GIAC-GCIH

In the DNS Zone transfer enumeration, an attacker attempts to retrieve a copy of the entire zone file for a domain from a DNS server. The information provided by the DNS zone can help an attacker gather user names, passwords, and other valuable information. To attempt a zone transfer, an attacker must be connected to a DNS server that is the authoritative server for that zone. Besides this, an attacker can launch a Denial of Service attack against the zone's DNS servers by flooding them with many requests. Which of the following tools can an attacker use to perform a DNS zone transfer?Each correct answer represents a complete solution.

Which of the following types of malware can an antivirus application disable and destroy?Each correct answer represents a complete solution.

You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries.But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be involved in resolving this process and find a solution?Each correct answer represents a part of the solution.

Which of the following tools uses common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures of the rootkits?

Which of the following statements are true about Dsniff?Each correct answer represents a complete solution. Choose two.

Adam, a malicious hacker is sniffing the network to inject ARP packets. He injects broadcast frames onto the wire to conduct Man-in-The-Middle attack.Which of the following is the destination MAC address of a broadcast frame?

Andrew, a bachelor student of Faulkner University, creates a gmail account. He uses 'Faulkner' as the password for the gmail account. After a few days, he starts receiving a lot of e-mails stating that his gmail account has been hacked. He also finds that some of his important mails have been deleted by someone. Which of the following methods has the attacker used to crack Andrew's password?Each correct answer represents a complete solution.

Firekiller 2000 is an example of a __________.

Which of the following tools can be used as penetration tools in the Information system auditing process?Each correct answer represents a complete solution.

Which of the following can be used to perform session hijacking?Each correct answer represents a complete solution.

Which of the following are countermeasures to prevent unauthorized database access attacks?Each correct answer represents a complete solution.

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. He is working on the Linux operating system.He wants to sniff the we-are-secure network and intercept a conversation between two employees of the company through session hijacking. Which of the following tools will John use to accomplish the task?

Which of the following types of attacks come under the category of hacker attacks?Each correct answer represents a complete solution.

Which of the following Linux rootkits allows an attacker to hide files, processes, and network connections?Each correct answer represents a complete solution.

John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?Each correct answer represents a complete solution.

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple small-sized packets to the target computer. Hence, it becomes very difficult for an IDS to detect the attack signatures of such attacks. Which of the following tools can be used to perform session splicing attacks?Each correct answer represents a complete solution.

You are monitoring your network's behavior. You find a sudden increase in traffic on the network. It seems to come in bursts and emanate from one specific machine. You have been able to determine that a user of that machine is unaware of the activity and lacks the computer knowledge required to be responsible for a computer attack. What attack might this indicate?

The IT administrator wants to implement a stronger security policy. What are the four most important security priorities for PassGuide Software Systems Pvt. Ltd.? E. Ensuring secure authentication. F. Preventing unauthorized network access. G. Providing secure communications between Washington and the headquarters office. H. Preventing denial-of-service attacks.

Which of the following is the difference between SSL and S-HTTP?

Adam works as a Security Administrator for Umbrella Technology Inc. He reported a breach in security to his senior members, stating that "security defenses has been breached and exploited for 2 weeks by hackers." The hackers had accessed and downloaded 50,000 addresses containing customer credit cards and passwords. Umbrella Technology was looking to law enforcement officials to protect their intellectual property.The intruder entered through an employee's home machine, which was connected to Umbrella Technology's corporate VPN network. The application calledBEAST Trojan was used in the attack to open a "back door" allowing the hackers undetected access. The security breach was discovered when customers complained about the usage of their credit cards without their knowledge.The hackers were traced back to Shanghai, China through e-mail address evidence. The credit card information was sent to that same e-mail address. The passwords allowed the hackers to access Umbrella Technology's network from a remote location, posing as employees.Which of the following actions can Adam perform to prevent such attacks from occurring in future?

You want to measure the number of heaps used and overflows occurred at a point in time. Which of the following commands will you run to activate the appropriate monitor?

Which of the following steps can be taken as countermeasures against sniffer attacks?Each correct answer represents a complete solution.

Which of the following incident response team members ensures that the policies of the organization are enforced during the incident response?

Which special character or character sequence is often used in SQL injection attacks because it acts as a SQL comment delimiter? E. ../

attacker.evil.org is attempting to insert a poisoned cache entry for www.moneybags on the dns.victim.com DNS server using the Kaminsky method of DNS cache poisoning. Of the following choices, which would be an example of an effective query sent by the attacker?

You are the leader of an incident handling team for a mid-size manufacturer in the United States. Several of your company's products are patented and several processes used in the manufacturing process are considered trade secrets. A member of your company's firewall team sent you a tcpdump of a firewall log thought looked suspicious. The packets in question had the same external source IP address, the same internal destination IP addresses, and the same source and destination ports were used in each packet. The only difference between the packets was that the TTL's had been incremented. How can you best determine if this is a sign of something malicious or not?

What is a DNS zone transfer?

What would be the classification of a worm with the following characteristics? E. Polymorphic

In the network logs there are ACK/FIN/PSH/URG packets from a host going to a closed port, and SYN/FIN/URG/PSH packets going to open ports. What is the host likely doing?

Suppose a web application builds the SQL command "select PhoneNumber from contacts where Company = '[value]';". What would the result likely be if an attacker submitted the value "GIAC'; drop table contacts; --" to the database?