01. John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. On the We-are-secure login page, he enters ='or''=' as a username and successfully logs in to the user page of the Web site.
The we-are-secure login page is vulnerable to a __________.
a) Dictionary attack
b) SQL injection attack
c) Replay attack
d) Land attack
02. Which of the following types of attack can guess a hashed password?
a) Brute force attack
b) Evasion attack
c) Denial of Service attack
d) Teardrop attack
03. Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform acts like account hijacking, history theft etc.
Which of the following types of Cross-Site Scripting attack Ryan intends to do?
a) Non persistent
b) Document Object Model (DOM)
c) SAX
d) Persistent
04. Buffer overflows are one of the major errors used for exploitation on the Internet today. A buffer overflow occurs when a particular operation/function writes more data into a variable than the variable was designed to hold.
Which of the following are the two popular types of buffer overflows?
Each correct answer represents a complete solution. Choose two.
a) Dynamic buffer overflows
b) Stack based buffer overflow
c) Heap based buffer overflow
d) Static buffer overflows
05. Which of the following applications is an example of a data-sending Trojan?
a) SubSeven
b) Senna Spy Generator
c) Firekiller 2000
d) eBlaster
06. Adam works as a Security Analyst for Umbrella Inc. Company has a Windows-based network. All computers run on Windows XP. Manager of the Sales department complains Adam about the unusual behavior of his computer. He told Adam that some pornographic contents are suddenly appeared on his computer overnight.
Adam suspects that some malicious software or Trojans have been installed on the computer. He runs some diagnostics programs and Port scanners and found that the Port 12345, 12346, and 20034 are open. Adam also noticed some tampering with the Windows registry, which causes one application to run every time when Windows start.
Which of the following is the most likely reason behind this issue?
a) Cheops-ng is installed on the computer.
b) Elsave is installed on the computer.
c) NetBus is installed on the computer.
d) NetStumbler is installed on the computer.
07. Network mapping provides a security testing team with a blueprint of the organization. Which of the following steps is NOT a part of manual network mapping?
a) Gathering private and public IP addresses
b) Collecting employees information
c) Banner grabbing
d) Performing Neotracerouting
08. John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks.
As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against __________.
a) IIS buffer overflow
b) NetBIOS NULL session
c) SNMP enumeration
d) DNS zone transfer
09. Which of the following virus is a script that attaches itself to a file or template?
a) Boot sector
b) Trojan horse
c) Macro virus
d) E-mail virus
10. Adam works as an Incident Handler for Umbrella Inc. He has been sent to the California unit to train the members of the incident response team. As a demo project he asked members of the incident response team to perform the following actions:
- Remove the network cable wires.
- Isolate the system on a separate VLAN
- Use a firewall or access lists to prevent communication into or out of the system.
- Change DNS entries to direct traffic away from compromised system
Which of the following steps of the incident handling process includes the above actions?
a) Identification
b) Containment
c) Eradication
d) Recovery
The purpose of this Sample Question Set is to provide you with information about the GIAC Incident Handler (GCIH) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the GCIH certification test. To get familiar with real exam environment, we suggest you try our Sample GIAC GCIH Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual GIAC Certified Incident Handler (GCIH) certification exam.
