GCIH Questions Prepare with Learning Information! 2023 Regularly updated
Get GCIH Products Practice Material for GCIH Exam Question Preparation
NEW QUESTION # 94
John works as a Network Administrator for We-are-secure Inc. He finds that TCP port 7597 of the Weare- secure
server is open. He suspects that it may be open due to a Trojan installed on the server. He presents a report to the
company describing the symptoms of the Trojan. A summary of the report is given below:
Once this Trojan has been installed on the computer, it searches Notpad.exe, renames it Note.com, and then copies
itself to the computer as Notepad.exe. Each time Notepad.exe is executed, the Trojan executes and calls the original
Notepad to avoid being noticed.
Which of the following Trojans has the symptoms as the one described above?
- A. SubSeven
- B. NetBus
- C. Qaz
- D. eBlaster
Answer: C
NEW QUESTION # 95
Which of the following techniques does an attacker use to sniff data frames on a local area network and modify the
traffic?
- A. IP address spoofing
- B. Email spoofing
- C. ARP spoofing
- D. MAC spoofing
Answer: C
NEW QUESTION # 96
Which of the following services CANNOT be performed by the nmap utility?
Each correct answer represents a complete solution. Choose all that apply.
- A. Sniffing
- B. Port scanning
- C. Active OS fingerprinting
- D. Passive OS fingerprinting
Answer: A,D
NEW QUESTION # 97
Which of the following is the best method of accurately identifying the services running on a victim host?
- A. Use of a port scanner to scan each port to confirm the services running.
- B. Use of the manual method of telnet to each of the open ports.
- C. Use of a vulnerability scanner to try to probe each port to verify which service is running.
- D. Use of hit and trial method to guess the services and ports of the victim host.
Answer: B
Explanation:
Section: Volume A
NEW QUESTION # 98
Which of the following techniques can be used to map 'open' or 'pass through' ports on a gateway?
- A. Tracefire
- B. Traceport
- C. Traceroute
- D. Tracegate
Answer: C
NEW QUESTION # 99
The IT administrator wants to implement a stronger security policy. What are the four most important security
priorities for PassGuide Software Systems Pvt. Ltd.?
(Click the Exhibit button on the toolbar to see the case study.)
- A. Preventing denial-of-service attacks.
- B. Implementing Certificate services on Texas office.
- C. Providing secure communications between the overseas office and the headquarters.
- D. Providing secure communications between Washington and the headquarters office.
- E. Ensuring secure authentication.
- F. Preventing unauthorized network access.
- G. Protecting employee data on portable computers.
- H. Providing two-factor authentication.
Answer: C,E,F,G
NEW QUESTION # 100
You want to integrate the Nikto tool with nessus vulnerability scanner. Which of the following steps will you take to
accomplish the task?
Each correct answer represents a complete solution. Choose two.
- A. Place nikto.pl file in the /var/www directory.
- B. Place nikto.pl file in the /etc/nessus directory.
- C. Restart nessusd service.
- D. Place the directory containing nikto.pl in root's PATH environment variable.
Answer: C,D
NEW QUESTION # 101
You discover that all available network bandwidth is being used by some unknown service. You discover that UDP packets are being used to connect the echo service on one machine to the chargen service on another machine. What kind of attack is this?
- A. Smurf
- B. Evil Twin
- C. Virus
- D. Denial of Service
Answer: D
NEW QUESTION # 102
Victor works as a professional Ethical Hacker for SecureEnet Inc. He wants to scan the wireless network of the
company. He uses a tool that is a free open-source utility for network exploration. The tool uses raw IP packets to
determine the following:
What ports are open on our network systems.
What hosts are available on the network.
Identify unauthorized wireless access points.
What services (application name and version) those hosts are offering.
What operating systems (and OS versions) they are running.
What type of packet filters/firewalls are in use.
Which of the following tools is Victor using?
- A. Nessus
- B. Nmap
- C. Sniffer
- D. Kismet
Answer: B
NEW QUESTION # 103
Which of the following attacks allows an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether?
- A. Port scanning
- B. Man-in-the-middle
- C. Session hijacking
- D. ARP spoofing
Answer: D
NEW QUESTION # 104
Which of the following HTTP requests is the SQL injection attack?
- A. http://www.myserver.com/script.php?mydata=%3cscript%20src=%22http%3a%2f%
2fwww.yourser ver.c0m %2fbadscript.js%22%3e%3c%2fscript%3e - B. http://www.victim.com/example?accountnumber=67891&creditamount=999999999
- C. http://www.xsecurity.com/cgiin/bad.cgi?foo=..%fc%80%80%80%80%af../bin/ls%20-al
- D. http://www.myserver.com/search.asp?lname=adam%27%3bupdate%20usertable%20set% 20pass wd%3d
%27hCx0r%27%3b--%00
Answer: D
Explanation:
Section: Volume C
NEW QUESTION # 105
You are hired as a Database Administrator for Jennifer Shopping Cart Inc. You monitor the server health through the System Monitor and found that there is a sudden increase in the number of logins.
Which of the following types of attack has occurred?
- A. Worm
- B. Injection
- C. Virus
- D. Denial-of-service
Answer: D
NEW QUESTION # 106
Choose the correct six-step process of threat modeling from the list of different steps.
Answer:
Explanation:
NEW QUESTION # 107
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare- secure.com. He installs a rootkit on the Linux server of the We-are-secure network. Which of the following statements are true about rootkits?
Each correct answer represents a complete solution. Choose all that apply.
- A. They allow an attacker to run packet sniffers secretly to capture passwords.
- B. They allow an attacker to conduct a buffer overflow.
- C. They allow an attacker to set a Trojan in the operating system and thus open a backdoor for anytime access.
- D. They allow an attacker to replace utility programs that can be used to detect the attacker's activity.
Answer: A,C,D
Explanation:
Section: Volume C
NEW QUESTION # 108
When you conduct the XMAS scanning using Nmap, you find that most of the ports scanned do not give a response. What can be the state of these ports?
- A. Filtered
- B. Open
- C. Closed
Answer: B
NEW QUESTION # 109
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint.
Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?
- A. nmap -sU -p
- B. nmap -sT
- C. nmap -sS
- D. nmap -O -p
Answer: D
NEW QUESTION # 110
US Garments wants all encrypted data communication between corporate office and remote location.
They want to achieve following results:
l Authentication of users
l Anti-replay
l Anti-spoofing
l IP packet encryption
They implemented IPSec using Authentication Headers (AHs). Which results does this solution provide?
Each correct answer represents a complete solution. Choose all that apply.
- A. Anti-replay
- B. Anti-spoofing
- C. IP packet encryption
- D. Authentication of users
Answer: A,B
NEW QUESTION # 111
You run the following command while using Nikto Web scanner:
perl nikto.pl -h 192.168.0.1 -p 443
What action do you want to perform?
- A. Updating Nikto
- B. Seting Nikto for network sniffing
- C. Using it as a proxy server
- D. Port scanning
Answer: D
NEW QUESTION # 112
Which of the following types of channels is used by Trojans for communication?
- A. Open channel
- B. Overt channel
- C. Loop channel
- D. Covert channel
Answer: D
NEW QUESTION # 113
Adam has installed and configured his wireless network. He has enabled numerous security features such as changing
the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Adam notices that when
he uses his wireless connection, the speed is sometimes 16 Mbps and sometimes it is only 8 Mbps or less. Adam
connects to the management utility wireless router and finds out that a machine with an unfamiliar name is
connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has
the same MAC address as his laptop.
Which of the following attacks has been occurred on the wireless network of Adam?
- A. DNS cache poisoning
- B. ARP spoofing
- C. NAT spoofing
- D. MAC spoofing
Answer: D
NEW QUESTION # 114
An attacker sends a large number of packets to a target computer that causes denial of service.
Which of the following type of attacks is this?
- A. Spoofing
- B. Flooding
- C. Phishing
- D. Snooping
Answer: B
NEW QUESTION # 115
Which of the following malicious code can have more than one type of trigger, multiple task capabilities, and can replicate itself in more than one manner?
- A. Blended threat
- B. Boot sector virus
- C. Trojan
- D. Macro virus
Answer: A
Explanation:
Section: Volume B
NEW QUESTION # 116
......
Most Reliable GIAC GCIH Training Materials: https://www.passcollection.com/GCIH_real-exams.html
The Realest Study Materials GCIH Dumps: https://drive.google.com/open?id=1KDJFXikjMcTTgxH2cYNi7dXPPLwotAky

