giac gcih practice test

John works as a professional Ethical Hacker. He has been assigned the project of testing the security
of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks. As a
countermeasure, he suggests that the Network Administrator should remove the IPP printing
capability from the server. He is suggesting this as a countermeasure against __________.

• A. IIS buffer overflow
• B. NetBIOS NULL session
• C. SNMP enumeration
• D. DNS zone transfer

Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet
forum for online discussion. When a user visits the infected Web page, code gets automatically
executed and Ryan can easily perform acts like account hijacking, history theft etc. Which of the
following types of Cross-Site Scripting attack Ryan intends to do?

• A. Non persistent
• B. Document Object Model (DOM)
• C. SAX
• D. Persistent

Which of the following applications is an example of a data-sending Trojan?

• A. SubSeven
• B. Senna Spy Generator
• C. Firekiller 2000
• D. eBlaster

John works as a professional Ethical Hacker. He has been assigned a project to test the security of
www.we-are-secure.com. On the We-are-secure login page, he enters ='or''=' as a username and
successfully logs in to the user page of the Web site. The We-are-secure login page is vulnerable to a
__________.

• A. Dictionary attack
• B. SQL injection attack
• C. Replay attack
• D. Land attack

Which of the following statements are true about worms?
Each correct answer represents a complete solution. Choose all that apply.

• A. Worms cause harm to the network by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
• B. Worms can exist inside files such as Word or Excel documents.
• C. One feature of worms is keystroke logging.
• D. Worms replicate themselves from one system to another without using a host file.

Adam works as a Security Analyst for Umbrella Inc. Company has a Windows-based network. All
computers run on Windows XP. Manager of the Sales department complains Adam about the
unusual behavior of his computer. He told Adam that some pornographic contents are suddenly
appeared on his computer overnight. Adam suspects that some malicious software or Trojans have
been installed on the computer. He runs some diagnostics programs and Port scanners and found
that the Port 12345, 12346, and 20034 are open. Adam also noticed some tampering with the
Windows registry, which causes one application to run every time when Windows start.
Which of the following is the most likely reason behind this issue?

• A. Cheops-ng is installed on the computer.
• B. Elsave is installed on the computer.
• C. NetBus is installed on the computer.
• D. NetStumbler is installed on the computer.

Buffer overflows are one of the major errors used for exploitation on the Internet today. A buffer
overflow occurs when a particular operation/function writes more data into a variable than the
variable was designed to hold.
Which of the following are the two popular types of buffer overflows?
Each correct answer represents a complete solution. Choose two.

• A. Dynamic buffer overflows
• B. Stack based buffer overflow
• C. Heap based buffer overflow
• D. Static buffer overflows

Which of the following are the primary goals of the incident handling team?
Each correct answer represents a complete solution. Choose all that apply.

• A. Freeze the scene.
• B. Repair any damage caused by an incident.
• C. Prevent any further damage.
• D. Inform higher authorities.

Fill in the blank with the appropriate word.
StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft's /GS option
use ______ defense against buffer overflow attacks.

• A. canary

Which of the following tools is used for vulnerability scanning and calls Hydra to launch a dictionary
attack?

• A. Whishker
• B. Nessus
• C. SARA
• D. Nmap