GCIH GIAC Exam Questions and Free Practice Test

Question 67

Which of the following are the primary goals of the incident handling team?
Each correct answer represents a complete solution. Choose all that apply.

A. Freeze the scene.

B. Repair any damage caused by an incident.

C. Prevent any further damage.

D. Inform higher authorities.

Correct Answer:ABC

Question 68

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

A. Email spoofing

B. Steganography

C. Web ripping

D. Social engineering

Correct Answer:B

Question 69

Which of the following statements are correct about spoofing and session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

A. Spoofing is an attack in which an attacker can spoof the IP address or other identity of the target and the valid user cannot be active.

B. Spoofing is an attack in which an attacker can spoof the IP address or other identity of the target but the valid user can be active.

C. Session hijacking is an attack in which an attacker takes over the session, and the valid user's session is disconnected.

D. Session hijacking is an attack in which an attacker takes over the session, and the valid user's session is not disconnected.

Correct Answer:BD

Question 70

Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up a Trojan and joins it to chess.exe. The size of chess.exe was 526,895 bytes originally, and after joining this chess file to the Trojan, the file size increased to 651,823 bytes. When he gives you this new game, you install the infected chess.exe file on your computer. He now performs various malicious tasks on your computer remotely. But you suspect that someone has installed a Trojan on your computer and begin to investigate it. When you enter the netstat command in the command prompt, you get the following results:
C:WINDOWS>netstat -an | find "UDP" UDP IP_Address:31337 *:*
Now you check the following registry address:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
In the above address, you notice a 'default' key in the 'Name' field having " .exe" value in the corresponding 'Data' field. Which of the following Trojans do you think your friend may have installed on your computer on the basis of the above evidence?

A. Qaz

B. Donald Dick

C. Tini

D. Back Orifice

Correct Answer:D

Question 71

You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries. But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be involved in resolving this process and find a solution?
Each correct answer represents a part of the solution. Choose all that apply.

A. Eradication

B. Contamination

C. Preparation

D. Recovery

E. Identification

Correct Answer:ABD

Question 72

Which of the following is used to determine the operating system on the remote computer in a network environment?

A. Spoofing

B. Reconnaissance

C. OS Fingerprinting

D. Social engineering

Correct Answer:C

START GCIH EXAM