GIAC Certified Incident Handler v1.0

Page:    1 / 47   
Exam contains 708 questions

You want to scan your network quickly to detect live hosts by using ICMP ECHO Requests. What type of scanning will you perform to accomplish the task?

  • A. Idle scan
  • B. TCP SYN scan
  • C. XMAS scan
  • D. Ping sweep scan


Answer : D

Adam, a malicious hacker is running a scan. Statistics of the scan is as follows:
Scan directed at open port: ClientServer
192.5.2.92:4079 ---------FIN--------->192.5.2.110:23192.5.2.92:4079 <----NO RESPONSE---
---192.5.2.110:23
Scan directed at closed port:

ClientServer -
192.5.2.92:4079 ---------FIN--------->192.5.2.110:23
192.5.2.92:4079<-----RST/ACK----------192.5.2.110:23
Which of the following types of port scan is Adam running?

  • A. ACK scan
  • B. FIN scan
  • C. XMAS scan
  • D. Idle scan


Answer : B

Which of the following is a network worm that exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system?

  • A. Win32/Agent
  • B. WMA/TrojanDownloader.GetCodec
  • C. Win32/Conflicker
  • D. Win32/PSW.OnLineGames


Answer : C

Which of the following statements are true about netcat?
Each correct answer represents a complete solution. (Choose all that apply.)

  • A. It provides special tunneling, such as UDP to TCP, with the possibility of specifying all network parameters.
  • B. It can be used as a file transfer solution.
  • C. It provides outbound and inbound connections for TCP and UDP ports.
  • D. The nc -z command can be used to redirect stdin/stdout from a program.


Answer : ABC

Which of the following types of attacks is mounted with the objective of causing a negative impact on the performance of a computer or network?

  • A. Vulnerability attack
  • B. Man-in-the-middle attack
  • C. Denial-of-Service (DoS) attack
  • D. Impersonation attack


Answer : C

Which of the following refers to the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system?

  • A. Piggybacking
  • B. Hacking
  • C. Session hijacking
  • D. Keystroke logging


Answer : C

Which of the following malicious software travels across computer networks without the assistance of a user?

  • A. Worm
  • B. Virus
  • C. Hoax
  • D. Trojan horses


Answer : A

What is the major difference between a worm and a Trojan horse?

  • A. A worm spreads via e-mail, while a Trojan horse does not.
  • B. A worm is a form of malicious program, while a Trojan horse is a utility.
  • C. A worm is self replicating, while a Trojan horse is not.
  • D. A Trojan horse is a malicious program, while a worm is an anti-virus software.


Answer : C

Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to test the network security of the company. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a company's icon to mark the progress of the test. Adam successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access.
How was security compromised and how did the firewall respond?

  • A. The attack was social engineering and the firewall did not detect it.
  • B. Security was not compromised as the webpage was hosted internally.
  • C. The attack was Cross Site Scripting and the firewall blocked it.
  • D. Security was compromised as keylogger is invisible for firewall.


Answer : A

You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 Active Directory-based single domain single forest network. The company has three Windows 2008 file servers, 150 Windows XP Professional, thirty UNIX-based client computers. The network users have identical user accounts for both Active Directory and the UNIX realm. You want to ensure that the UNIX clients on the network can access the file servers. You also want to ensure that the users are able to access all resources by logging on only once, and that no additional software is installed on the UNIX clients.
What will you do to accomplish this task?
Each correct answer represents a part of the solution. (Choose two.)

  • A. Configure a distributed file system (Dfs) on the file server in the network.
  • B. Enable the Network File System (NFS) component on the file servers in the network.
  • C. Configure ADRMS on the file servers in the network.
  • D. Enable User Name Mapping on the file servers in the network.


Answer : BD

Which of the following methods can be used to detect session hijacking attack?

  • A. nmap
  • B. Brutus
  • C. ntop
  • D. sniffer


Answer : D

Adam works as a Network Administrator for PassGuide Inc. He wants to prevent the network from DOS attacks. Which of the following is most useful against DOS attacks?

  • A. SPI
  • B. Distributive firewall
  • C. Honey Pot
  • D. Internet bot


Answer : A

Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except the ports that must be used. He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about the programs like Hping2 that can get into a network through covert channels.
Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?

  • A. Block all outgoing traffic on port 21
  • B. Block all outgoing traffic on port 53
  • C. Block ICMP type 13 messages
  • D. Block ICMP type 3 messages


Answer : C

Which of the following are types of access control attacks?
Each correct answer represents a complete solution. (Choose all that apply.)

  • A. Spoofing
  • B. Brute force attack
  • C. Dictionary attack
  • D. Mail bombing


Answer : ABC

Which of the following attacks come under the category of layer 2 Denial-of-Service attacks?
Each correct answer represents a complete solution. (Choose all that apply.)

  • A. Spoofing attack
  • B. SYN flood attack
  • C. Password cracking
  • D. RF jamming attack


Answer : AB

Page:    1 / 47   
Exam contains 708 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.