GCIH by GIAC Valid Free Exam Practice Test

Question 1

Adam, a malicious hacker has successfully gained unauthorized access to the Linux system of Umbrella Inc.
Web server of the company runs on Apache. He has downloaded sensitive documents and database files from the computer.
After performing these malicious tasks, Adam finally runs the following command on the Linux command box before disconnecting.
for (( i = 0;i<11;i++ )); do dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda done Which of the following actions does Adam want to perform by the above command?

A. Wiping the contents of the hard disk with zeros. B. Infecting the hard disk with polymorphic virus strings. C. Making a bit stream copy of the entire hard disk for later download. D. Deleting all log files present on the system.

Correct Answer: A

Question 2

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint.
Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?

A. nmap -sT B. nmap -O -p C. nmap -sU -p D. nmap -sS

Correct Answer: B

Question 3

Which of the following can be used to perform session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

A. Session fixation B. Cross-site scripting C. ARP spoofing D. Session sidejacking

Correct Answer: A,B,D

Question 4

As a professional hacker, you want to crack the security of secureserver.com. For this, in the information gathering step, you performed scanning with the help of nmap utility to retrieve as many different protocols as possible being used by the secureserver.com so that you could get the accurate knowledge about what services were being used by the secure server.com. Which of the following nmap switches have you used to accomplish the task?

A. nmap -sT B. nmap -vO C. nmap -sO D. nmap -sS

Correct Answer: C

Question 5

Which of the following is the best method of accurately identifying the services running on a victim host?

A. Use of a vulnerability scanner to try to probe each port to verify which service is running. B. Use of the manual method of telnet to each of the open ports. C. Use of a port scanner to scan each port to confirm the services running. D. Use of hit and trial method to guess the services and ports of the victim host.

Correct Answer: B

Question 6

Which of the following is a type of computer security vulnerability typically found in Web applications that allow code injection by malicious Web users into the Web pages viewed by other users?

A. Privilege Escalation B. Cross-site scripting C. Cookie poisoning D. SID filtering

Correct Answer: B

Question 7

Which of the following statements are true about worms?
Each correct answer represents a complete solution. Choose all that apply.

A. One feature of worms is keystroke logging. B. Worms replicate themselves from one system to another without using a host file. C. Worms cause harm to the network by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. D. Worms can exist inside files such as Word or Excel documents.

Correct Answer: B,C,D

Question 8

Which of the following types of scan does not open a full TCP connection?

A. ACK scan B. Stealth scan C. Idle scan D. FIN scan

Correct Answer: B

Question 9

You want to measure the number of heaps used and overflows occurred at a point in time. Which of the following commands will you run to activate the appropriate monitor?

A. UPDATE DBM CONFIGURATION USING DFT_MON_SORT B. UPDATE DBM CONFIGURATION USING DFT_MON_BUFPOOL C. UPDATE DBM CONFIGURATION USING DFT_MON_TABLE D. UPDATE DBM CONFIGURATION DFT_MON_TIMESTAMP

Correct Answer: A

Question 10

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.
we-are-secure.com. He has successfully completed the following steps of the pre-attack phase:
l Information gathering
l Determining network range
l Identifying active machines
l Finding open ports and applications
l OS fingerprinting
l Fingerprinting services
Now John wants to perform network mapping of the We-are-secure network. Which of the following tools can he use to accomplish his task?
Each correct answer represents a complete solution. Choose all that apply.

A. Ettercap B. NeoTrace C. Cheops D. Traceroute

Correct Answer: B,C,D

Question 11

Which of the following is executed when a predetermined event occurs?

A. Trojan horse B. MAC C. Logic bomb D. Worm

Correct Answer: C

Question 12

Which of the following refers to a condition in which a hacker sends a bunch of packets that leave TCP ports half open?

A. Spoofing B. SYN attack C. PING attack D. Hacking

Correct Answer: B

GIAC Certified Incident Handler - GCIH Exam Practice Test