GCIH Practice Exams and Training Solutions for Certifications [Q80-Q100]

4.3/5 - (9 votes)

GCIH Practice Exams and Training Solutions for Certifications

Dumps Free Test Engine Player Verified Answers

GIAC GCIH Exam is an essential certification for individuals who want to pursue a career in incident handling and response. GIAC Certified Incident Handler certification validates the skills and knowledge of individuals in detecting, responding, and resolving security incidents. It is a globally recognized certification and is a valuable credential in the cybersecurity industry. GIAC Certified Incident Handler certification is beneficial for professionals working in security operations centers, incident response teams, or cybersecurity consulting firms.

GIAC GCIH Exam Syllabus Topics:

Topic Details
Metasploit – The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against the use of Metasploit.
Endpoint Attacks and Pivoting – The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against attacks against endpoints and attack pivoting.
Scanning and Mapping – The candidate will demonstrate an understanding the fundamentals of how to identify, defend against, and mitigate against scanning; to discover and map networks and hosts, and reveal services and vulnerabilities.
Reconnaissance and Open-Source Intelligence – The candidate will demonstrate an understanding of how to identify, defend against, and mitigate public and open source reconnaissance techniques.
Netcat – The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against the use of covert tools such as netcat.
Web App Attacks – The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against Web Application Attacks.
Memory and Malware Investigations – The candidate will demonstrate an understanding of the steps necessary to perform basic memory forensics, including collection and analysis of processes and network connections and basic malware analysis.
Domain Attacks – The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against Domain attacks in Windows environments.
Network Investigations – The candidate will demonstrate an understanding of the steps necessary to perform effective digital investigations of network data.
Covering Tracks on Hosts – The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against methods attackers use to remove evidence of compromise on hosts.
Drive-By Attacks – The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against drive-by attacks in modern environments.
Covering Tracks on the Network – The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against methods attackers use to remove evidence of compromise on the network.
SMB Scanning – The candidate will demonstrate an understanding of how to identify, defend against, and mitigate reconnaissance and scanning of SMB services.
Password Attacks – The candidate will demonstrate a detailed understanding of the three methods of password cracking.
Incident Handling and Digital Investigations – The candidate will demonstrate an understanding of what Incident Handling is, why it is important, an understanding of the PICERL incident handling process, and industry best practices in Incident Handling and Digital Investigations.

GIAC GCIH certification is a valuable certification for professionals who want to advance their careers in incident handling and response. GIAC Certified Incident Handler certification not only validates the candidate’s knowledge and skills but also demonstrates their commitment to the field of incident handling. The GCIH certification is recognized by employers worldwide and is often required for positions in incident handling and response. Overall, the GIAC GCIH certification exam is an excellent choice for professionals who want to enhance their skills and knowledge in incident handling and response and validate their expertise in the field.

 

Q80. Which of the following commands is used to access Windows resources from Linux workstation?

 
 
 
 

Q81. Which of the following threats is a combination of worm, virus, and Trojan horse characteristics?

 
 
 
 

Q82. Adam works as a Security Administrator for the Umbrella Inc. A project has been assigned to him to strengthen the security policies of the company, including its password policies. However, due to some old applications, Adam is only able to enforce a password group policy in Active Directory with a minimum of 10 characters. He informed the employees of the company, that the new password policy requires that everyone must have complex passwords with at least 14 characters. Adam wants to ensure that everyone is using complex passwords that meet the new security policy requirements. He logged on to one of the network’s domain controllers and runs the following command:

Which of the following actions will this command take?

 
 
 
 

Q83. You want to integrate the Nikto tool with nessus vulnerability scanner. Which of the following steps will you take to accomplish the task?
Each correct answer represents a complete solution. Choose two.

 
 
 
 

Q84. Which of the following US Acts emphasized a “risk-based policy for cost-effective security” and makes mandatory for agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the agency’s information security program and report the results to Office of Management and Budget?

 
 
 
 

Q85. Which of the following provides packet-level encryption between hosts in a LAN?

 
 
 
 

Q86. In which of the following scanning methods do Windows operating systems send only RST packets irrespective of whether the port is open or closed?

 
 
 
 

Q87. You want to perform passive footprinting against we-are-secure Inc. Web server. Which of the following tools will you
use?

 
 
 
 

Q88. Adam works as an Incident Handler for Umbrella Inc. His recent actions towards the incident are not up to the
standard norms of the company. He always forgets some steps and procedures while handling responses as they are
very hectic to perform.
Which of the following steps should Adam take to overcome this problem with the least administrative effort?

 
 
 
 

Q89. Choose the correct actions performed during the Eradication step of the incident handling process.

Q90. Which of the following ensures that a party to a dispute cannot deny the authenticity of their signature on a document or the sending of a message that they originated?

 
 
 
 

Q91. Choose and reorder the steps of an incident handling process in their correct order.

Q92. As a professional hacker, you want to crack the security of secureserver.com. For this, in the information gathering step, you performed scanning with the help of nmap utility to retrieve as many different protocols as possible being used by the secureserver.com so that you could get the accurate knowledge about what services were being used by the secure server.com. Which of the following nmap switches have you used to accomplish the task?

 
 
 
 

Q93. Adam, a malicious hacker purposely sends fragmented ICMP packets to a remote target. The total size of this ICMP
packet once reconstructed is over 65,536 bytes. On the basis of above information, which of the following types of
attack is Adam attempting to perform?

 
 
 
 

Q94. You work as a System Engineer for Cyber World Inc. Your company has a single Active Directory domain. All servers in the domain run Windows Server 2008. The Microsoft Hyper-V server role has been installed on one of the servers, namely uC1. uC1 hosts twelve virtual machines. You have been given the task to configure the Shutdown option for uC1, so that each virtual machine shuts down before the main Hyper-V server shuts down. Which of the following actions will you perform to accomplish the task?

 
 
 
 

Q95. Which of the following Linux rootkits allows an attacker to hide files, processes, and network connections?
Each correct answer represents a complete solution. Choose all that apply.

 
 
 
 

Q96. Adam has installed and configured his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Adam notices that when he uses his wireless connection, the speed is sometimes 16 Mbps and sometimes it is only 8 Mbps or less. Adam connects to the management utility wireless router and finds out that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router’s logs and notices that the unfamiliar machine has the same MAC address as his laptop.
Which of the following attacks has been occurred on the wireless network of Adam?

 
 
 
 

Q97. Which of the following incident response team members ensures that the policies of the organization are enforced during the incident response?

 
 
 
 

Q98. John works as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company uses Check Point SmartDefense to provide security to the network of the company. On the HTTP servers of the company, John defines a rule for dropping any kind of userdefined URLs. Which of the following types of attacks can be prevented by dropping the user-defined URLs?

 
 
 
 

Q99. Adam works as a Security administrator for Umbrella Inc. He runs the following traceroute and notices that hops 19 and 20 both show the same IP address.
1 172.16.1.254 (172.16.1.254) 0.724 ms 3.285 ms 0.613 ms 2 ip68-98-176-1.nv.nv.cox.net
(68.98.176.1)
12.169 ms 14.958 ms 13.416 ms 3 ip68-98-176-1.nv.nv.cox.net
(68.98.176.1)
13.948 ms ip68-100-0-1.nv.nv. cox.net (68.100.0.1) 16.743 ms 16.207 ms 4 ip68100-0-137.nv.nv.cox.net (68.100.0.137) 17.324 ms 13.933 ms 20.938 ms 5 68.1.1.4
(68.1.1.4) 12.439 ms 220.166 ms 204.170 ms
6 so-6-0-0.gar2.wdc1.Level3.net (67.29.170.1) 16.177 ms 25.943 ms 14.104 ms 7
unknown.Level3.net (209.247.9.173) 14.227 ms 17.553 ms 15.415 ms “PassGuide” – 8 so-0-10.bbr1.NewYork1.level3.net (64.159.1.41) 17.063 ms 20.960 ms 19.512 ms 9 so-7-0-0.gar1.
NewYork1.Level3.net (64.159.1.182) 20.334 ms 19.440 ms 17.938 ms 10 so-4-00.edge1.NewYork1.Level3.
net (209.244.17.74) 27.526 ms 18.317 ms 21.202 ms 11 uunet-level3oc48.NewYork1.Level3.net
(209.244.160.12) 21.411 ms 19.133 ms 18.830 ms 12 0.so-6-0-0.XL1.NYC4.ALTER.NET
(152.63.21.78)
21.203 ms 22.670 ms 20.111 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153) 30.929 ms 24.858 ms
23.108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 37.894 ms 33.244 ms
33.910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms
49.466 ms 16 0.so-3-0-0.XR1.MIA4.ALTER.
NET (152.63.101.41) 50.937 ms 49.005 ms 51.055 ms 17 117.ATM6- 0.GW5.MIA1.ALTER.NET
(152.63.82.73) 51.897 ms 50.280 ms 53.647 ms 18 PassGuidegw1. customer.alter.net
(65.195.239.14) 51.921 ms 51.571 ms 56.855 ms 19 www.PassGuide.com (65.195.239.22)
52.191 ms 52.571 ms 56.855 ms 20 www.PassGuide.com (65.195.239.22) 53.561 ms 54.121 ms 58.333 ms
Which of the following is the most like cause of this issue?

 
 
 
 

Q100. You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process to handle the events and incidents. You identify Denial of Service attack (DOS) from a network linked to your internal enterprise network. Which of the following phases of the Incident handling process should you follow next to handle this incident?

 
 
 
 

Q&As with Explanations Verified & Correct Answers: https://www.examslabs.com/GIAC/GIAC-Information-Security/best-GCIH-exam-dumps.html