Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free GIAC GCIH Practice Exam with Questions & Answers | Set: 8

Questions 71

Jason, a Malicious Hacker, is a student of Baker university. He wants to perform remote hacking on the server of DataSoft Inc. to hone his hacking skills. The company has a Windows-based network. Jason successfully enters the target system remotely by using the advantage of vulnerability. He places a Trojan to maintain future access and then disconnects the remote session. The employees of the company complain to Mark, who works as a Professional Ethical Hacker for DataSoft Inc., that some computers are very slow. Mark diagnoses the network and finds that some irrelevant log files and signs of Trojans are present on the computers. He suspects that a malicious hacker has accessed the network. Mark takes the help from Forensic Investigators and catches Jason.

Which of the following mistakes made by Jason helped the Forensic Investigators catch him?

Options:
A.

Jason did not perform a vulnerability assessment.

B.

Jason did not perform OS fingerprinting.

C.

Jason did not perform foot printing.

D.

Jason did not perform covering tracks.

E.

Jason did not perform port scanning.

GIAC GCIH Premium Access
Questions 72

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

Options:
A.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

B.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

C.

HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"

D.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Questions 73

John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure Website login page, he enters ='or''=' as a username and successfully logs on to the user page of the Web site. Now, John asks the we-aresecure Inc. to improve the login page PHP script. Which of the following suggestions can John give to improve the security of the we-are-secure Website login page from the SQL injection attack?

Options:
A.

Use the escapeshellarg() function

B.

Use the session_regenerate_id() function

C.

Use the mysql_real_escape_string() function for escaping input

D.

Use the escapeshellcmd() function

Questions 74

Which of the following Denial-of-Service (DoS) attacks employ IP fragmentation mechanism?

Each correct answer represents a complete solution. Choose two.

Options:
A.

Land attack

B.

SYN flood attack

C.

Teardrop attack

D.

Ping of Death attack

Questions 75

Network mapping provides a security testing team with a blueprint of the organization. Which of the following steps is NOT a part of manual network mapping?

Options:
A.

Gathering private and public IP addresses

B.

Collecting employees information

C.

Banner grabbing

D.

Performing Neotracerouting

Questions 76

Which of the following statements are true about firewalking?

Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall.

B.

In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.

C.

A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall.

D.

Firewalking works on the UDP packets.

Questions 77

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against __________.

Options:
A.

IIS buffer overflow

B.

NetBIOS NULL session

C.

SNMP enumeration

D.

DNS zone transfer

Questions 78

You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?

Options:
A.

Manual penetration testing

B.

Code review

C.

Automated penetration testing

D.

Vulnerability scanning

Questions 79

Which of the following methods can be used to detect session hijacking attack?

Options:
A.

nmap

B.

Brutus

C.

ntop

D.

sniffer

Questions 80

You see the career section of a company's Web site and analyze the job profile requirements. You conclude that the company wants professionals who have a sharp knowledge of Windows server 2003 and Windows active directory installation and placement. Which of the following steps are you using to perform hacking?

Options:
A.

Scanning

B.

Covering tracks

C.

Reconnaissance

D.

Gaining access

Exam Code: GCIH
Certification Provider: GIAC
Exam Name: GIAC Certified Incident Handler
Last Update: Sep 12, 2025
Questions: 328

GIAC Related Exams

How to pass GIAC GCIA - GCIA – GIAC Certified Intrusion Analyst Practice Test Exam
How to pass GIAC GPEN - GIAC Penetration Tester Exam
How to pass GIAC GSEC - GIAC Security Essentials Exam
GISF - GIAC Information Security Fundamentals
GICSP - Global Industrial Cyber Security Professional (GICSP)
GCFA - GIACCertified Forensics Analyst
GASF - GIAC Advanced Smartphone Forensics
G2700 - GIAC Certified ISO-2700 Specialist Practice Test
GCPM - GIAC Certified Project Manager Certification Practice Test
GISP - GIAC Information Security Professional
GCFR - GIAC Cloud Forensics Responder (GCFR)
GPYC - GIAC Python Coder (GPYC)
GSLC - GIAC Security Leadership Certification (GSLC)
GPPA - GIAC Certified Perimeter Protection Analyst
GCED - GIAC Certified Enterprise Defender
GIAC Free Access
Get GIAC Full Access

GIAC Free Exams
GIAC Free Exams
Prepare for GIAC certification with free access to reliable study resources and practice tests at Examstrack.