1. Home
  2. GIAC
  3. GCIH

GIAC Certified Incident Handler

Exam Details

  • Exam Code
    :GCIH
  • Exam Name
    :GIAC Certified Incident Handler
  • Certification
    :GIAC Information Security
  • Vendor
    :GIAC
  • Total Questions
    :705 Q&As
  • Last Updated
    :Apr 20, 2024

GIAC GIAC Information Security GCIH Questions & Answers

  • Question 1:

    What is an alternate data stream?

    A. A file stream on an NTFS partition

    B. Encoded text within an image file

    C. The Volume Shadow Copy version of a file

    D. A secondary file stream on a FAT partition

  • Question 2:

    How would an attacker hide an executable from being viewed by Windows Explorer?

    A. Rename it to `.. `

    B. Change the extension from .exe to .dll

    C. Encrypt it with RC4

    D. Place it into an ADS of a .txt file

  • Question 3:

    When switching traffic on a LAN, what element of the Ethernet frame does a switch use to make its decision on where to send the data?

    A. Destination IP address

    B. Destination MAC address

    C. Destination ARP response

    D. Source DHCP packet

  • Question 4:

    Which of the following Volatility commands will display the date and time an image was collected?

    A. python vol.py -f Win2k12x64.vmsn --profile=Win2012R2x64 --kdbg=0xf800f17dd9b0 timeliner --type=_CMHIVE

    B. python vol.py -f ~/Desktop/win7_trial_64bit.raw imageinfo

    C. python vol.py -f ~/Desktop/win7_trial_64bit.raw --profile=Win7SP0x64 printkey -K "Microsoft\Security Center\Svc"

    D. python vol.py -f win7.vmem --profile=Win7SP0x86 userassist

  • Question 5:

    What information will be returned when an administrator executes the command below? # last -f /var/log/btmp

    A. See successful logins

    B. Erase bash history

    C. Delete failed login logs

    D. See failed logins

  • Question 6:

    During the identification phase of a Web server compromise, you notice the following entries in the web server logs. If "admin" is a valid username, but its corresponding password is not "pass1", and "root" is not a valid username, what can you infer solely from these logs?

    A. This is a web spidering attack using wget

    B. This is an account harvesting attack

    C. This is a session hijacking attack

    D. This is a password brute-forcing attack

  • Question 7:

    What is the goal of an attacker who has entered the commands shown in the screenshot?

    A. Enumerate listening ports on the target machine

    B. Create a mountable snapshot to access older versions of the filesystem

    C. Gather password and hash data for off-line cracking

    D. Corrupt system backups

  • Question 8:

    Which of the following packets saved in the file pingout.pcap would be returned with the following Berkley Packet Filters?

    tcpdump -nn -r pingout.pcap `icmp and (dst host 8.8.8.8)'

    A. 09:31:00.928389 IP 192.168.1.14.63263 > 8.8.8.8.33595: UDP, length 24

    B. 08:54:07.451392 IP 8.8.8.8 > 192.168.1.14: ICMP echo reply, id 36234, seq 3, length 64

    C. 09:06:09.085200 IP 192.168.1.14.49655 > 8.8.8.8.22: Flags [S], seq 2144394082, win 65535, options [mss 1460,sackOK,eol], length 0

    D. 08:54:07.424996 IP 192.168.1.14 > 8.8.8.8: ICMP echo request, id 36234, seq 3, length 64

  • Question 9:

    What is one of the simplest AND most common ways for an attacker to camouflage files on a UNIX system?

    A. Use S-Tools to embed the files into a graphic image

    B. Run "chmod 600" on the files to be hidden

    C. Use a dot-space or dot-dot-space as the file or directory name

    D. Insert the data into an alternate data stream using the colon (:)

    E. Install a kernel-level rootkit

  • Question 10:

    Which file contains information about failed login attempts on a Unix system?

    A. ctmp

    B. wtmp

    C. btmp

    D. utmp

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GIAC exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your GCIH exam preparations and GIAC certification application, do not hesitate to visit our Vcedump.com to find your solutions here.