Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams


Free GCIH Sample Questions:

Q: 1
Which of the following is the best method of accurately identifying the services running on a victim host?
A. Use of a vulnerability scanner to try to probe each port to verify which service is running.
B. Use of the manual method of telnet to each of the open ports.
C. Use of a port scanner to scan each port to confirm the services running.
D. Use of hit and trial method to guess the services and ports of the victim host.
Answer: B

Q: 2
Adam works as a Security Administrator for Umbrella Technology Inc. He reported a breach in security to his senior members, stating that "security defenses has been breached and exploited for 2 weeks by hackers." The hackers had accessed and downloaded 50,000 addresses containing customer credit cards and passwords. Umbrella Technology was looking to law enforcement officials to protect their intellectual property.
The intruder entered through an employee's home machine, which was connected to Umbrella Technology's corporate VPN network. The application called BEAST Trojan was used in the attack to open a "back door" allowing the hackers undetected access. The security breach was discovered when customers complained about the usage of their credit cards without their knowledge.
The hackers were traced back to Shanghai, China through e-mail address evidence. The credit card information was sent to that same e-mail address. The passwords allowed the hackers to access Umbrella Technology's network from a remote location, posing as employees.
Which of the following actions can Adam perform to prevent such attacks from occurring in future?
A. Apply different security policy to make passwords of employees more complex.
B. Disable VPN access to all employees of the company from home machines.
C. Replace the VPN access with dial-up modem access to the company's network.
D. Allow VPN access but replace the standard authentication with biometric authentication.
Answer: B

Q: 3
Which of the following actions is performed by the netcat command given below?
nc 55555 < /etc/passwd
A. It grabs the /etc/passwd file when connected to UDP port 55555.
B. It resets the /etc/passwd file to the UDP port 55555.
C. It fills the incoming connections to /etc/passwd file.
D. It changes the /etc/passwd file when connected to the UDP port 55555.
Answer: A

Q: 4
Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?
A. Containment phase
B. Identification phase
C. Eradication phase
D. Preparation phase
E. Recovery phase
Answer: D

Q: 5
Buffer overflows are one of the major errors used for exploitation on the Internet today. A buffer overflow occurs when a particular operation/function writes more data into a variable than the variable was designed to hold.
Which of the following are the two popular types of buffer overflows?
Each correct answer represents a complete solution. Choose two.
A. Heap based buffer overflow
B. Stack based buffer overflow
C. Static buffer overflows
D. Dynamic buffer overflows
Answer: A,B

Q: 6
Adam, a malicious hacker has successfully gained unauthorized access to the Linux system of Umbrella Inc. Web server of the company runs on Apache. He has downloaded sensitive documents and database files from the computer.
After performing these malicious tasks, Adam finally runs the following command on the Linux command box before disconnecting.
for (( i = 0;i<11;i++ )); do
dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda done

Which of the following actions does Adam want to perform by the above command?
A. Deleting all log files present on the system.
B. Infecting the hard disk with polymorphic virus strings.
C. Making a bit stream copy of the entire hard disk for later download.
D. Wiping the contents of the hard disk with zeros.
Answer: D

Q: 7
Adam, a malicious hacker is running a scan. Statistics of the scan is as follows:
Scan directed at open port:
ClientServer ---------FIN---------> <----NO
Scan directed at closed port:
ClientServer ---------FIN---------><-----RST/ACK----------

Which of the following types of port scan is Adam running?
A. Idle scan
B. ACK scan
C. XMAS scan
D. FIN scan
Answer: D

Q: 8
Which of the following are the primary goals of the incident handling team?
Each correct answer represents a complete solution. Choose all that apply.
A. Inform higher authorities.
B. Repair any damage caused by an incident.
C. Prevent any further damage.
D. Freeze the scene.
Answer: B,C,D

Q: 9
You are an Incident manager in Orangesect.Inc. You have been tasked to set up a new extension of your enterprise. The networking, to be done in the new extension, requires different types of cables and an appropriate policy that will be decided by you. Which of the following stages in the Incident handling process involves your decision making?
A. Preparation
B. Eradication
C. Containment
D. Identification
Answer: A

Q: 10
Adam works as a Senior Programmer for Umbrella Inc. A project has been assigned to him to write a short program to gather user input for a Web application. He wants to keep his program neat and simple. His chooses to use printf(str) where he should have ideally used printf("%s", str).
What attack will his program expose the Web application to?
A. SQL injection attack
B. Sequence++ attack
C. Format string attack
D. Cross Site Scripting attack
Answer: C

Q: 11
You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries. But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be involved in resolving this process and find a solution?
Each correct answer represents a part of the solution. Choose all that apply.
A. Recovery
B. Contamination
C. Identification
D. Preparation
E. Eradication
Answer: A,B,E

Q: 12
Adam works as an Incident Handler for Umbrella Inc. His recent actions towards the incident are not up to the standard norms of the company. He always forgets some steps and procedures while handling responses as they are very hectic to perform.
Which of the following steps should Adam take to overcome this problem with the least administrative effort?
A. Appoint someone else to check the procedures.
B. Create incident checklists.
C. Create new sub-team to keep check.
D. Create incident manual read it every time incident occurs.
Answer: B

Q: 13
Which of the following tools can be used as penetration tools in the Information system auditing process?
Each correct answer represents a complete solution. Choose two.
A. Nessus
B. Nmap
C. Snort
Answer: A,D

Q: 14
Adam, a novice computer user, works primarily from home as a medical professional. He just bought a brand new Dual Core Pentium computer with over 3 GB of RAM. After about two months of working on his new computer, he notices that it is not running nearly as fast as it used to.
Adam uses antivirus software, anti-spyware software, and keeps the computer up-to-date with Microsoft patches. After another month of working on the computer, Adam finds that his computer is even more noticeably slow. He also notices a window or two pop-up on his screen, but they quickly disappear. He has seen these windows show up, even when he has not been on the Internet. Adam notices that his computer only has about 10 GB of free space available. Since his hard drive is a 200 GB hard drive, Adam thinks this is very odd.
Which of the following is the mostly likely the cause of the problem?
A. Computer is infected with stealth virus.
B. Computer is infected with the stealth kernel level rootkit.
C. Computer is infected with the Self-Replication Worm.
D. Computer is infected with the Stealth Trojan Virus.
Answer: B

© 2014, All Rights Reserved