GCIH GIAC Certified Incident Handler Free Practice Exam Questions (2025 Updated)
Prepare effectively for your GIAC GCIH GIAC Certified Incident Handler certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.
Which of the following netcat parameters makes netcat a listener that automatically restarts itself when a connection is dropped?
Adam works as a Penetration Tester for Umbrella Inc. A project has been assigned to him check the security of wireless network of the company. He re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Adam assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs.
Which of the following types of attack is Adam performing?
Which of the following malicious code can have more than one type of trigger, multiple task capabilities, and can replicate itself in more than one manner?
Which of the following nmap command parameters is used for TCP SYN port scanning?
Adam is a novice Web user. He chooses a 22 letters long word from the dictionary as his password.
How long will it take to crack the password by an attacker?
You want to perform passive footprinting against we-are-secure Inc. Web server. Which of the following tools will you use?
Which of the following services CANNOT be performed by the nmap utility?
Each correct answer represents a complete solution. Choose all that apply.
John works as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company uses Check Point SmartDefense to provide security to the network of the company. On the HTTP servers of the company, John defines a rule for dropping any kind of userdefined URLs. Which of the following types of attacks can be prevented by dropping the user-defined URLs?
What is the purpose of configuring a password protected screen saver on a computer?
A user is sending a large number of protocol packets to a network in order to saturate its resources and to disrupt connections to prevent communications between services. Which type of attack is this?
Which of the following systems is used in the United States to coordinate emergency preparedness and incident management among various federal, state, and local agencies?
Which of the following are countermeasures to prevent unauthorized database access attacks?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following can be used as a Trojan vector to infect an information system?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following techniques is used when a system performs the penetration testing with the objective of accessing unauthorized information residing inside a computer?
John works as a Penetration Tester in a security service providing firm named you-are-secure Inc. Recently, John's company has got a project to test the security of a promotional Website www.missatlanta.com and assigned the pen-testing work to John. When John is performing penetration testing, he inserts the following script in the search box at the company home page:
<</b>script>alert('Hi, John')<</b>/script>
After pressing the search button, a pop-up box appears on his screen with the text - "Hi, John." Which of the following attacks can be performed on the Web site tested by john while considering the above scenario?
Which of the following can be used to perform session hijacking?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following tools uses common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures of the rootkits?
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully completed the following steps of the pre-attack phase:
l Information gathering
l Determining network range
l Identifying active machines
l Finding open ports and applications
l OS fingerprinting
l Fingerprinting services
Now John wants to perform network mapping of the We-are-secure network. Which of the following tools can he use to accomplish his task?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Network Administrator in the SecureTech Inc. The SecureTech Inc. is using Linux-based server. Recently, you have updated the password policy of the company in which the server will disable passwords after four trials. What type of attack do you want to stop by enabling this policy?
Which of the following can be used as a countermeasure against the SQL injection attack?
Each correct answer represents a complete solution. Choose two.
