the following programming languages are NOT vulnerable to buffer overflow attacks?

Each correct answer represents a complete solution. Choose two.

A.

C

B.

Java

C.

C++

D.

Perl

In which of the following attacks does an attacker create the IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing system?

A.

Rainbow attack

B.

IP address spoofing

C.

Cross-site request forgery

D.

Polymorphic shell code attack