GIAC Certified Incident Handler v7.1

Page:    1 / 22   
Exam contains 328 questions
Expand All

Which of the following tools combines two programs, and also encrypts the resulting package in an attempt to foil antivirus programs?

  • A. Trojan Man
  • B. EliteWrap
  • C. Tiny
  • D. NetBus


Answer : A

You run the following command while using Nikto Web scanner:
perl nikto.pl -h 192.168.0.1 -p 443
What action do you want to perform?

  • A. Using it as a proxy server
  • B. Updating Nikto
  • C. Seting Nikto for network sniffing
  • D. Port scanning


Answer : D

Adam works as an Incident Handler for Umbrella Inc. His recent actions towards the incident are not up to the standard norms of the company. He always forgets some steps and procedures while handling responses as they are very hectic to perform.
Which of the following steps should Adam take to overcome this problem with the least administrative effort?

  • A. Create incident manual read it every time incident occurs.
  • B. Appoint someone else to check the procedures.
  • C. Create incident checklists.
  • D. Create new sub-team to keep check.


Answer : C

You work as a System Engineer for Cyber World Inc. Your company has a single Active server role has been installed on one of the servers, namely uC1. uC1 hosts twelve virtual machines. You have been given the task to configure the Shutdown option for uC1, so that each virtual machine shuts down before the main Hyper-V server shuts down.
Which of the following actions will you perform to accomplish the task?

  • A. Enable the Shut Down the Guest Operating System option in the Automatic Stop Action Properties on each virtual machine.
  • B. Manually shut down each of the guest operating systems before the server shuts down.
  • C. Create a batch file to shut down the guest operating system before the server shuts down.
  • D. Create a logon script to shut down the guest operating system before the server shuts down.


Answer : A

Which of the following types of attack can guess a hashed password?

  • A. Brute force attack
  • B. Evasion attack
  • C. Denial of Service attack
  • D. Teardrop attack


Answer : A

In which of the following scanning methods do Windows operating systems send only RST packets irrespective of whether the port is open or closed?

  • A. TCP FIN
  • B. FTP bounce
  • C. XMAS
  • D. TCP SYN


Answer : A

Which of the following commands is used to access Windows resources from Linux workstation?

  • A. mutt
  • B. scp
  • C. rsync
  • D. smbclient


Answer : D

Which of the following functions can be used as a countermeasure to a Shell Injection attack?
Each correct answer represents a complete solution. Choose all that apply.

  • A. escapeshellarg()
  • B. mysql_real_escape_string()
  • C. regenerateid()
  • D. escapeshellcmd()


Answer : A,D

Which of the following types of attacks is the result of vulnerabilities in a program due to poor programming techniques?

  • A. Evasion attack
  • B. Denial-of-Service (DoS) attack
  • C. Ping of death attack
  • D. Buffer overflow attack


Answer : D

You see the career section of a company's Web site and analyze the job profile requirements. You conclude that the company wants professionals who have a sharp knowledge of Windows server 2003 and Windows active directory installation and placement. Which of the following steps are you using to perform hacking?

  • A. Scanning
  • B. Covering tracks
  • C. Reconnaissance
  • D. Gaining access


Answer : C

Which of the following applications is an example of a data-sending Trojan?

  • A. SubSeven
  • B. Senna Spy Generator
  • C. Firekiller 2000
  • D. eBlaster


Answer : D

In which of the following attacking methods does an attacker distribute incorrect IP address?

  • A. IP spoofing
  • B. Mac flooding
  • C. DNS poisoning
  • D. Man-in-the-middle


Answer : C

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. On the We-are-secure login page, he enters ='or''=' as a username and successfully logs in to the user page of the Web site.
The we-are-secure login page is vulnerable to a __________.

  • A. Dictionary attack
  • B. SQL injection attack
  • C. Replay attack
  • D. Land attack


Answer : B

Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?

  • A. Rainbow attack
  • B. Brute Force attack
  • C. Dictionary attack
  • D. Hybrid attack


Answer : A

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We- are-secure server. The output of the scanning test is as follows:
C:\whisker.pl -h target_IP_address
-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =
= Host: target_IP_address
= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1
mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22
+ 200 OK: HEAD /cgi-bin/printenv
John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the
We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?
Each correct answer represents a complete solution. Choose all that apply.

  • A. This vulnerability helps in a cross site scripting attack.
  • B. 'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.
  • C. The countermeasure to 'printenv' vulnerability is to remove the CGI script.
  • D. With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.


Answer : A,C,D

Page:    1 / 22   
Exam contains 328 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]