1. Home
  2. GIAC
  3. GCIH

GIAC Certified Incident Handler

Exam Details

  • Exam Code
    :GCIH
  • Exam Name
    :GIAC Certified Incident Handler
  • Certification
    :GIAC Information Security
  • Vendor
    :GIAC
  • Total Questions
    :705 Q&As
  • Last Updated
    :May 14, 2024

GIAC GIAC Information Security GCIH Questions & Answers

  • Question 41:

    What is the definition of an event as it applies to incident handling?

    A. Any observable occurrence in a system and/or network

    B. The introduction of malicious code into your network

    C. Something that triggers an alert from your Intrusion Detection System

    D. An adverse occurrence in an information system and/or network or the threat of such an occurrence

  • Question 42:

    Analyze the data shown below. Where does this data originate from?

    A. Established connections

    B. Routing table

    C. ARP cache

    D. Network interfaces

  • Question 43:

    Which volatility plugin shows the command line path for a recently launched application?

    A. hivelist

    B. dlllist

    C. pslist

    D. netscan

  • Question 44:

    Which of the following actions can prevent the successful use of Metasploit against a Windows host?

    A. Deploying User and Entity Behavior Analytics (UEBA) tools

    B. Using the Microsoft Anti-Cross Site Scripting Library

    C. Deploying controls on what applications are allowed to run

    D. Tracking UserIDs for unsuccessful login attempts

  • Question 45:

    Which UNIX log file contains information about currently logged in users?

    A. wtmp

    B. btmp

    C. utmp

    D. lastlog

  • Question 46:

    What is the goal of the command sequence shown below? >nslookup

    >server [authoritative_server_IP_or_name]

    >set type=any

    >ls -d [target_domain]

    A. Arp Spoofing

    B. Zone Transfer

    C. DNS Cache Poisoning

    D. IP Spoofing

  • Question 47:

    What can be used to link UNIX authentication with other mechanisms?

    A. SYSKEY

    B. PAM

    C. S/KEY

    D. Shadow

  • Question 48:

    Which of the following Metasploit tools will generate a payload that can be introduced to a Windows system as shown in the image?

    A. Msfvenom

    B. Msfd

    C. Msfrpc

    D. Msfconsole

  • Question 49:

    Which of the following statements describes the data below from volatility's pstree plugin?

    A. Cmd.exe was the child process of OneDrive.exe

    B. Chrmstp.exe was launched by MSASCuiL.exe

    C. Explorer.exe was the parent process for firefox.exe

    D. Notepad.exe was launched with Administrative privileges

  • Question 50:

    What is the result of unloading a process' forward and backwards links in memory?

    A. The process is hidden from the operating system

    B. Analysis tools cannot find the process when scanning memory

    C. The process owner is elevated to SYSTEM permissions

    D. The application crashes

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GIAC exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your GCIH exam preparations and GIAC certification application, do not hesitate to visit our Vcedump.com to find your solutions here.