Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
GIAC
Security Administration
GCIH
GIAC Certified Incident Handler Questions and Answers

Pass the GIAC Security Administration GCIH Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam GCIH Premium Access

View all detail and faqs for the GCIH exam

Go to Exam

817 Students Passed

93% Average Score

92% Same Questions

Viewing page 2 out of 10 pages

Viewing questions 11-20 out of questions

Questions # 11:

Which of the following is spy software that records activity on Macintosh systems via snapshots, keystrokes, and Web site logging?

Options:

Spector

Magic Lantern

eblaster

NetBus

Answer

Questions # 12:

Network mapping provides a security testing team with a blueprint of the organization. Which of the following steps is NOT a part of manual network mapping?

Options:

Gathering private and public IP addresses

Collecting employees information

Banner grabbing

Performing Neotracerouting

Answer

Questions # 13:

Which of the following statements about buffer overflow is true?

Options:

It manages security credentials and public keys for message encryption.

It is a collection of files used by Microsoft for software updates released between major service pack releases.

It is a condition in which an application receives more data than it is configured to accept.

It is a false warning about a virus.

Answer

Questions # 14:

Your network is being flooded by ICMP packets. When you trace them down they come from multiple different IP addresses. What kind of attack is this?

Options:

Syn flood

Ping storm

Smurf attack

DDOS

Answer

Questions # 15:

Which of the following statements are true about session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

Options:

Use of a long random number or string as the session key reduces session hijacking.

It is used to slow the working of victim's network resources.

TCP session hijacking is when a hacker takes over a TCP session between two machines.

It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.

Answer

A, C, D

Questions # 16:

Fill in the blank with the appropriate word.

StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft's /GS option use ______ defense against buffer overflow attacks.

Options:

Answer

Answer:

canary

Questions # 17:

You run the following bash script in Linux:

for i in 'cat hostlist.txt' ;do

nc -q 2 -v $i 80 < request.txt done

Where, hostlist.txt file contains the list of IP addresses and request.txt is the output file. Which of the following tasks do you want to perform by running this script?

Options:

You want to put nmap in the listen mode to the hosts given in the IP address list.

You want to perform banner grabbing to the hosts given in the IP address list.

You want to perform port scanning to the hosts given in the IP address list.

You want to transfer file hostlist.txt to the hosts given in the IP address list.

Answer

Questions # 18:

John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure Website login page, he enters ='or''=' as a username and successfully logs on to the user page of the Web site. Now, John asks the we-aresecure Inc. to improve the login page PHP script. Which of the following suggestions can John give to improve the security of the we-are-secure Website login page from the SQL injection attack?