GCIH Exam Questions
829 real GCIH exam questions with expert-verified answers and explanations. Page 4 of 17.
- Question #155Incident Response & Cyber Kill Chain
Which of the following statements are true regarding SYN flood attack?
SYN floodDoS attackTCP handshakeSYN cookies - Question #156Incident Response & Cyber Kill Chain
Which of the following attacks involves multiple compromised systems to attack a single target?
DDoS attackbotnetdistributed attack - Question #157Incident Response & Cyber Kill Chain
You are monitoring your network's behavior. You find a sudden increase in traffic on the network. It seems to come in bursts and emanate from one specific machine. You have been ab...
DoS attackbotnetnetwork anomaly detectiontraffic analysis - Question #158Incident Response & Cyber Kill Chain
The IT administrator wants to implement a stronger security policy. What are the four most
security policyauthenticationnetwork access controldata protection - Question #159Incident Response & Cyber Kill Chain
US Garments wants all encrypted data communication between corporate office and remote location. They want to achieve following results: l Authentication of users l Anti-replay l A...
IPSecAuthentication Headeranti-replayanti-spoofing - Question #160Reconnaissance, Scanning, and Enumeration
connection. Which of the following scanning techniques will he use to accomplish this task?
TCP SYN scanport scanningstealth scanhalf-open scan - Question #161Incident Response & Cyber Kill Chain
Which of the following types of skills are required in the members of an incident handling team? Each correct answer represents a complete solution. Choose all that apply.
incident handlingteam compositionIR skillsorganizational skills - Question #162Vulnerability Exploitation & Privilege Escalation
Which of the following attacks capture the secret value like a hash and reuse it later to gain access to a system without ever decrypting or decoding the hash?
replay attackhash reusecredential theftauthentication bypass - Question #163Reconnaissance, Scanning, and Enumeration
Firewalking is a technique that can be used to gather information about a remote network protected by a firewall. This technique can be used effectively to perform information gath...
firewalkingTTL manipulationfirewall reconnaissanceICMP - Question #164Malware Analysis & Advanced Persistent Threats
Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use Steganographic file system method to encrypt and hide some secret information. Which of the followi...
steganographyslack spacedata hidinghidden partition - Question #165Vulnerability Exploitation & Privilege Escalation
Which of the following is used by attackers to obtain an authenticated connection on a network?
replay attackauthenticated connectionsession hijackingnetwork attack - Question #166Malware Analysis & Advanced Persistent Threats
Jane works as a Consumer Support Technician for ABC Inc. The company provides troubleshooting support to users. Jane is troubleshooting the computer of a user who has installed sof...
rootkitsmalware typesprivilege escalationstealth software - Question #167Malware Analysis & Advanced Persistent Threats
An Active Attack is a type of steganography attack in which the attacker changes the carrier during the communication process. Which of the following techniques is used for smoothi...
steganographyimage manipulationactive attackblur technique - Question #168Vulnerability Exploitation & Privilege Escalation
You want to create an SSH tunnel for POP and SMTP protocols. Which of the following commands will you run?
SSH tunnelingport forwardingPOPSMTP - Question #169Malware Analysis & Advanced Persistent Threats
Which of the following are based on malicious code? Each correct answer represents a complete solution. Choose two.
malware typesTrojanwormmalicious code - Question #170Vulnerability Exploitation & Privilege Escalation
Which of the following is the most common vulnerability that can affect desktop applications written in native code?
buffer overflownative codememory corruptiondesktop vulnerabilities - Question #171Malware Analysis & Advanced Persistent Threats
John works as a Network Administrator for We-are-secure Inc. He finds that TCP port 7597 of the Weare- secure server is open. He suspects that it may be open due to a Trojan instal...
Qaz TrojanTrojan identificationnotepad.exeport 7597 - Question #172Incident Response & Cyber Kill Chain
Which of the following is the difference between SSL and S-HTTP?
SSLS-HTTPprotocol layerstransport security - Question #173Incident Response & Cyber Kill Chain
You discover that all available network bandwidth is being used by some unknown service. You discover that UDP packets are being used to connect the echo service on one machine to...
UDP floodecho chargen attackDoSbandwidth exhaustion - Question #174Malware Analysis & Advanced Persistent Threats
Which of the following Trojans is used by attackers to modify the Web browser settings?
browser hijackerTrojan typesWMA TrojanDownloaderweb browser manipulation - Question #175Vulnerability Exploitation & Privilege Escalation
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function);...
replay attackeavesdroppingauthentication bypasscredential theft - Question #176Malware Analysis & Advanced Persistent Threats
You want to add a netbus Trojan in the chess.exe game program so that you can gain remote access to a friend's computer. Which of the following tools will you use to accomplish the...
Trojan bindingfile wrappingNetBusremote access Trojan - Question #177Reconnaissance, Scanning, and Enumeration
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters...
NmapOS fingerprintingTCP/IP stacknetwork scanning - Question #178Incident Response & Cyber Kill Chain
You are concerned about rootkits on your network communicating with attackers outside your network. Without using an IDS how can you detect this sort of activity?
rootkit detectionfirewall logsnetwork monitoringthreat detection - Question #180Incident Response & Cyber Kill Chain
Adam works as an Incident Handler for Umbrella Inc. He is informed by the senior authorities that the server of the marketing department has been affected by a malicious hacking at...
IR phasescontainmentvolatile data collectionincident response process - Question #181Reconnaissance, Scanning, and Enumeration
Which of the following penetration testing phases involves gathering data from whois, DNS, and network scanning, which helps in mapping a target network and provides valuable infor...
pre-attack phasereconnaissancewhoisDNS enumeration - Question #182Reconnaissance, Scanning, and Enumeration
Which of the following tools are used as a network traffic monitoring tool in the Linux operating system? Each correct answer represents a complete solution. Choose all that apply.
network monitoring toolsLinuxIPTraftraffic analysis - Question #183Incident Response & Cyber Kill Chain
Adam works as a Security Analyst for Umbrella Inc. CEO of the company ordered him to implement two-factor authentication for the employees to access their networks. He has told him...
two-factor authenticationsecurity tokenhardware tokenauthentication mechanisms - Question #184Vulnerability Exploitation & Privilege Escalation
Which of the following statements about buffer overflow are true? Each correct answer represents a complete solution. Choose two.
buffer overflowmemory corruptionapplication vulnerabilityinput validation - Question #185Incident Response & Cyber Kill Chain
Which of the following practices come in the category of denial of service attack? Each correct answer represents a complete solution. Choose three.
denial of serviceICMP floodbandwidth exhaustionDoS techniques - Question #186Reconnaissance, Scanning, and Enumeration
Victor is a novice Ethical Hacker. He is learning the hacking process, i.e., the steps taken by malicious hackers to perform hacking. Which of the following steps is NOT included i...
hacking methodologyhacking phasespenetration testing lifecyclereconnaissance - Question #187Malware Analysis & Advanced Persistent Threats
Which of the following types of rootkits replaces regular application binaries with Trojan fakes and modifies the behavior of existing applications using hooks, patches, or injecte...
rootkit typesapplication-level rootkitTrojan injectionmalware persistence - Question #188Malware Analysis & Advanced Persistent Threats
John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the c...
steganographydata exfiltrationcovert channelimage hiding - Question #189Incident Response & Cyber Kill Chain
You work as a System Administrator for Happy World Inc. Your company has a server named uC1 that runs Windows Server 2008. The Windows Server virtualization role service is install...
VM snapshotvirtualizationsystem recoveryrollback - Question #190Reconnaissance, Scanning, and Enumeration
John works as a Network Security Professional. He is assigned a project to test the security of with netcat and sends a bad html request in order to retrieve information about the...
banner grabbingnetcatservice enumerationHTTP fingerprinting - Question #192Web Application Attacks & Post-Exploitation
You run the following PHP script: <?php $name = mysql_real_escape_string($_POST["name"]); $password = mysql_real_escape_string($_POST["password"]); ?> What is the use of the mysql_...
SQL injectioninput sanitizationmysql_real_escape_stringPHP security - Question #193Malware Analysis & Advanced Persistent Threats
Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up...
Trojan horseBack Orificemalware bundlingremote access trojan - Question #194Incident Response & Cyber Kill Chain
Which of the following ensures that a party to a dispute cannot deny the authenticity of their signature on a document or the sending of a message that they originated?
non-repudiationdigital signaturesauthenticationsecurity principles - Question #195Reconnaissance, Scanning, and Enumeration
Which of the following scanning tools is also a network analysis tool that sends packets with nontraditional IP stack parameters and allows the scanner to gather information from t...
HPingpacket craftingnetwork scanningIP stack manipulation - Question #196Vulnerability Exploitation & Privilege Escalation
You execute the following netcat command: c:\target\nc -1 -p 53 -d -e cmd.exe What action do you want to perform by issuing the above command?
netcatreverse shellcommand executionport 53 tunneling - Question #197Incident Response & Cyber Kill Chain
You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process to handle the events and incidents. You identify Denial of Service attack (DOS) f...
incident handling phasescontainmentDoS responseincident lifecycle - Question #198Incident Response & Cyber Kill Chain
Which of the following procedures is designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a sy...
cyber incident response planCIRPincident response policysecurity planning - Question #199Incident Response & Cyber Kill Chain
You work as a Senior Marketing Manager for Umbrella Inc. You find out that some of the software applications on the systems were malfunctioning and also you were not able to access...
incident handlingidentification phasefalse positive triageincident classification - Question #200Incident Response & Cyber Kill Chain
You are the Administrator for a corporate network. You are concerned about denial of service attacks. Which of the following would be the most help against Denial of Service (DOS)...
DoS defensestateful packet inspectionSPI firewallpacket filtering - Question #201Web Application Attacks & Post-Exploitation
Adam, a malicious hacker has successfully gained unauthorized access to the Linux system of Umbrella Inc. Web server of the company runs on Apache. He has downloaded sensitive docu...
anti-forensicsdisk wipingbash scriptingcovering tracks - Question #202Reconnaissance, Scanning, and Enumeration
Which of the following is an Internet mapping technique that relies on various BGP collectors that collect information such as routing updates and tables and provide this informati...
BGPAS PATH inferenceinternet mappingrouting tables - Question #203Reconnaissance, Scanning, and Enumeration
Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform a user must install a packet c...
WinPCappacket captureWindumpTCPDump - Question #204Vulnerability Exploitation & Privilege Escalation
You want to measure the number of heaps used and overflows occurred at a point in time. Which of the following commands will you run to activate the appropriate monitor?
heap overflowDB2 monitorbuffer monitoringdatabase configuration - Question #205Vulnerability Exploitation & Privilege Escalation
Which of the following languages are vulnerable to a buffer overflow attack? Each correct answer represents a complete solution. Choose all that apply.
buffer overflowmemory unsafe languagesCC++ - Question #206Malware Analysis & Advanced Persistent Threats
Which of the following is the method of hiding data within another media type such as graphic or document?
steganographydata hidingcovert channelobfuscation