GCIH問題集と練習テスト(335問題) [Q92-Q113]

Share

(2023)GCIH問題集と練習テスト(335問題)

ガイド(2023年最新)リアルなGIAC GCIH試験問題


GCIH試験は、インシデント処理と対応、ネットワークセキュリティ原則、マルウェア解析、およびフォレンジック分析など、広範なトピックをカバーしています。試験は150の多肢選択問題から構成され、受験者は4時間以内に試験を受けることができます。試験に合格するためには、受験者は少なくとも71%以上のスコアを取得する必要があります。試験に合格すると、受験者はGCIH認定を受け取り、4年間有効であり、再認定試験を受けるか、継続教育クレジットを取得することで更新することができます。


GCIH認定は、インシデント対応に特化したITプロフェッショナルの基準として広く認知されています。この認定は、雇用主に高く評価され、認定保持者はIT業界で高い需要があります。GCIH認定は、ITプロフェッショナルがキャリアを進め、収益性を高め、インシデント対応と対応に関するスキルと知識を向上させるのに役立ちます。

 

質問 # 92
Firewalking is a technique that can be used to gather information about a remote network protected by a firewall. This technique can be used effectively to perform information gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall. Which of the following are pre-requisites for an attacker to conduct firewalking?
Each correct answer represents a complete solution. Choose all that apply.

  • A. There should be a backdoor installed on the network.
  • B. ICMP packets leaving the network should be allowed.
  • C. An attacker should know the IP address of the last known gateway before the firewall.
  • D. An attacker should know the IP address of a host located behind the firewall.

正解:B、C、D

解説:
Section: Volume C


質問 # 93
You enter the following URL on your Web browser:
http://www.we-are-secure.com/scripts/..%co%af../..%co%
af../windows/system32/cmd.exe?/c+dir+c:\
What kind of attack are you performing?

  • A. URL obfuscating
  • B. Replay
  • C. Session hijacking
  • D. Directory traversal

正解:D


質問 # 94
Which of the following statements are true about session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Use of a long random number or string as the session key reduces session hijacking.
  • B. It is used to slow the working of victim's network resources.
  • C. It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.
  • D. TCP session hijacking is when a hacker takes over a TCP session between two machines.

正解:A、C、D

解説:
Section: Volume A


質問 # 95
Which of the following tools can be used for network sniffing as well as for intercepting conversations through session
hijacking?

  • A. Tripwire
  • B. IPChains
  • C. Hunt
  • D. Ethercap

正解:C


質問 # 96
Which of the following US Acts emphasized a "risk-based policy for cost-effective security" and makes mandatory for agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the agency's information security program and report the results to Office of Management and Budget?

  • A. The Fair Credit Reporting Act (FCRA)
  • B. Federal Information Security Management Act of 2002 (FISMA)
  • C. The Electronic Communications Privacy Act of 1986 (ECPA)
  • D. The Equal Credit Opportunity Act (ECOA)

正解:B

解説:
Section: Volume B


質問 # 97
Many organizations create network maps of their network system to visualize the network and understand the
relationship between the end devices and the transport layer that provide services.
Which of the following are the techniques used for network mapping by large organizations?
Each correct answer represents a complete solution. Choose three.

  • A. Route analytics
  • B. Packet crafting
  • C. Active Probing
  • D. SNMP-based approaches

正解:A、C、D


質問 # 98
Which of the following programs is used for bypassing normal authentication for securing remote access to a computer?

  • A. Spyware
  • B. Adware
  • C. Worm
  • D. Backdoor

正解:D


質問 # 99
Which of the following attacks allows an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether?

  • A. Session hijacking
  • B. ARP spoofing
  • C. Man-in-the-middle
  • D. Port scanning

正解:B


質問 # 100
Which of the following are open-source vulnerability scanners?

  • A. NetRecon
  • B. Nessus
  • C. Hackbot
  • D. Nikto

正解:B、C、D

解説:
Section: Volume B


質問 # 101
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except the ports that must be used. He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about the programs like Hping2 that can get into a network through covert channels.
Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?

  • A. Block ICMP type 3 messages
  • B. Block all outgoing traffic on port 21
  • C. Block all outgoing traffic on port 53
  • D. Block ICMP type 13 messages

正解:D


質問 # 102
Which of the following ensures that a party to a dispute cannot deny the authenticity of their signature on a document or the sending of a message that they originated?

  • A. Reconnaissance
  • B. OS fingerprinting
  • C. Confidentiality
  • D. Non-repudiation

正解:D

解説:
Section: Volume C


質問 # 103
You want to integrate the Nikto tool with nessus vulnerability scanner. Which of the following steps will you take to accomplish the task?
Each correct answer represents a complete solution. Choose two.

  • A. Place the directory containing nikto.pl in root's PATH environment variable.
  • B. Restart nessusd service.
  • C. Place nikto.pl file in the /var/www directory.
  • D. Place nikto.pl file in the /etc/nessus directory.

正解:A、B


質問 # 104
Which of the following statements is true about the difference between worms and Trojan horses?

  • A. Worms can be distributed through emails while Trojan horses cannot.
  • B. Trojan horses are harmful to computers while worms are not.
  • C. Worms replicate themselves while Trojan horses do not.
  • D. Trojan horses are a form of malicious codes while worms are not.

正解:C


質問 # 105
Adam, a malicious hacker is running a scan. Statistics of the scan is as follows:
Scan directed at open port:
ClientServer
192.5.2.92:4079 ---------FIN--------->192.5.2.110:23192.5.2.92:4079 <----NO RESPONSE---
---192.5.2.110:23
Scan directed at closed port:
ClientServer
192.5.2.92:4079 ---------FIN--------->192.5.2.110:23
192.5.2.92:4079<-----RST/ACK----------192.5.2.110:23
Which of the following types of port scan is Adam running?

  • A. FIN scan
  • B. ACK scan
  • C. XMAS scan
  • D. Idle scan

正解:A


質問 # 106
Which of the following ensures that the investigation process of incident response team does not break any laws during the response to an incident?

  • A. Information Security representative
  • B. Legal representative
  • C. Lead Investigator
  • D. Human Resource

正解:B


質問 # 107
You want to connect to your friend's computer and run a Trojan on it. Which of the following tools will you use to
accomplish the task?

  • A. PSExec
  • B. Hk.exe
  • C. GetAdmin.exe
  • D. Remoxec

正解:A


質問 # 108
Which of the following provides packet-level encryption between hosts in a LAN?

  • A. IPsec
  • B. PPTP
  • C. Tunneling protocol
  • D. PFS

正解:A

解説:
Section: Volume C


質問 # 109
Adam works as a Senior Programmer for Umbrella Inc. A project has been assigned to him to write a short program to gather user input for a Web application. He wants to keep his program neat and simple. His chooses to use printf(str) where he should have ideally used printf("%s", str).
What attack will his program expose the Web application to?

  • A. Cross Site Scripting attack
  • B. Sequence++ attack
  • C. Format string attack
  • D. SQL injection attack

正解:C


質問 # 110
CORRECT TEXT
Fill in the blank with the appropriate term.
_______is the practice of monitoring and potentially restricting the flow of information outbound from one network to another

正解:

解説:
Egress filtering


質問 # 111
Which of the following are the limitations for the cross site request forgery (CSRF) attack?
Each correct answer represents a complete solution. Choose all that apply.

  • A. The target site should authenticate in GET and POST parameters, not only cookies.
  • B. The target site should have limited lifetime authentication cookies.
  • C. The attacker must target a site that doesn't check the referrer header.
  • D. The attacker must determine the right values for all the form inputs.

正解:C、D


質問 # 112
Which of the following steps of incident response is steady in nature?

  • A. Recovery
  • B. Containment
  • C. Preparation
  • D. Eradication

正解:C


質問 # 113
......


GIAC GCIH 認定試験は、インシデントの処理と対応における専門知識を証明したいセキュリティ専門家にとって必須の資格です。この試験は、広範な知識と経験が求められる厳しい試験ですが、個人のキャリアアップや業界での認知度を高めることができます。この認定は、世界中の主要な組織によって広く認知され、専門家として競争力のある就職市場で個人が際立つのに役立ちます。

 

GCIH試験問題集パスできる2023年最新の認証された試験問題:https://jp.fast2test.com/GCIH-premium-file.html

GCIH試験問題リアルな最新問題PDF:https://drive.google.com/open?id=1plMe7KyHymq11ycUL9jUwIzLKFJQI6NH


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어