This page was exported from Exams Labs Braindumps [ http://blog.examslabs.com ] Export date:Sun Nov 24 0:18:14 2024 / +0000 GMT ___________________________________________________ Title: GCIH Practice Exams and Training Solutions for Certifications [Q80-Q100] --------------------------------------------------- GCIH Practice Exams and Training Solutions for Certifications Dumps Free Test Engine Player Verified Answers GIAC GCIH Exam is an essential certification for individuals who want to pursue a career in incident handling and response. GIAC Certified Incident Handler certification validates the skills and knowledge of individuals in detecting, responding, and resolving security incidents. It is a globally recognized certification and is a valuable credential in the cybersecurity industry. GIAC Certified Incident Handler certification is beneficial for professionals working in security operations centers, incident response teams, or cybersecurity consulting firms. GIAC GCIH Exam Syllabus Topics: TopicDetailsMetasploit- The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against the use of Metasploit.Endpoint Attacks and Pivoting- The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against attacks against endpoints and attack pivoting.Scanning and Mapping- The candidate will demonstrate an understanding the fundamentals of how to identify, defend against, and mitigate against scanning; to discover and map networks and hosts, and reveal services and vulnerabilities.Reconnaissance and Open-Source Intelligence- The candidate will demonstrate an understanding of how to identify, defend against, and mitigate public and open source reconnaissance techniques.Netcat- The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against the use of covert tools such as netcat.Web App Attacks- The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against Web Application Attacks.Memory and Malware Investigations- The candidate will demonstrate an understanding of the steps necessary to perform basic memory forensics, including collection and analysis of processes and network connections and basic malware analysis.Domain Attacks- The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against Domain attacks in Windows environments.Network Investigations- The candidate will demonstrate an understanding of the steps necessary to perform effective digital investigations of network data.Covering Tracks on Hosts- The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against methods attackers use to remove evidence of compromise on hosts.Drive-By Attacks- The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against drive-by attacks in modern environments.Covering Tracks on the Network- The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against methods attackers use to remove evidence of compromise on the network.SMB Scanning- The candidate will demonstrate an understanding of how to identify, defend against, and mitigate reconnaissance and scanning of SMB services.Password Attacks- The candidate will demonstrate a detailed understanding of the three methods of password cracking.Incident Handling and Digital Investigations- The candidate will demonstrate an understanding of what Incident Handling is, why it is important, an understanding of the PICERL incident handling process, and industry best practices in Incident Handling and Digital Investigations. GIAC GCIH certification is a valuable certification for professionals who want to advance their careers in incident handling and response. GIAC Certified Incident Handler certification not only validates the candidate's knowledge and skills but also demonstrates their commitment to the field of incident handling. The GCIH certification is recognized by employers worldwide and is often required for positions in incident handling and response. Overall, the GIAC GCIH certification exam is an excellent choice for professionals who want to enhance their skills and knowledge in incident handling and response and validate their expertise in the field.   Q80. Which of the following commands is used to access Windows resources from Linux workstation?  mutt  scp  rsync  smbclient Section: Volume AQ81. Which of the following threats is a combination of worm, virus, and Trojan horse characteristics?  Spyware  Heuristic  Blended  Rootkits Q82. Adam works as a Security Administrator for the Umbrella Inc. A project has been assigned to him to strengthen the security policies of the company, including its password policies. However, due to some old applications, Adam is only able to enforce a password group policy in Active Directory with a minimum of 10 characters. He informed the employees of the company, that the new password policy requires that everyone must have complex passwords with at least 14 characters. Adam wants to ensure that everyone is using complex passwords that meet the new security policy requirements. He logged on to one of the network’s domain controllers and runs the following command:Which of the following actions will this command take?  Dumps the SAM password hashes to pwd.txt  Dumps the SAM password file to pwd.txt  Dumps the Active Directory password hashes to pwd.txt  The password history file is transferred to pwd.txt Section: Volume BQ83. You want to integrate the Nikto tool with nessus vulnerability scanner. Which of the following steps will you take to accomplish the task?Each correct answer represents a complete solution. Choose two.  Place nikto.pl file in the /etc/nessus directory.  Place nikto.pl file in the /var/www directory.  Place the directory containing nikto.pl in root’s PATH environment variable.  Restart nessusd service. Q84. Which of the following US Acts emphasized a “risk-based policy for cost-effective security” and makes mandatory for agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the agency’s information security program and report the results to Office of Management and Budget?  The Electronic Communications Privacy Act of 1986 (ECPA)  The Fair Credit Reporting Act (FCRA)  The Equal Credit Opportunity Act (ECOA)  Federal Information Security Management Act of 2002 (FISMA) Q85. Which of the following provides packet-level encryption between hosts in a LAN?  PPTP  IPsec  PFS  Tunneling protocol Section: Volume CQ86. In which of the following scanning methods do Windows operating systems send only RST packets irrespective of whether the port is open or closed?  TCP FIN  FTP bounce  XMAS  TCP SYN Q87. You want to perform passive footprinting against we-are-secure Inc. Web server. Which of the following tools will youuse?  Nmap  Ethereal  Ettercap  Netcraft Q88. Adam works as an Incident Handler for Umbrella Inc. His recent actions towards the incident are not up to thestandard norms of the company. He always forgets some steps and procedures while handling responses as they arevery hectic to perform.Which of the following steps should Adam take to overcome this problem with the least administrative effort?  Create incident manual read it every time incident occurs.  Appoint someone else to check the procedures.  Create incident checklists.  Create new sub-team to keep check. Q89. Choose the correct actions performed during the Eradication step of the incident handling process. Q90. Which of the following ensures that a party to a dispute cannot deny the authenticity of their signature on a document or the sending of a message that they originated?  OS fingerprinting  Reconnaissance  Non-repudiation  Confidentiality Q91. Choose and reorder the steps of an incident handling process in their correct order. Q92. As a professional hacker, you want to crack the security of secureserver.com. For this, in the information gathering step, you performed scanning with the help of nmap utility to retrieve as many different protocols as possible being used by the secureserver.com so that you could get the accurate knowledge about what services were being used by the secure server.com. Which of the following nmap switches have you used to accomplish the task?  nmap -vO  nmap -sS  nmap -sT  nmap -sO Section: Volume BQ93. Adam, a malicious hacker purposely sends fragmented ICMP packets to a remote target. The total size of this ICMPpacket once reconstructed is over 65,536 bytes. On the basis of above information, which of the following types ofattack is Adam attempting to perform?  Fraggle attack  Ping of death attack  SYN Flood attack  Land attack Q94. You work as a System Engineer for Cyber World Inc. Your company has a single Active Directory domain. All servers in the domain run Windows Server 2008. The Microsoft Hyper-V server role has been installed on one of the servers, namely uC1. uC1 hosts twelve virtual machines. You have been given the task to configure the Shutdown option for uC1, so that each virtual machine shuts down before the main Hyper-V server shuts down. Which of the following actions will you perform to accomplish the task?  Enable the Shut Down the Guest Operating System option in the Automatic Stop Action Properties on each virtual machine.  Manually shut down each of the guest operating systems before the server shuts down.  Create a batch file to shut down the guest operating system before the server shuts down.  Create a logon script to shut down the guest operating system before the server shuts down. Q95. Which of the following Linux rootkits allows an attacker to hide files, processes, and network connections?Each correct answer represents a complete solution. Choose all that apply.  Phalanx2  Beastkit  Adore  Knark Q96. Adam has installed and configured his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Adam notices that when he uses his wireless connection, the speed is sometimes 16 Mbps and sometimes it is only 8 Mbps or less. Adam connects to the management utility wireless router and finds out that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router’s logs and notices that the unfamiliar machine has the same MAC address as his laptop.Which of the following attacks has been occurred on the wireless network of Adam?  NAT spoofing  DNS cache poisoning  MAC spoofing  ARP spoofing Section: Volume AQ97. Which of the following incident response team members ensures that the policies of the organization are enforced during the incident response?  Information Security representative  Legal representative  Human Resource  Technical representative Q98. John works as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company uses Check Point SmartDefense to provide security to the network of the company. On the HTTP servers of the company, John defines a rule for dropping any kind of userdefined URLs. Which of the following types of attacks can be prevented by dropping the user-defined URLs?  Morris worm  Code red worm  Hybrid attacks  PTC worms and mutations Section: Volume BQ99. Adam works as a Security administrator for Umbrella Inc. He runs the following traceroute and notices that hops 19 and 20 both show the same IP address.1 172.16.1.254 (172.16.1.254) 0.724 ms 3.285 ms 0.613 ms 2 ip68-98-176-1.nv.nv.cox.net(68.98.176.1)12.169 ms 14.958 ms 13.416 ms 3 ip68-98-176-1.nv.nv.cox.net(68.98.176.1)13.948 ms ip68-100-0-1.nv.nv. cox.net (68.100.0.1) 16.743 ms 16.207 ms 4 ip68100-0-137.nv.nv.cox.net (68.100.0.137) 17.324 ms 13.933 ms 20.938 ms 5 68.1.1.4(68.1.1.4) 12.439 ms 220.166 ms 204.170 ms6 so-6-0-0.gar2.wdc1.Level3.net (67.29.170.1) 16.177 ms 25.943 ms 14.104 ms 7unknown.Level3.net (209.247.9.173) 14.227 ms 17.553 ms 15.415 ms “PassGuide” – 8 so-0-10.bbr1.NewYork1.level3.net (64.159.1.41) 17.063 ms 20.960 ms 19.512 ms 9 so-7-0-0.gar1.NewYork1.Level3.net (64.159.1.182) 20.334 ms 19.440 ms 17.938 ms 10 so-4-00.edge1.NewYork1.Level3.net (209.244.17.74) 27.526 ms 18.317 ms 21.202 ms 11 uunet-level3oc48.NewYork1.Level3.net(209.244.160.12) 21.411 ms 19.133 ms 18.830 ms 12 0.so-6-0-0.XL1.NYC4.ALTER.NET(152.63.21.78)21.203 ms 22.670 ms 20.111 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153) 30.929 ms 24.858 ms23.108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 37.894 ms 33.244 ms33.910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms49.466 ms 16 0.so-3-0-0.XR1.MIA4.ALTER.NET (152.63.101.41) 50.937 ms 49.005 ms 51.055 ms 17 117.ATM6- 0.GW5.MIA1.ALTER.NET(152.63.82.73) 51.897 ms 50.280 ms 53.647 ms 18 PassGuidegw1. customer.alter.net(65.195.239.14) 51.921 ms 51.571 ms 56.855 ms 19 www.PassGuide.com (65.195.239.22)52.191 ms 52.571 ms 56.855 ms 20 www.PassGuide.com (65.195.239.22) 53.561 ms 54.121 ms 58.333 msWhich of the following is the most like cause of this issue?  An application firewall  Intrusion Detection System  Network Intrusion system  A stateful inspection firewall Topic 2, Volume BQ100. You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process to handle the events and incidents. You identify Denial of Service attack (DOS) from a network linked to your internal enterprise network. Which of the following phases of the Incident handling process should you follow next to handle this incident?  Containment  Preparation  Recovery  Identification  Loading … Q&As with Explanations Verified & Correct Answers: https://www.examslabs.com/GIAC/GIAC-Information-Security/best-GCIH-exam-dumps.html --------------------------------------------------- Images: https://blog.examslabs.com/wp-content/plugins/watu/loading.gif https://blog.examslabs.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-08-19 16:05:23 Post date GMT: 2023-08-19 16:05:23 Post modified date: 2023-08-19 16:05:23 Post modified date GMT: 2023-08-19 16:05:23