Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home GIAC GCIH

GIAC GCIH Exam Practice Questions (P. 3)

  • Full Access (842 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
Which of the following statements are true about a keylogger?
Each correct answer represents a complete solution. (Choose all that apply.)
  1. A
    It records all keystrokes on the victim's computer in a predefined log file.
  2. B
    It can be remotely installed on a computer system.
  3. C
    It is a software tool used to trace all or specific activities of a user on a computer.
  4. D
    It uses hidden code to destroy or scramble data on the hard disk.

Correct Answer:
ABC

Question #22
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server. The output of the scanning test is as follows:
C:\whisker.pl -h target_IP_address
-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =
= Host: target_IP_address
= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1
mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22
+ 200 OK: HEAD /cgi-bin/printenv
John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?
Each correct answer represents a complete solution. (Choose all that apply.)
  1. A
    This vulnerability helps in a cross site scripting attack.
  2. B
    'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.
  3. C
    The countermeasure to 'printenv' vulnerability is to remove the CGI script.
  4. D
    With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.

Correct Answer:
ACD

Question #23
Which of the following statements about buffer overflow is true?
  1. A
    It manages security credentials and public keys for message encryption.
  2. B
    It is a collection of files used by Microsoft for software updates released between major service pack releases.
  3. C
    It is a condition in which an application receives more data than it is configured to accept.
  4. D
    It is a false warning about a virus.

Correct Answer:
C

Question #24
Which of the following commands is used to access Windows resources from Linux workstation?
  1. A
    mutt
  2. B
    scp
  3. C
    rsync
  4. D
    smbclient

Correct Answer:
D

Question #25
Adam, a malicious hacker, wants to perform a reliable scan against a remote target. He is not concerned about being stealth at this point.
Which of the following type of scans would be most accurate and reliable?
  1. A
    UDP sacn
  2. B
    TCP Connect scan
  3. C
    ACK scan
  4. D
    Fin scan

Correct Answer:
B

Question #26
You have configured a virtualized Internet browser on your Windows XP professional computer. Using the virtualized Internet browser, you can protect your operating system from which of the following?
  1. A
    Brute force attack
  2. B
    Mail bombing
  3. C
    Distributed denial of service (DDOS) attack
  4. D
    Malware installation from unknown Web sites

Correct Answer:
D

Question #27
Which of the following statements about Denial-of-Service (DoS) attack are true?
Each correct answer represents a complete solution. (Choose three.)
  1. A
    It disrupts services to a specific computer.
  2. B
    It changes the configuration of the TCP/IP protocol.
  3. C
    It saturates network resources.
  4. D
    It disrupts connections between two computers, preventing communications between services.

Correct Answer:
ACD

Question #28
You see the career section of a company's Web site and analyze the job profile requirements. You conclude that the company wants professionals who have a sharp knowledge of Windows server 2003 and Windows active directory installation and placement. Which of the following steps are you using to perform hacking?
  1. A
    Scanning
  2. B
    Covering tracks
  3. C
    Reconnaissance
  4. D
    Gaining access

Correct Answer:
C

Question #29
John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure
Website login page, he enters ='or''=' as a username and successfully logs on to the user page of the Web site. Now, John asks the we-aresecure Inc. to improve the login page PHP script. Which of the following suggestions can John give to improve the security of the we-are-secure Website login page from the SQL injection attack?
  1. A
    Use the escapeshellarg() function
  2. B
    Use the session_regenerate_id() function
  3. C
    Use the mysql_real_escape_string() function for escaping input
  4. D
    Use the escapeshellcmd() function

Correct Answer:
C

Question #30
You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. An attacker uses software that keeps trying password combinations until the correct password is found. Which type of attack is this?
  1. A
    Denial-of-Service
  2. B
    Man-in-the-middle
  3. C
    Brute Force
  4. D
    Vulnerability

Correct Answer:
C

Previous Questions Next Questions

All Pages