The Up To The Immediate Present Guide To GCIH Question

NEW QUESTION 1
Which of the following incident response team members ensures that the policies of the organization are enforced during the incident response?

• A. Information Security representative
• B. Legal representative
• C. Human Resource
• D. Technical representative

Answer: C

NEW QUESTION 2
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server. The output of the scanning test is as follows:
C:\whisker.pl -h target_IP_address
-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =
= Host: target_IP_address
= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1
mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22
+ 200 OK: HEAD /cgi-bin/printenv
John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?
Each correct answer represents a complete solution. Choose all that apply.

• A. This vulnerability helps in a cross site scripting attack.
• B. 'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.
• C. The countermeasure to 'printenv' vulnerability is to remove the CGI script.
• D. With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.

Answer: ACD

NEW QUESTION 3
Which of the following statements are true about a keylogger?
Each correct answer represents a complete solution. Choose all that apply.

• A. It records all keystrokes on the victim's computer in a predefined log file.
• B. It can be remotely installed on a computer system.
• C. It is a software tool used to trace all or specific activities of a user on a computer.
• D. It uses hidden code to destroy or scramble data on the hard disk.

Answer: ABC

NEW QUESTION 4
Adam works as an Incident Handler for Umbrella Inc. He is informed by the senior authorities that the server of the marketing department has been affected by a malicious hacking attack. Supervisors are also claiming that some sensitive data are also stolen.
Adam immediately arrived to the server room of the marketing department and identified the event as an incident. He isolated the infected network from the remaining part of the network and started preparing to image the entire system. He captures volatile data, such as running process, ram, and network connections.
Which of the following steps of the incident handling process is being performed by Adam?

• A. Recovery
• B. Eradication
• C. Identification
• D. Containment

Answer: D

NEW QUESTION 5
Which of the following types of attacks slows down or stops a server by overloading it with requests?

• A. DoS attack
• B. Impersonation attack
• C. Network attack
• D. Vulnerability attack

Answer: A

NEW QUESTION 6
Which of the following netcat parameters makes netcat a listener that automatically restarts itself when a connection is dropped?

• A. -u
• B. -l
• C. -p
• D. -L

Answer: D

NEW QUESTION 7
Which of the following can be used to perform session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

• A. Cross-site scripting
• B. Session fixation
• C. ARP spoofing
• D. Session sidejacking

Answer: ABD

NEW QUESTION 8
Your IDS discovers that an intruder has gained access to your system. You immediately stop that access, change passwords for administrative accounts, and secure your network. You discover an odd account (not administrative) that has permission to remotely access the network. What is this most likely?

• A. An example of privilege escalation.
• B. A normal account you simply did not notice befor
• C. Large networks have a number of accounts; it is hard to track them all.
• D. A backdoor the intruder created so that he can re-enter the network.
• E. An example of IP spoofing.

Answer: C

NEW QUESTION 9
Peter works as a Network Administrator for the Exambible Inc. The company has a Windows- based network. All client computers run the Windows XP operating system. The employees of the company complain that suddenly all of the client computers have started working slowly. Peter finds that a malicious hacker is attempting to slow down the computers by flooding the network with a large number of requests. Which of the following attacks is being implemented by the malicious hacker?

• A. SQL injection attack
• B. Denial-of-Service (DoS) attack
• C. Man-in-the-middle attack
• D. Buffer overflow attack

Answer: B

NEW QUESTION 10
Maria works as the Chief Security Officer for Exambible Inc. She wants to send secret messages to the CEO of the company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Maria using?

• A. Steganography
• B. Public-key cryptography
• C. RSA algorithm
• D. Encryption

Answer: A

NEW QUESTION 11
Which of the following statements are true about firewalking?
Each correct answer represents a complete solution. Choose all that apply.

• A. To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall.
• B. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.
• C. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall.
• D. Firewalking works on the UDP packets.

Answer: ABC

NEW QUESTION 12
Which of the following types of channels is used by Trojans for communication?

• A. Loop channel
• B. Open channel
• C. Covert channel
• D. Overt channel

Answer: C

NEW QUESTION 13
You are hired as a Database Administrator for Jennifer Shopping Cart Inc. You monitor the server health through the System Monitor and found that there is a sudden increase in the number of logins.
A case study is provided in the exhibit. Which of the following types of attack has occurred? (Click the Exhibit button on the toolbar to see the case study.)

• A. Injection
• B. Virus
• C. Worm
• D. Denial-of-service

Answer: D

NEW QUESTION 14
Adam has installed and configured his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Adam notices that when he uses his wireless connection, the speed is sometimes 16 Mbps and sometimes it is only 8 Mbps or less. Adam connects to the management utility wireless router and finds out that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has the same MAC address as his laptop.
Which of the following attacks has been occurred on the wireless network of Adam?

• A. NAT spoofing
• B. DNS cache poisoning
• C. MAC spoofing
• D. ARP spoofing

Answer: C

NEW QUESTION 15
You want to integrate the Nikto tool with nessus vulnerability scanner. Which of the following steps will you take to accomplish the task?
Each correct answer represents a complete solution. Choose two.

• A. Place nikto.pl file in the /etc/nessus directory.
• B. Place nikto.pl file in the /var/www directory.
• C. Place the directory containing nikto.pl in root's PATH environment variable.
• D. Restart nessusd service.

Answer: CD

NEW QUESTION 16
......