Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the GIAC Security Administration GCIH Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam GCIH Premium Access

View all detail and faqs for the GCIH exam

Go to Exam

817 Students Passed

93% Average Score

92% Same Questions
Viewing page 3 out of 10 pages
Viewing questions 21-30 out of questions
Questions # 21:

Which of the following statements about a Trojan horse are true?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It is a macro or script that attaches itself to a file or template.

B.

The writers of a Trojan horse can use it later to gain unauthorized access to a computer.

C.

It is a malicious software program code that resembles another normal program.

D.

It infects the boot record on hard disks and floppy disks.

Questions # 22:

You run the following command while using Nikto Web scanner:

perl nikto.pl -h 192.168.0.1 -p 443

What action do you want to perform?

Options:

A.

Using it as a proxy server

B.

Updating Nikto

C.

Seting Nikto for network sniffing

D.

Port scanning

Questions # 23:

Which of the following attacks come under the category of layer 2 Denial-of-Service attacks?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Spoofing attack

B.

SYN flood attack

C.

Password cracking

D.

RF jamming attack

Questions # 24:

Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?

Options:

A.

Preparation phase

B.

Eradication phase

C.

Identification phase

D.

Recovery phase

E.

Containment phase

Questions # 25:

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server. The output of the scanning test is as follows:

C:\whisker.pl -h target_IP_address

-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =

= Host: target_IP_address

= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1

mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22

+ 200 OK: HEAD /cgi-bin/printenv

John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

This vulnerability helps in a cross site scripting attack.

B.

'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.

C.

The countermeasure to 'printenv' vulnerability is to remove the CGI script.

D.

With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.

Questions # 26:

An attacker sends a large number of packets to a target computer that causes denial of service.

Which of the following type of attacks is this?

Options:

A.

Spoofing

B.

Snooping

C.

Phishing

D.

Flooding

Questions # 27:

Which of the following malicious software travels across computer networks without the assistance of a user?

Options:

A.

Worm

B.

Virus

C.

Hoax

D.

Trojan horses

Questions # 28:

John, a part-time hacker, has accessed in unauthorized way to the www.yourbank.com banking Website and stolen the bank account information of its users and their credit card numbers by using the SQL injection attack. Now, John wants to sell this information to malicious person Mark and make a deal to get a good amount of money. Since, he does not want to send the hacked information in the clear text format to Mark; he decides to send information in hidden text. For this, he takes a steganography tool and hides the information in ASCII text by appending whitespace to the end of lines and encrypts the hidden information by using the IDEA encryption algorithm. Which of the following tools is John using for steganography?

Options:

A.

Image Hide

B.

2Mosaic

C.

Snow.exe

D.

Netcat

Questions # 29:

Which of the following types of attacks is only intended to make a computer resource unavailable to its users?

Options:

A.

Denial of Service attack

B.

Replay attack

C.

Teardrop attack

D.

Land attack

Questions # 30:

Your company has been hired to provide consultancy, development, and integration services for a company named Brainbridge International. You have prepared a case study to plan the upgrade for the company. Based on the case study, which of the following steps will you suggest for configuring WebStore1?

Each correct answer represents a part of the solution. Choose two.

Options:

A.

Customize IIS 6.0 to display a legal warning page on the generation of the 404.2 and 404.3 errors.

B.

Move the WebStore1 server to the internal network.

C.

Configure IIS 6.0 on WebStore1 to scan the URL for known buffer overflow attacks.

D.

Move the computer account of WebStore1 to the Remote organizational unit (OU).

Viewing page 3 out of 10 pages
Viewing questions 21-30 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PCNSE
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA