Microsoft
Amazon
CompTIA
Salesforce
Cisco®
SAP
PMI
ISC
ISACA
VMware
HP
Palo Alto Networks
EC-Council
LPI
Google
Fortinet
All Vendors
  2. Home
  3. Exam List
  4. GIAC
  5. GCIH

GIAC Certified Incident Handler
GCIH Exam

Which of the following functions can you use to mitigate a command injection attack? Each correct answer represents a part of the solution. (Choose all that apply.)

  1. escapeshellarg()
  2. escapeshellcmd()
  3. htmlentities()
  4. strip_tags()

Answer(s): A,B



Which of the following takes control of a session between a server and a client using TELNET, FTP, or any other non-encrypted TCP/IP utility?

  1. Dictionary attack
  2. Session Hijacking
  3. Trojan horse
  4. Social Engineering

Answer(s): B



Adam works as a Senior Programmer for Umbrella Inc. A project has been assigned to him to write a short program to gather user input for a Web application. He wants to keep his program neat and simple. His chooses to use printf(str) where he should have ideally used printf("%s", str).

What attack will his program expose the Web application to?

  1. Format string attack
  2. Cross Site Scripting attack
  3. SQL injection attack
  4. Sequence++ attack

Answer(s): A



Adam works as a sales manager for Umbrella Inc. He wants to download software from the Internet. As the software comes from a site in his untrusted zone, Adam wants to ensure that the downloaded software has not been Trojaned. Which of the following options would indicate the best course of action for Adam?

  1. Compare the file size of the software with the one given on the Website.
  2. Compare the version of the software with the one published on the distribution media.
  3. Compare the file's virus signature with the one published on the distribution.
  4. Compare the file's MD5 signature with the one published on the distribution media.

Answer(s): D




Nirmala Ch
very useful
- INDIA
Upvote


Fadil
It is very good
- Anonymous
Upvote


MD. MAZBAHUL KARIM
This is a superb site for practice.
- Anonymous
Upvote


MD. MAZBAHUL KARIM
This is a superb site for quality exam, I really appreciate this site.
- Anonymous
Upvote


PJT
Need for preparing to Certification exam
- Anonymous
Upvote


Mohan Krishna, arevrapu
I need it please sent asap in 2 days
- INDIA
Upvote


Dan
Ans to 355 is wrong, pls have a certified to work on the answers again pls
- Anonymous
Upvote


dnllin
366 Ans Hypervisor-level software patching is wrong, should be B - Customers are responsible for managing their data (including encryption options) Why there are so many wrong answers?
- UNITED STATES
Upvote


dnllin
Q342: Which AWS service or feature for technical assistance is available to a user who has the AWS Basic Support plan? - Ans AWS senior support engineers is wrong. Should be D. Basic Support offers support for account and billing questions and service quota increases. The other plans offer a number of technical support cases with pay-by-the-month pricing and no long-term contracts.
- UNITED STATES
Upvote


Dnllin
Which AWS services or features enable users to connect on-premises networks to a VPC? (Choose two.) Answer(s): A,D. D (VPC peering) is wrong. C is correct - AWS Direct Connect. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office,
- UNITED STATES
Upvote

Read more ...