Most Up-to-date GCIH Prep For GIAC Certified Incident Handler Certification

NEW QUESTION 1
Adam works as a Senior Programmer for Umbrella Inc. A project has been assigned to him to write a short program to gather user input for a Web application. He wants to keep his program neat and simple. His chooses to use printf(str) where he should have ideally used printf("%s", str).
What attack will his program expose the Web application to?

• A. Format string attack
• B. Cross Site Scripting attack
• C. SQL injection attack
• D. Sequence++ attack

Answer: A

NEW QUESTION 2
In which of the following attacks does an attacker use packet sniffing to read network traffic between two parties to steal the session cookie?

• A. Session fixation
• B. Cross-site scripting
• C. Session sidejacking
• D. ARP spoofing

Answer: C

NEW QUESTION 3
Which of the following types of attack can guess a hashed password?

• A. Brute force attack
• B. Evasion attack
• C. Denial of Service attack
• D. Teardrop attack

Answer: A

NEW QUESTION 4
Adam works as a Penetration Tester for Umbrella Inc. A project has been assigned to him check the security of wireless network of the company. He re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Adam assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs.
Which of the following types of attack is Adam performing?

• A. Replay attack
• B. MAC Spoofing attack
• C. Caffe Latte attack
• D. Network injection attack

Answer: A

NEW QUESTION 5
John works as a Network Administrator for We-are-secure Inc. He finds that TCP port 7597 of the Weare- secure server is open. He suspects that it may be open due to a Trojan installed on the server. He presents a report to the company describing the symptoms of the Trojan. A summary of the report is given below:
Once this Trojan has been installed on the computer, it searches Notpad.exe, renames it Note.com, and then copies itself to the computer as Notepad.exe. Each time Notepad.exe is executed, the Trojan executes and calls the original Notepad to avoid being noticed.
Which of the following Trojans has the symptoms as the one described above?

• A. NetBus
• B. Qaz
• C. eBlaster
• D. SubSeven

Answer: B

NEW QUESTION 6
Which of the following is the process of comparing cryptographic hash functions of system executables and configuration files?

• A. Shoulder surfing
• B. File integrity auditing
• C. Reconnaissance
• D. Spoofing

Answer: B

NEW QUESTION 7
Which of the following is a reason to implement security logging on a DNS server?

• A. For preventing malware attacks on a DNS server
• B. For measuring a DNS server's performance
• C. For monitoring unauthorized zone transfer
• D. For recording the number of queries resolved

Answer: C

NEW QUESTION 8
Which of the following can be used as a countermeasure against the SQL injection attack?
Each correct answer represents a complete solution. Choose two.

• A. mysql_real_escape_string()
• B. session_regenerate_id()
• C. mysql_escape_string()
• D. Prepared statement

Answer: AD

NEW QUESTION 9
You run the following PHP script:
<?php $name = mysql_real_escape_string($_POST["name"]);
$password = mysql_real_escape_string($_POST["password"]); ?>
What is the use of the mysql_real_escape_string() function in the above script.
Each correct answer represents a complete solution. Choose all that apply.

• A. It can be used to mitigate a cross site scripting attack.
• B. It can be used as a countermeasure against a SQL injection attack.
• C. It escapes all special characters from strings $_POST["name"] and $_POST["password"] except ' and ".
• D. It escapes all special characters from strings $_POST["name"] and $_POST["password"].

Answer: BD

NEW QUESTION 10
Which of the following is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic?

• A. Klez
• B. Code red
• C. SQL Slammer
• D. Beast

Answer: C

NEW QUESTION 11
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?

• A. Replay
• B. Firewalking
• C. Session fixation
• D. Cross site scripting

Answer: A

NEW QUESTION 12
Which of the following is a process of searching unauthorized modems?

• A. Espionage
• B. Wardialing
• C. System auditing
• D. Scavenging

Answer: B

NEW QUESTION 13
Many organizations create network maps of their network system to visualize the network and understand the relationship between the end devices and the transport layer that provide services.
Which of the following are the techniques used for network mapping by large organizations?
Each correct answer represents a complete solution. Choose three.

• A. Packet crafting
• B. Route analytics
• C. SNMP-based approaches
• D. Active Probing

Answer: BCD

NEW QUESTION 14
Which of the following types of attacks is the result of vulnerabilities in a program due to poor programming techniques?

• A. Evasion attack
• B. Denial-of-Service (DoS) attack
• C. Ping of death attack
• D. Buffer overflow attack

Answer: D

NEW QUESTION 15
Which of the following malicious software travels across computer networks without the assistance of a user?

• A. Worm
• B. Virus
• C. Hoax
• D. Trojan horses

Answer: A

NEW QUESTION 16
......