更新された2024年04月22日 GCIH試験問題集でPDF問題とテストエンジン
最新(2024)GIAC GCIH試験問題集
GIAC GCIH 認定試験は、インシデントの処理と対応における専門知識を証明したいセキュリティ専門家にとって必須の資格です。この試験は、広範な知識と経験が求められる厳しい試験ですが、個人のキャリアアップや業界での認知度を高めることができます。この認定は、世界中の主要な組織によって広く認知され、専門家として競争力のある就職市場で個人が際立つのに役立ちます。
質問 # 176
You work as a Network Penetration tester in the Secure Inc. Your company takes the projects to test the security of various companies. Recently, Secure Inc. has assigned you a project to test the security of a Web site. You go to the Web site login page and you run the following SQL query:
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = '[email protected]'; DROP TABLE members; --'
What task will the above SQL query perform?
- A. Deletes the database in which members table resides.
- B. Performs the XSS attacks.
- C. Deletes the rows of members table where email id is '[email protected]' given.
- D. Deletes the entire members table.
正解:D
質問 # 177
John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure Website login page, he enters ='or''=' as a username and successfully logs on to the user page of the Web site. Now, John asks the we-aresecure Inc. to improve the login page PHP script. Which of the following suggestions can John give to improve the security of the we-are-secure Website login page from the SQL injection attack?
- A. Use the session_regenerate_id() function
- B. Use the escapeshellcmd() function
- C. Use the escapeshellarg() function
- D. Use the mysql_real_escape_string() function for escaping input
正解:D
質問 # 178
You want to use PGP files for steganography. Which of the following tools will you use to accomplish the task?
- A. Snow
- B. Stealth
- C. Blindside
- D. ImageHide
正解:B
質問 # 179
Which of the following tools is used for port scanning?
- A. L0phtcrack
- B. NSLOOKUP
- C. Nmap
- D. NETSH
正解:C
解説:
Section: Volume C
質問 # 180
Adam works as a sales manager for Umbrella Inc. He wants to download software from the Internet. As the software comes from a site in his untrusted zone, Adam wants to ensure that the downloaded software has not been Trojaned. Which of the following options would indicate the best course of action for Adam?
- A. Compare the version of the software with the one published on the distribution media.
- B. Compare the file size of the software with the one given on the Website.
- C. Compare the file's virus signature with the one published on the distribution.
- D. Compare the file's MD5 signature with the one published on the distribution media.
正解:D
解説:
Section: Volume A
質問 # 181
Which of the following steps can be taken as countermeasures against sniffer attacks?
Each correct answer represents a complete solution. Choose all that apply.
- A. Use tools such as StackGuard and Immunix System to avoid attacks.
- B. Use encrypted protocols for all communications.
- C. Use switches instead of hubs since they switch communications, which means that information is delivered only to the predefined host.
- D. Reduce the range of the network to avoid attacks into wireless networks.
正解:B、C、D
質問 # 182
Adam, a malicious hacker is running a scan. Statistics of the scan is as follows:
Scan directed at open port: ClientServer
192.5.2.92:4079 ---------FIN--------->192.5.2.110:23192.5.2.92:4079 <----NO RESPONSE---
---192.5.2.110:23
Scan directed at closed port:
ClientServer
192.5.2.92:4079 ---------FIN--------->192.5.2.110:23
192.5.2.92:4079<-----RST/ACK----------192.5.2.110:23
Which of the following types of port scan is Adam running?
- A. ACK scan
- B. Idle scan
- C. XMAS scan
- D. FIN scan
正解:D
解説:
Section: Volume A
質問 # 183
You want to measure the number of heaps used and overflows occurred at a point in time. Which of the following commands will you run to activate the appropriate monitor?
- A. UPDATE DBM CONFIGURATION USING DFT_MON_BUFPOOL
- B. UPDATE DBM CONFIGURATION USING DFT_MON_SORT
- C. UPDATE DBM CONFIGURATION USING DFT_MON_TABLE
- D. UPDATE DBM CONFIGURATION DFT_MON_TIMESTAMP
正解:B
解説:
Section: Volume C
質問 # 184
SIMULATION
Fill in the blank with the appropriate term.
_______is the practice of monitoring and potentially restricting the flow of information outbound from one network to another
正解:
解説:
Egress filtering
質問 # 185
Which of the following is a technique for creating Internet maps?
Each correct answer represents a complete solution. Choose two.
- A. Active Probing
- B. AS PATH Inference
- C. Object Relational Mapping
- D. Network Quota
正解:A、B
質問 # 186
Which of the following tools uses common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures of the rootkits?
- A. rkhunter
- B. OSSEC
- C. chkrootkit
- D. Blue Pill
正解:C
質問 # 187
Which of the following statements are true about firewalking?
Each correct answer represents a complete solution. Choose all that apply.
- A. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.
- B. To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP
address of a host located behind the firewall. - C. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall.
- D. Firewalking works on the UDP packets.
正解:A、B、C
質問 # 188
Which of the following attacks capture the secret value like a hash and reuse it later to gain access to a system without ever decrypting or decoding the hash?
- A. Cross Site Scripting attack
- B. Replay attack
- C. Rainbow attack
- D. Hashing attack
正解:B
解説:
Section: Volume C
質問 # 189
John works as a Network Security Professional. He is assigned a project to test the security of
www.we-are-secure.com. He establishes a connection to a target host running a Web service with netcat and sends a
bad html request in order to retrieve information about the service on the host.
Which of the following attacks is John using?
- A. Banner grabbing
- B. Eavesdropping
- C. Sniffing
- D. War driving
正解:A
質問 # 190
Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP spoofing may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether. The principle of ARP spoofing is to send fake ARP messages to an Ethernet LAN. What steps can be used as a countermeasure of ARP spoofing?
Each correct answer represents a complete solution. Choose all that apply.
- A. Using IDS Sensors to check continually for large amount of ARP traffic on local subnets
- B. Using smash guard utility
- C. Using ARP Guard utility
- D. Using static ARP entries on servers, workstation and routers
- E. Using ARP watch utility
正解:A、C、D、E
質問 # 191
Who are the primary victims of smurf attacks on the contemporary Internet system?
- A. IRC servers are the primary victims to smurf attacks
- B. Mail servers are the primary victims to smurf attacks
- C. SMTP servers are the primary victims to smurf attacks
- D. FTP servers are the primary victims to smurf attacks
正解:A
質問 # 192
Which of the following tools are used as a network traffic monitoring tool in the Linux operating system?
Each correct answer represents a complete solution. Choose all that apply.
- A. Netbus
- B. Ntop
- C. IPTraf
- D. MRTG
正解:B、C、D
解説:
Section: Volume C
質問 # 193
You discover that your network routers are being flooded with broadcast packets that have the return address of one of the servers on your network. This is resulting in an overwhelming amount of traffic going back to that server and flooding it. What is this called?
- A. Blue jacking
- B. Smurf attack
- C. Syn flood
- D. IP spoofing
正解:B
解説:
Section: Volume B
質問 # 194
Which of the following can be used to perform session hijacking?
Each correct answer represents a complete solution. Choose all that apply.
- A. Session fixation
- B. ARP spoofing
- C. Cross-site scripting
- D. Session sidejacking
正解:A、C、D
質問 # 195
Which of the following tools uses common UNIX/Linux tools like the strings and grep commands to search core
system programs for signatures of the rootkits?
- A. rkhunter
- B. OSSEC
- C. chkrootkit
- D. Blue Pill
正解:C
質問 # 196
......
更新された検証済みの合格させるGCIH試験にはリアル問題と解答:https://jp.fast2test.com/GCIH-premium-file.html
最適な練習法にはGIAC GCIH試験の素晴らしいGCIH試験問題PDF:https://drive.google.com/open?id=1plMe7KyHymq11ycUL9jUwIzLKFJQI6NH