Free GCIH Exam Braindumps (page: 8)

Page 8 of 177

John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure Website login page, he enters ='or''=' as a username and successfully logs on to the user page of the Web site. Now, John asks the we-aresecure Inc. to improve the login page PHP script. Which of the following suggestions can John give to improve the security of the we-are- secure Website login page from the SQL injection attack?

  1. Use the escapeshellarg() function
  2. Use the session_regenerate_id() function
  3. Use the mysql_real_escape_string() function for escaping input
  4. Use the escapeshellcmd() function

Answer(s): C

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. An attacker uses software that keeps trying password combinations until the correct password is found. Which type of attack is this?

  1. Denial-of-Service
  2. Man-in-the-middle
  3. Brute Force
  4. Vulnerability

Answer(s): C

You want to scan your network quickly to detect live hosts by using ICMP ECHO Requests. What type of scanning will you perform to accomplish the task?

  1. Idle scan
  2. TCP SYN scan
  3. XMAS scan
  4. Ping sweep scan

Answer(s): D

Adam, a malicious hacker is running a scan. Statistics of the scan is as follows:

Scan directed at open port: ClientServer ---------FIN---------> <----NO RESPONSE---
Scan directed at closed port:
ClientServer ---------FIN---------><-----RST/ACK----------

Which of the following types of port scan is Adam running?

  1. ACK scan
  2. FIN scan
  3. XMAS scan
  4. Idle scan

Answer(s): B

Page 8 of 177

Post your Comments and Discuss GIAC GCIH exam with other Community members:

Ram Jani 12/30/2018 6:05:35 PM
This exam dumps is ZABARDAST! Good price after discount and real content. I am happy.