Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

GIAC GCIH - GIAC Certified Incident Handler

GIAC GCIH Premium Access     Download Demo    
Page: 7 / 10
Total 328 questions

Adam is a novice Web user. He chooses a 22 letters long word from the dictionary as his password.

How long will it take to crack the password by an attacker?

A.

22 hours

B.

23 days

C.

200 years

D.

5 minutes

Which of the following viruses/worms uses the buffer overflow attack?

A.

Chernobyl (CIH) virus

B.

Nimda virus

C.

Klez worm

D.

Code red worm

Which of the following tools can be used as penetration tools in the Information system auditing process?

Each correct answer represents a complete solution. Choose two.

A.

Nmap

B.

Snort

C.

SARA

D.

Nessus

Which of the following actions is performed by the netcat command given below?

nc 55555 < /etc/passwd

A.

It changes the /etc/passwd file when connected to the UDP port 55555.

B.

It resets the /etc/passwd file to the UDP port 55555.

C.

It fills the incoming connections to /etc/passwd file.

D.

It grabs the /etc/passwd file when connected to UDP port 55555.

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully completed the following steps of the pre-attack phase:

l Information gathering

l Determining network range

l Identifying active machines

l Finding open ports and applications

l OS fingerprinting

l Fingerprinting services

Now John wants to perform network mapping of the We-are-secure network. Which of the following tools can he use to accomplish his task?

Each correct answer represents a complete solution. Choose all that apply.

A.

Ettercap

B.

Traceroute

C.

Cheops

D.

NeoTrace

Which of the following can be used as a countermeasure against the SQL injection attack?

Each correct answer represents a complete solution. Choose two.

A.

mysql_real_escape_string()

B.

session_regenerate_id()

C.

mysql_escape_string()

D.

Prepared statement

You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?

A.

Manual penetration testing

B.

Code review

C.

Automated penetration testing

D.

Vulnerability scanning

Which of the following tools is used to download the Web pages of a Website on the local system?

A.

wget

B.

jplag

C.

Nessus

D.

Ettercap

Your company has been hired to provide consultancy, development, and integration services for a company named Brainbridge International. You have prepared a case study to plan the upgrade for the company. Based on the case study, which of the following steps will you suggest for configuring WebStore1?

Each correct answer represents a part of the solution. Choose two.

A.

Customize IIS 6.0 to display a legal warning page on the generation of the 404.2 and 404.3 errors.

B.

Move the WebStore1 server to the internal network.

C.

Configure IIS 6.0 on WebStore1 to scan the URL for known buffer overflow attacks.

D.

Move the computer account of WebStore1 to the Remote organizational unit (OU).

Your network is being flooded by ICMP packets. When you trace them down they come from multiple different IP addresses. What kind of attack is this?

A.

Syn flood

B.

Ping storm

C.

Smurf attack

D.

DDOS