Leads4pass > GIAC > GIAC Certifications > GCIH > GCIH Online Practice Questions and Answers

GCIH Online Practice Questions and Answers

Questions 4

Which of the following attacks is specially used for cracking a password?

A. PING attack

B. Dictionary attack

C. Vulnerability attack D. DoS attack

Buy Now
Questions 5

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. He is working on the Linux operating system. He wants to sniff the we-are-secure network and intercept a conversation between two employees of the company through session hijacking. Which of the following tools will John use to accomplish the task?

A. Hunt

B. IPChains

C. Ethercap

D. Tripwire

Buy Now
Questions 6

A workstation with an IP address of 10.10.20.115/24 is suspected of being compromised. Which of the following is supported by the information in the process table?

A. A possibly compromised system at 10.10.10.200 is attempting to access shared files over the network

B. The behavior of the minesweeper.exe process indicates a likely trojan horse infection

C. The behavior of the smss.exe process indicates a likely rootkit infection

D. A possibly compromised system at 195.129.50.50 is attempting to start a web server on the host

Buy Now
Questions 7

What is a DNS zone transfer?

A. Bulk transfer of DNS records for a domain from your DNS server to another host upon request

B. Changing the registered region in which your DNS server is allowed to operate

C. Switching zone preferences between two DNS servers

D. Turning a DNS server from an internal server to an external server, or the other way around

Buy Now
Questions 8

What is the value of salting password hashes?

A. Full encryption in the SAM database

B. Strong encryption algorithms are enforced

C. Rainbow Tables cannot be used to crack the password

D. Dictionary password guessing attacks can't be used

Buy Now
Questions 9

Which of the following is a common method for hosts to be infected with bot software?

A. HTTP Proxies

B. Open Relays

C. Rootkits

D. Worms

Buy Now
Questions 10

Which servers should be allowed to perform zone transfers from your primary DNS server?

A. All Internet clients who wish to surf to your site

B. Your secondary DNS servers

C. Only internal clients

D. Any DNS server

Buy Now
Questions 11

Which of the following BEST represents a true virtual machine escape?

A. An attacker who has compromised a virtual machine using VMcat to run code on the physical host

B. An attacker who has compromised a virtual machine mapping a network drive on the physical host using SMB

C. An attacker who has compromised a virtual machine sniffing network traffic to and from the physical host

D. An attacker who has compromised a virtual machine, able to directly execute code on the physical host

Buy Now
Questions 12

An analyst discovers an undocumented host showing up in some IDS alerts with IP address 10.0.1.123. A port scan indicates listening services on the host. What step can the analyst take next to attempt OS detection and the version of the unknown services?

A. sc query

B. net view

C. netstat -nap

D. nmap -A

Buy Now
Questions 13

What information is commonly found in both the header and the possession log of a Chain of Custody?

A. Date and time the evidence was requested by the court

B. Date and time the evidence was checked into evidence locker

C. Date and time the evidence was initially collected

D. Date and time the evidence is classified as reliable

Buy Now
Exam Code: GCIH
Exam Name: GIAC Certified Incident Handler (GCIH)
Last Update: Jul 07, 2026
Questions: 705
10%OFF Coupon Code: SAVE10

PDF (Q&A)

$49.99

VCE

$55.99

PDF + VCE

$65.99