[Free] 2017(Sep) CollectDumps Dumpsleader GIAC GCIH Dumps with VCE and PDF 91-100

CollectDumps 2017 Sep GIAC Official New Released GCIH
100% Free Download! 100% Pass Guaranteed!
http://www.CollectDumps.com/GCIH.html

GIAC Certified Incident Handler

Question No: 91 – (Topic 1)

Your network is being flooded by ICMP packets. When you trace them down they come from multiple different IP addresses. What kind of attack is this?

  1. Syn flood

  2. Ping storm

  3. Smurf attack

  4. DDOS

Answer: D

Question No: 92 – (Topic 1)

Which of the following malicious software travels across computer networks without the assistance of a user?

  1. Worm

  2. Virus

  3. Hoax

  4. Trojan horses

Answer: A

Question No: 93 – (Topic 1)

John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure Website login page,

he enters =#39;or#39;#39;=#39; as a username and successfully logs on to the user page of the Web site. Now, John asks the we-aresecure Inc. to improve the login page PHP script. Which of the following suggestions can John give to improve the security of the we-are-secure Website login page from the SQL injection attack?

  1. Use the escapeshellarg() function

  2. Use the session_regenerate_id() function

  3. Use the mysql_real_escape_string() function for escaping input

  4. Use the escapeshellcmd() function

Answer: C

Question No: 94 – (Topic 1)

Which of the following is spy software that records activity on Macintosh systems via snapshots, keystrokes, and Web site logging?

  1. Spector

  2. Magic Lantern

  3. eblaster

  4. NetBus

Answer: A

Question No: 95 – (Topic 1)

In which of the following DoS attacks does an attacker send an ICMP packet larger than 65,536 bytes to the target system?

  1. Ping of death

  2. Jolt

  3. Fraggle

  4. Teardrop

Answer: A

Question No: 96 – (Topic 1)

Jason, a Malicious Hacker, is a student of Baker university. He wants to perform remote hacking on the server of DataSoft Inc. to hone his hacking skills. The company has a Windows-based network. Jason successfully enters the target system remotely by using the advantage of vulnerability. He places a Trojan to maintain future access and then disconnects the remote session. The employees of the company complain to Mark, who works as a Professional Ethical Hacker for DataSoft Inc., that some computers are very slow. Mark diagnoses the network and finds that some irrelevant log files and signs of Trojans are present on the computers. He suspects that a malicious hacker has accessed the network. Mark takes the help from Forensic Investigators and catches Jason.

Which of the following mistakes made by Jason helped the Forensic Investigators catch him?

  1. Jason did not perform a vulnerability assessment.

  2. Jason did not perform OS fingerprinting.

  3. Jason did not perform foot printing.

  4. Jason did not perform covering tracks.

  5. Jason did not perform port scanning.

Answer: D

Question No: 97 – (Topic 1)

Which of the following statements about a Trojan horse are true? Each correct answer represents a complete solution. Choose two.

  1. It is a macro or script that attaches itself to a file or template.

  2. The writers of a Trojan horse can use it later to gain unauthorized access to a computer.

  3. It is a malicious software program code that resembles another normal program.

  4. It infects the boot record on hard disks and floppy disks.

Answer: B,C

Question No: 98 – (Topic 1)

Which of the following attacks is specially used for cracking a password?

  1. PING attack

  2. Dictionary attack

  3. Vulnerability attack

  4. DoS attack

Answer: B

Topic 2, Volume B

Question No: 99 – (Topic 2)

You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries. But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be involved in resolving this process and find a solution?

Each correct answer represents a part of the solution. Choose all that apply.

  1. Eradication

  2. Contamination

  3. Preparation

  4. Recovery

  5. Identification

Answer: A,B,D

Question No: 100 – (Topic 2)

John works as a Network Administrator for Perfect Solutions Inc. The company has a

Linux-based network. The company is aware of various types of security attacks and wants to impede them. Hence, management has assigned John a project to port scan the company#39;s Web Server. For this, he uses the nmap port scanner and issues the following command to perform idle port scanning:

nmap -PN -p- -sI IP_Address_of_Company_Server

He analyzes that the server#39;s TCP ports 21, 25, 80, and 111 are open.

Which of the following security policies is the company using during this entire process to

mitigate the risk of hacking attacks?

  1. Non-disclosure agreement

  2. Antivirus policy

  3. Acceptable use policy

  4. Audit policy

Answer: D

100% Free Download!
Download Free Demo:GCIH Demo PDF
100% Pass Guaranteed!
Download 2017 CollectDumps GCIH Full Exam PDF and VCE

CollectDumps ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 CollectDumps IT Certification PDF and VCE