Act now and download your GIAC GCIH test today! Do not waste time for the worthless GIAC GCIH tutorials. Download Rebirth GIAC GIAC Certified Incident Handler exam with real questions and answers and begin to learn GIAC GCIH with a classic professional.

GIAC GCIH Free Dumps Questions Online, Read and Test Now.

Which of the following statements are true about Dsniff?
Each correct answer represents a complete solution. Choose two.

  • A. It contains Trojans.
  • B. It is a virus.
  • C. It is antivirus.
  • D. It is a collection of various hacking tools.

Answer: AD

Adam has installed and configured his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Adam notices that when he uses his wireless connection, the speed is sometimes 16 Mbps and sometimes it is only 8 Mbps or less. Adam connects to the management utility wireless router and finds out that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has the same MAC address as his laptop.
Which of the following attacks has been occurred on the wireless network of Adam?

  • A. NAT spoofing
  • B. DNS cache poisoning
  • C. MAC spoofing
  • D. ARP spoofing

Answer: C

Which of the following tools is used to attack the Digital Watermarking?

  • A. Active Attacks
  • B. 2Mosaic
  • C. Steg-Only Attack
  • D. Gifshuffle

Answer: B

Which of the following attacks come under the category of layer 2 Denial-of-Service attacks?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Spoofing attack
  • B. SYN flood attack
  • C. Password cracking
  • D. RF jamming attack

Answer: AB

John, a part-time hacker, has accessed in unauthorized way to the banking Website and stolen the bank account information of its users and their credit card numbers by using the SQL injection attack. Now, John wants to sell this information to malicious person Mark and make a deal to get a good amount of money. Since, he does not want to send the hacked information in the clear text format to Mark; he decides to send information in hidden text. For this, he takes a steganography tool and hides the information in ASCII text by appending whitespace to the end of lines and encrypts the hidden information by using the IDEA encryption algorithm. Which of the following tools is John using for steganography?

  • A. Image Hide
  • B. 2Mosaic
  • C. Snow.exe
  • D. Netcat

Answer: C

Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP spoofing may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether. The principle of ARP spoofing is to send fake ARP messages to an Ethernet LAN. What steps can be used as a countermeasure of ARP spoofing?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Using smash guard utility
  • B. Using ARP Guard utility
  • C. Using static ARP entries on servers, workstation and routers
  • D. Using ARP watch utility
  • E. Using IDS Sensors to check continually for large amount of ARP traffic on local subnets

Answer: BCDE

Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?

  • A. Kernel keylogger
  • B. Software keylogger
  • C. Hardware keylogger
  • D. OS keylogger

Answer: C

You discover that all available network bandwidth is being used by some unknown service. You discover that UDP packets are being used to connect the echo service on one machine to the chargen service on another machine. What kind of attack is this?

  • A. Smurf
  • B. Denial of Service
  • C. Evil Twin
  • D. Virus

Answer: B

John works as a Professional Ethical Hacker for NetPerfect Inc. The company has a Linux-based network. All client computers are running on Red Hat 7.0 Linux. The Sales Manager of the company complains to John that his system contains an unknown package named as tar.gz and his documents are exploited. To resolve the problem, John uses a Port scanner to enquire about the open ports and finds out that the HTTP server service port on 27374 is open. He suspects that the other computers on the network are also facing the same problem. John discovers that a malicious application is using the synscan tool to randomly generate IP addresses.
Which of the following worms has attacked the computer?

  • A. Code red
  • B. Ramen
  • C. LoveLetter
  • D. Nimda

Answer: B

Adam works as an Incident Handler for Umbrella Inc. He is informed by the senior authorities that the server of the marketing department has been affected by a malicious hacking attack. Supervisors are also claiming that some sensitive data are also stolen.
Adam immediately arrived to the server room of the marketing department and identified the event as an incident. He isolated the infected network from the remaining part of the network and started preparing to image the entire system. He captures volatile data, such as running process, ram, and network connections.
Which of the following steps of the incident handling process is being performed by Adam?

  • A. Recovery
  • B. Eradication
  • C. Identification
  • D. Containment

Answer: D

Which of the following ensures that a party to a dispute cannot deny the authenticity of their signature on a document or the sending of a message that they originated?

  • A. OS fingerprinting
  • B. Reconnaissance
  • C. Non-repudiation
  • D. Confidentiality

Answer: C

Which of the following types of attacks is targeting a Web server with multiple compromised computers that are simultaneously sending hundreds of FIN packets with spoofed IP source IP addresses?

  • A. Evasion attack
  • B. Insertion attack
  • C. DDoS attack
  • D. Dictionary attack

Answer: C

You work as a Senior Marketing Manager for Umbrella Inc. You find out that some of the software applications on the systems were malfunctioning and also you were not able to access your remote desktop session. You suspected that some malicious attack was performed on the network of the company. You immediately called the incident response team to handle the situation who enquired the Network Administrator to acquire all relevant information regarding the malfunctioning. The Network Administrator informed the incident response team that he was reviewing the security of the network which caused all these problems. Incident response team announced that this was a controlled event not an incident.
Which of the following steps of an incident handling process was performed by the incident response team?

  • A. Containment
  • B. Eradication
  • C. Preparation
  • D. Identification

Answer: D

Adam, a malicious hacker, wants to perform a reliable scan against a remote target. He is not concerned about being stealth at this point.
Which of the following type of scans would be most accurate and reliable?

  • A. UDP sacn
  • B. TCP Connect scan
  • C. ACK scan
  • D. Fin scan

Answer: B

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of He has successfully completed the following steps of the pre- attack phase:
l Information gathering
l Determining network range
l Identifying active machines
l Finding open ports and applications
l OS fingerprinting
l Fingerprinting services
Now John wants to perform network mapping of the We-are-secure network. Which of the following tools can he use to accomplish his task?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Ettercap
  • B. Traceroute
  • C. Cheops
  • D. NeoTrace

Answer: BCD

Which of the following steps can be taken as countermeasures against sniffer attacks?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Use encrypted protocols for all communications.
  • B. Use switches instead of hubs since they switch communications, which means that information is delivered only to the predefined host.
  • C. Use tools such as StackGuard and Immunix System to avoid attacks.
  • D. Reduce the range of the network to avoid attacks into wireless networks.

Answer: ABD


P.S. now are offering 100% pass ensure GCIH dumps! All GCIH exam questions have been updated with correct answers: (328 New Questions)