Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

GIAC GCIH - GIAC Certified Incident Handler

GIAC GCIH Premium Access     Download Demo    
Page: 9 / 10
Total 328 questions

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against __________.

A.

IIS buffer overflow

B.

NetBIOS NULL session

C.

SNMP enumeration

D.

DNS zone transfer

Which of the following is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic?

A.

Klez

B.

Code red

C.

SQL Slammer

D.

Beast

Which of the following statements about buffer overflow is true?

A.

It manages security credentials and public keys for message encryption.

B.

It is a collection of files used by Microsoft for software updates released between major service pack releases.

C.

It is a condition in which an application receives more data than it is configured to accept.

D.

It is a false warning about a virus.

Which of the following tools can be used to detect the steganography?

A.

Dskprobe

B.

Blindside

C.

ImageHide

D.

Snow

Adam works as a sales manager for Umbrella Inc. He wants to download software from the Internet. As the software comes from a site in his untrusted zone, Adam wants to ensure that the downloaded software has not been Trojaned. Which of the following options would indicate the best course of action for Adam?

A.

Compare the file size of the software with the one given on the Website.

B.

Compare the version of the software with the one published on the distribution media.

C.

Compare the file's virus signature with the one published on the distribution.

D.

Compare the file's MD5 signature with the one published on the distribution media.

Which of the following commands is used to access Windows resources from Linux workstation?

A.

mutt

B.

scp

C.

rsync

D.

smbclient

Adam, a malicious hacker is running a scan. Statistics of the scan is as follows:

Scan directed at open port: ClientServer

192.5.2.92:4079 ---------FIN--------->192.5.2.110:23192.5.2.92:4079 <----NO RESPONSE---

---192.5.2.110:23

Scan directed at closed port:

ClientServer

192.5.2.92:4079 ---------FIN--------->192.5.2.110:23

192.5.2.92:4079<-----RST/ACK----------192.5.2.110:23

Which of the following types of port scan is Adam running?

A.

ACK scan

B.

FIN scan

C.

XMAS scan

D.

Idle scan

Which of the following Denial-of-Service (DoS) attacks employ IP fragmentation mechanism?

Each correct answer represents a complete solution. Choose two.

A.

Land attack

B.

SYN flood attack

C.

Teardrop attack

D.

Ping of Death attack

Which of the following statements are true about worms?

Each correct answer represents a complete solution. Choose all that apply.

A.

Worms cause harm to the network by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

B.

Worms can exist inside files such as Word or Excel documents.

C.

One feature of worms is keystroke logging.

D.

Worms replicate themselves from one system to another without using a host file.

Adam has installed and configured his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Adam notices that when he uses his wireless connection, the speed is sometimes 16 Mbps and sometimes it is only 8 Mbps or less. Adam connects to the management utility wireless router and finds out that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has the same MAC address as his laptop.

Which of the following attacks has been occurred on the wireless network of Adam?

A.

NAT spoofing

B.

DNS cache poisoning

C.

MAC spoofing

D.

ARP spoofing