1. Home
  2. GIAC
  3. GCIH

GIAC Certified Incident Handler

Exam Details

  • Exam Code
    :GCIH
  • Exam Name
    :GIAC Certified Incident Handler
  • Certification
    :GIAC Information Security
  • Vendor
    :GIAC
  • Total Questions
    :705 Q&As
  • Last Updated
    :May 14, 2024

GIAC GIAC Information Security GCIH Questions & Answers

  • Question 21:

    Which of the following user accounts is the default Administrator account?

    A. JustAnotherUser

    B. JoePowershell

    C. JaneSamba

    D. JeremyIIS

  • Question 22:

    What request methods are exploited in a Lanturtle + Responder access attack?

    A. HTTP

    B. ICMP echo

    C. DNS

    D. TCP

  • Question 23:

    A system administrator finds the entry below in an Apache log. What can be done to mitigate against this?

    192.168.116.201 - - [22/Apr/2016:13:43:26 -0400] "GET http://www.giac.org%2Farticles.php%3Fid%3D3+and+%28select+1+from+mysql.user+limit+0%2C1%29%3D1 HTTP/1.1" 200 453 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"

    A. Filter user input using Javascript on the client browser

    B. Reduce the permissions of the user account running the web application

    C. Filter user input before it gets passed to the application

    D. Create drop-downs for users to choose their search terms

  • Question 24:

    Following the recent acquisition of a new business, your manager asks you to investigate their DNS service and report back on its status. He is concerned as they only have one DNS server in the organization and it is visible on the Internet. What actions and recommendations should be taken as a first step?

    A. Review the logs of the acquired business' firewall for port 53 traffic. Add a firewall rule to block port 53 traffic.

    B. Ensure zone transfer requests from the acquired business' DNS server are disabled. Propose a plan to migrate the DNS service to your split-DNS infrastructure.

    C. Use the nslookup command to direct the aquired business' DNS server to transfer its records to your primary DNS server. Block all other traffic at the firewall.

    D. Remove the acquired business' DNS server from the network. Import its database entries into your secure infrastructure.

  • Question 25:

    An attacker has tricked a user into executing content he placed on a social networking site. The malicious content executes in the victim's browser and allows the attacker to determine if machines behind the user's firewall are up and running. What type of attack is this?

    A. Cross Site Scripting

    B. SQL Injection

    C. Account Harvesting

    D. Session Hijacking

  • Question 26:

    Alice is checking for unusual activity on the LAN that she administers. Based on the CAM table excerpt below, what port should be investigated further?

    A. Gi1/1/3

    B. Gi1/1/4

    C. Gi1/1/2

    D. Gi1/1/5

  • Question 27:

    A responder runs the two commands below looking for the number of lines that contain the word powershell. Which of the following is a reason why the output is different between the two plugins?

    A. The pslist plugin has deduplicated the results

    B. The psscan plugin searched further back in time for the image

    C. The pslist plugin identifies the first instance of an executable

    D. The psscan plugin has identified hidden processes

  • Question 28:

    What do drive-by attacks typically take advantage of when delivering exploits?

    A. Server upload policy

    B. User's browser

    C. Old SSL version

    D. Weak passwords

  • Question 29:

    Which of the following squid proxy log fields is easiest for an attacker to spoof?

    A. HTTP method

    B. Session duration

    C. Timestamp

    D. User agent

  • Question 30:

    Which file would an attacker need to read in order to crack passwords on a modern Linux system?

    A. /etc/passwd

    B. /usr/sbin/adduser

    C. %systemroot%\NTDS\NTDS.dit

    D. /etc/shadow

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GIAC exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your GCIH exam preparations and GIAC certification application, do not hesitate to visit our Vcedump.com to find your solutions here.