What is the definition of an event as it applies to incident handling?
A. Any observable occurrence in a system and/or network
B. The introduction of malicious code into your network
C. Something that triggers an alert from your Intrusion Detection System
D. An adverse occurrence in an information system and/or network or the threat of such an occurrence
Analyze the data shown below. Where does this data originate from?
A. Established connections
B. Routing table
C. ARP cache
D. Network interfaces
Which volatility plugin shows the command line path for a recently launched application?
A. hivelist
B. dlllist
C. pslist
D. netscan
Which of the following actions can prevent the successful use of Metasploit against a Windows host?
A. Deploying User and Entity Behavior Analytics (UEBA) tools
B. Using the Microsoft Anti-Cross Site Scripting Library
C. Deploying controls on what applications are allowed to run
D. Tracking UserIDs for unsuccessful login attempts
Which UNIX log file contains information about currently logged in users?
A. wtmp
B. btmp
C. utmp
D. lastlog
What is the goal of the command sequence shown below? >nslookup
>server [authoritative_server_IP_or_name]
>set type=any
>ls -d [target_domain]
A. Arp Spoofing
B. Zone Transfer
C. DNS Cache Poisoning
D. IP Spoofing
What can be used to link UNIX authentication with other mechanisms?
A. SYSKEY
B. PAM
C. S/KEY
D. Shadow
Which of the following Metasploit tools will generate a payload that can be introduced to a Windows system as shown in the image?
A. Msfvenom
B. Msfd
C. Msfrpc
D. Msfconsole
Which of the following statements describes the data below from volatility's pstree plugin?
A. Cmd.exe was the child process of OneDrive.exe
B. Chrmstp.exe was launched by MSASCuiL.exe
C. Explorer.exe was the parent process for firefox.exe
D. Notepad.exe was launched with Administrative privileges
What is the result of unloading a process' forward and backwards links in memory?
A. The process is hidden from the operating system
B. Analysis tools cannot find the process when scanning memory
C. The process owner is elevated to SYSTEM permissions
D. The application crashes
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GIAC exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your GCIH exam preparations and GIAC certification application, do not hesitate to visit our Vcedump.com to find your solutions here.