GCIH Exam Questions
829 real GCIH exam questions with expert-verified answers and explanations. Page 6 of 17.
- Question #258Incident Response & Cyber Kill Chain
Which of the following is designed to protect the Internet resolvers (clients) from forged DNS data created by DNS cache poisoning?
DNSSECDNS cache poisoningDNS securityforged DNS data - Question #259Incident Response & Cyber Kill Chain
You work as a System Engineer for Cyber World Inc. Your company has a single Active Directory domain. All servers in the domain run Windows Server 2008. The Microsoft Hyper-V serve...
Hyper-Vvirtual machine shutdownautomatic stop actionvirtualization management - Question #260Malware Analysis & Advanced Persistent Threats
You work as a Network Administrator for InformSec Inc. You find that the TCP port number 23476 is open on your server. You suspect that there may be a Trojan named Donald Dick inst...
Fporttrojan detectionport-to-process mappingprocess identification - Question #261Vulnerability Exploitation & Privilege Escalation
Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?
rainbow tablespassword crackinghash pre-computationcredential attacks - Question #262Vulnerability Exploitation & Privilege Escalation
Which of the following attacks is specially used for cracking a password?
dictionary attackpassword crackingwordlist attack - Question #263Reconnaissance, Scanning, and Enumeration
You run the following bash script in Linux: for i in 'cat hostlist.txt' ;do nc -q 2 -v $i 80 < request.txt done Where, hostlist.txt file contains the list of IP addresses and reque...
banner grabbingnetcatbash scriptingservice enumeration - Question #264Malware Analysis & Advanced Persistent Threats
The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses...
Klez wormregistry persistenceworm analysisWindows registry - Question #265Web Application Attacks & Post-Exploitation
Website and stolen the bank account information of its users and their credit card numbers by using the SQL injection attack. Now, John wants to sell this information to malicious...
steganographySnow.exedata exfiltrationwhitespace encoding - Question #266Vulnerability Exploitation & Privilege Escalation
Which of the following DoS attacks affects mostly Windows computers by sending corrupt UDP packets?
Bonk attackDoSUDP fragmentationWindows vulnerabilities - Question #267Vulnerability Exploitation & Privilege Escalation
Who are the primary victims of smurf attacks on the contemporary Internet system?
smurf attackICMP amplificationDDoSIRC servers - Question #268Vulnerability Exploitation & Privilege Escalation
Which of the following tools can be used for stress testing of a Web server? Each correct answer represents a complete solution. Choose two.
web stress testingDoS toolsinternet botsload testing - Question #269Vulnerability Exploitation & Privilege Escalation
An attacker sends a large number of packets to a target computer that causes denial of service. Which of the following type of attacks is this?
flooding attackDoSpacket flooddenial of service - Question #270Malware Analysis & Advanced Persistent Threats
Which of the following statements about a Trojan horse are true? Each correct answer represents a complete solution. Choose two.
Trojan horsemalware characteristicsbackdoorunauthorized access - Question #271Web Application Attacks & Post-Exploitation
Which of the following tools is an automated tool that is used to implement SQL injections and to retrieve data from Web server databases?
SQL injectionAbsintheautomated exploitationdatabase extraction - Question #272Reconnaissance, Scanning, and Enumeration
You run the following command while using Nikto Web scanner: perl nikto.pl -h 192.168.0.1 -p 443 What action do you want to perform?
Niktoweb scannerport 443HTTPS scanning - Question #273Vulnerability Exploitation & Privilege Escalation
Which of the following tools can be used to perform brute force attack on a remote database? Each correct answer represents a complete solution. Choose all that apply.
database brute forceSQLBFSQLDictcredential attack - Question #275Reconnaissance, Scanning, and Enumeration
Which of the following commands can be used for port scanning?
netcatport scanningnc -z flagnetwork enumeration - Question #276Web Application Attacks & Post-Exploitation
Which of the following tools can be used for steganography? Each correct answer represents a complete solution. Choose all that apply.
steganography toolsImage HideSnow.execovert channel - Question #277Vulnerability Exploitation & Privilege Escalation
Which of the following Denial-of-Service (DoS) attacks employ IP fragmentation mechanism? Each correct answer represents a complete solution. Choose two.
IP fragmentationTeardrop attackPing of DeathDoS - Question #278Vulnerability Exploitation & Privilege Escalation
Adam, a malicious hacker performs an exploit, which is given below: ##################################################### $port = 53; # Spawn cmd.exe on port X $your = "192.168.1.1...
MSADC exploitremote code executionnetcat backdoorFTP staging - Question #279Incident Response & Cyber Kill Chain
Adam works as an Incident Handler for Umbrella Inc. His recent actions towards the incident are not up to the standard norms of the company. He always forgets some steps and proced...
incident responsechecklistsincident handling proceduresadministrative efficiency - Question #280Vulnerability Exploitation & Privilege Escalation
In which of the following attacking methods does an attacker distribute incorrect IP address?
DNS poisoningDNS cache poisoningIP address spoofingnetwork attacks - Question #281Reconnaissance, Scanning, and Enumeration
You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security o...
idle scanIPID incrementHpingzombie host - Question #282Web Application Attacks & Post-Exploitation
Which of the following statements are true about session hijacking? Each correct answer represents a complete solution. Choose all that apply.
session hijackingTCP sessionsession keyunauthorized access - Question #283Incident Response & Cyber Kill Chain
Your network is being flooded by ICMP packets. When you trace them down they come from multiple different IP addresses. What kind of attack is this?
DDoSICMP floodspoofed IPnetwork attack - Question #284Reconnaissance, Scanning, and Enumeration
Adam works as a Security administrator for Umbrella Inc. He runs the following traceroute and notices that hops 19 and 20 both show the same IP address. 1 172.16.1.254 (172.16.1.25...
traceroute analysisstateful firewallnetwork topologyfirewall detection - Question #285Malware Analysis & Advanced Persistent Threats
Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up...
Trojan horsefile binderNetBusmalware bundling - Question #286Malware Analysis & Advanced Persistent Threats
Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Vict...
steganographyactive attackssteganalysisimage manipulation - Question #287Incident Response & Cyber Kill Chain
Which of the following is the process of comparing cryptographic hash functions of system executables and configuration files?
file integrity auditingcryptographic hashintegrity verificationconfiguration files - Question #288Reconnaissance, Scanning, and Enumeration
Which of the following are open-source vulnerability scanners?
vulnerability scannersNessusNiktoopen-source tools - Question #289Malware Analysis & Advanced Persistent Threats
Victor wants to send an encrypted message to his friend. He is using certain steganography technique to accomplish this task. He takes a cover object and changes it accordingly to...
steganographydistortion techniquecover objectinformation hiding - Question #290Malware Analysis & Advanced Persistent Threats
Which of the following statements is true about the difference between worms and Trojan horses?
wormsTrojan horsesmalware classificationself-replication - Question #291Malware Analysis & Advanced Persistent Threats
Which of the following is executed when a predetermined event occurs?
logic bombevent-triggered malwaremalware typespayload - Question #292Incident Response & Cyber Kill Chain
Adam, a malicious hacker purposely sends fragmented ICMP packets to a remote target. The total size of this ICMP packet once reconstructed is over 65,536 bytes. On the basis of abo...
Ping of DeathICMP fragmentationoversized packetDoS attack - Question #293Reconnaissance, Scanning, and Enumeration
As a professional hacker, you want to crack the security of secureserver.com. For this, in the information gathering step, you performed scanning with the help of nmap utility to r...
nmapIP protocol scanservice enumeration-sO flag - Question #294Reconnaissance, Scanning, and Enumeration
Which of the following nmap command parameters is used for TCP SYN port scanning?
nmapTCP SYN scanport scanning-sS flag - Question #295Incident Response & Cyber Kill Chain
In which of the following attacks does an attacker create the IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impe...
IP spoofingsource IP forgeryidentity concealmentnetwork attack - Question #296Malware Analysis & Advanced Persistent Threats
Which of the following viruses/worms uses the buffer overflow attack?
Code Red wormbuffer overflowworm propagationexploit technique - Question #297Reconnaissance, Scanning, and Enumeration
Which of the following techniques is used when a system performs the penetration testing with the objective of accessing unauthorized information residing inside a computer?
port scanningpenetration testingreconnaissanceinformation gathering - Question #298Incident Response & Cyber Kill Chain
Mark works as a Network Administrator for Perfect Inc. The company has both wired and wireless networks. An attacker attempts to keep legitimate users from accessing services that...
DoS attackavailability attackIDS/IPSservice disruption - Question #299Vulnerability Exploitation & Privilege Escalation
Which of the following functions in c/c++ can be the cause of buffer overflow? Each correct answer represents a complete solution. Choose two.
buffer overflowunsafe C functionsstrcatstrcpy - Question #300Incident Response & Cyber Kill Chain
You work as a System Administrator in SunSoft Inc. You are running a virtual machine on Windows Server 2003. The virtual machine is protected by DPM. Now, you want to move the virt...
virtual machine migrationdata protectionDPMbackup recovery - Question #301Reconnaissance, Scanning, and Enumeration
In the DNS Zone transfer enumeration, an attacker attempts to retrieve a copy of the entire zone file for a domain from a DNS server. The information provided by the DNS zone can h...
DNS zone transferenumeration toolsDNS reconnaissanceNSLookup - Question #302Malware Analysis & Advanced Persistent Threats
Which of the following types of malware can an antivirus application disable and destroy? Each correct answer represents a complete solution. Choose all that apply.
antivirus detectionmalware typesrootkitworm - Question #303Reconnaissance, Scanning, and Enumeration
Which of the following penetration testing phases involves reconnaissance or data gathering?
penetration testing phasespre-attack phasereconnaissance - Question #304Incident Response & Cyber Kill Chain
You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries. But since few days, it i...
incident handling processeradicationrecoveryidentification - Question #307Malware Analysis & Advanced Persistent Threats
Which of the following tools uses common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures of the rootkits?
chkrootkitrootkit detectionstrings grepUnix tools - Question #308Malware Analysis & Advanced Persistent Threats
Which of the following rootkits is used to attack against full disk encryption systems?
boot loader rootkitfull disk encryption bypassrootkit types - Question #309Web Application Attacks & Post-Exploitation
Which of the following statements are true about Dsniff? Each correct answer represents a complete solution. Choose two.
DSniffnetwork sniffing toolscredential harvestinghacking toolkit - Question #310Malware Analysis & Advanced Persistent Threats
Which of the following rootkits patches, hooks, or replaces system calls with versions that hide information about the attacker?
library rootkitsystem call hookingrootkit typesinformation hiding