top of page
  • Writer's pictureKaty Morgan

Introduction to GIAC Certified Incident Handler (GCIH) Exam

The GIAC Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the GCIH certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. These study guide for the GIAC Incident Handler will help guide you through the study process for your certification.





GCIH GIAC Incident Handler Exam Summary


Exam Name:- Incident Handler

Exam Code: GCIH

Exam Price: $1699 (USD)

Duration: 240 mins

Number of Questions: 150

Passing Score: 73%

Schedule Exam: Pearson VUE

Sample Questions: GIAC GCIH Sample Questions


Exam Syllabus: GCIH GIAC Certified Incident Handler (GCIH)


1. Incident Handling: Identification

- The candidate will demonstrate an understanding of important strategies to gather events, analyze them, and determine if we have an incident.


2. Incident Handling: Overview and Preparation

- The candidate will demonstrate an understanding of what Incident Handling is, why it is important, and an understanding of best practices to take in preparation for an Incident.


3. Client Attacks

- The candidate will demonstrate an understanding of various client attacks and how to defend against them.


4. Covering Tracks: Networks

- The candidate will demonstrate an understanding of how attackers use tunneling and covert channels to cover their tracks on a network, and the strategies involved in defending against them.


5. Covering Tracks: Systems

- The candidate will demonstrate an understanding of how attackers hide files and directories on Windows and Linux hosts and how they attempt to cover their tracks.


6. Denial of Service Attacks

- The candidate will demonstrate a comprehensive understanding of the different kinds of Denial of Service attacks and how to defend against them.


7. Incident Handling: Containment

- The candidate will demonstrate an understanding of high-level strategies to prevent an attacker from causing further damage to the victim after discovering the incident.


8. Incident Handling: Eradication, Recovery, and Lessons Learned

- The candidate will demonstrate an understanding of the general approaches to get rid of the attacker's artifacts on compromised machines, the general strategy to safely restore operations, and the importance of the incident report and lessons learned meetings.


9. Network Attacks

- The candidate will demonstrate an understanding of various network attacks and how to defend against them.


10. Overflow Attacks

- The candidate will demonstrate an understanding of how overflow attacks work and how to defend against them.


11. Password Attacks

- The candidate will demonstrate a detailed understanding of the three methods of password cracking.


12. Reconnaissance

- The candidate will demonstrate an understanding of public and open source reconnaissance techniques.


13. Scanning: Discovery and Mapping

- The candidate will demonstrate an understanding of scanning fundamentals; to discover and map networks and hosts, and reveal services and vulnerabilities.


14. Scanning: Techniques and Defense

- The candidate will demonstrate an understanding of the techniques and tools used in scanning, and how to response and prepare against scanning.


15. Session Hijacking and Cache Poisoning

- The candidate will demonstrate an understanding of tools and techniques used to perform session hijacking and cache poisoning, and how to respond and prepare against these attacks.


16. Techniques for maintaining access

- The candidate will demonstrate an understanding of how backdoors, trojan horses, and rootkits operate, what their capabilities are and how to defend against them.


17. Web Application Attacks

- The candidate will demonstrate an understanding of the value of the Open Web Application Security Project (OWASP), as well as different Web App attacks such as account harvesting, SQL injection, Cross-Site Scripting and other Web Session attacks.


18. Worms, Bots & Bot-Nets

- The candidate will demonstrate a detailed understanding of what worms, bots and bot-nets are, and how to protect against them.


GIAC GCIHCertification Sample Questions and Answers

To make you familiar with GIAC Incident Handler (GCIH) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for GIAC Incident Handler GCIHCertification to test your understanding of GIAC GCIHprocess with real GIAC certification exam environment.


GCIHGIAC Incident Handler Sample Questions:-


01. What is the major difference between a worm and a Trojan horse?

a) A worm spreads via e-mail, while a Trojan horse does not.

b) A worm is a form of malicious program, while a Trojan horse is a utility.

b) A worm is self replicating, while a Trojan horse is not.

d) A Trojan horse is a malicious program, while a worm is an anti-virus software.


02. Which of the following types of attacks is the result of vulnerabilities in a program due to poor programming techniques?

a) Evasion attack

b) Denial-of-Service (DoS) attack

c) Ping of death attack

d) Buffer overflow attack


03. You enter the netstat -an command in the command prompt and you receive intimation that port number 7777 is open on your computer. Which of the following Trojans may be installed on your computer?

a) NetBus

b) QAZ

c) Donald Dick

d) Tini


04. Which of the following types of attacks is only intended to make a computer resource unavailable to its users?

a) Denial of Service attack

b) Replay attack

c) Teardrop attack

d) Land attack


05. In which of the following DoS attacks does an attacker send an ICMP packet larger than 65,536 bytes to the target system?

a) Ping of death

b) Jolt

c) Fraggle

d) Teardrop


06. Which of the following statements about Ping of Death attack is true?

a) In this type of attack, a hacker sends more traffic to a network address than the buffer can handle.

b) This type of attack uses common words in either upper or lower case to find a password.

c) In this type of attack, a hacker maliciously cuts a network cable.

d) In this type of attack, a hacker sends ICMP packets greater than 65,536 bytes to crash a system.


07. What is the purpose of configuring a password protected screen saver on a computer?

a) For preventing unauthorized access to a system.

b) For preventing a system from a Denial of Service (DoS) attack.

c) For preventing a system from a social engineering attack.

d) For preventing a system from a back door attack.


08. In which of the following attacking methods does an attacker distribute incorrect IP address?

a) IP spoofing

b) Mac flooding

c) DNS poisoning

d) Man-in-the-middle


09. A user is sending a large number of protocol packets to a network in order to saturate its resources and to disrupt connections to prevent communications between services. Which type of attack is this?

a) Vulnerability attack

b) Impersonation attack

c) Social Engineering attack

d) Denial-of-Service attack


10. Which of the following statements are true about tcp wrappers?

a) tcp wrapper provides access control, host address spoofing, client username lookups, etc.

b) When a user uses a TCP wrapper, the inetd daemon runs the wrapper program tcpd instead of running the server program directly.

c) tcp wrapper allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens to filter for access control purposes.

d) tcp wrapper protects a Linux server from IP address spoofing.


Answers:-

Answer 1 :- C

Answer 2 :- D

Answer 3 :- D

Answer 4 :- A

Answer 5 :- A

Answer 6 :- D

Answer 7 :- A

Answer 8 :- C

Answer 9 :- D

Answer 10:- A, B, C

54 views0 comments
bottom of page