GCIH Pre-Exam Practice Tests (Updated 335 Questions) [Q106-Q129]

Q106. Adam is a novice Web user. He chooses a 22 letters long word from the dictionary as his password.
How long will it take to crack the password by an attacker?

Q107. Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use Steganographic file system method to
encrypt and hide some secret information. Which of the following disk spaces will he use to store this secret
information?
Each correct answer represents a complete solution. Choose all that apply.

Q108. Which of the following malicious software travels across computer networks without the assistance of a user?

Q109. Which of the following attacks capture the secret value like a hash and reuse it later to gain access to a system without ever decrypting or decoding the hash?

Q110. Which of the following characters will you use to check whether an application is vulnerable to an SQL injection attack?

Q111. Victor works as a professional Ethical Hacker for SecureEnet Inc. He wants to scan the wireless network of the company. He uses a tool that is a free open-source utility for network exploration. The tool uses raw IP packets to determine the following:
What ports are open on our network systems.
What hosts are available on the network.
Identify unauthorized wireless access points.
What services (application name and version) those hosts are offering.
What operating systems (and OS versions) they are running.
What type of packet filters/firewalls are in use.
Which of the following tools is Victor using?

Q112. Which of the following techniques is used when a system performs the penetration testing with the objective of
accessing unauthorized information residing inside a computer?

Q113. Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?

Q114. Which of the following is a reason to implement security logging on a DNS server?

Q115. In which of the following malicious hacking steps does email tracking come under?

Q116. Which of the following types of attacks is the result of vulnerabilities in a program due to poor programming techniques?

Q117. Which of the following is the Web 2.0 programming methodology that is used to create Web pages that are dynamic and interactive?

Q118. You are an Incident manager in Orangesect.Inc. You have been tasked to set up a new extension of your enterprise. The networking, to be done in the new extension, requires different types of cables and an appropriate policy that will be decided by you. Which of the following stages in the Incident handling process involves your decision making?

Q119. Which of the following rootkits is used to attack against full disk encryption systems?

Q120. SIMULATION
Fill in the blank with the appropriate name of the tool.
______ scans for rootkits by comparing SHA-1 hashes of important files with known good ones in online database.

Q121. Which of the following protocols is a maintenance protocol and is normally considered a part of the IP layer, but has
also been used to conduct denial-of-service attacks

Q122. The IT administrator wants to implement a stronger security policy. What are the four most important security priorities for PassGuide Software Systems Pvt. Ltd.?

Q123. Brutus is a password cracking tool that can be used to crack the following authentications:
l HTTP (Basic Authentication) l HTTP (HTML Form/CGI) l POP3 (Post Office Protocol v3) l FTP (File Transfer Protocol) l SMB (Server Message Block) l Telnet
Which of the following attacks can be performed by Brutus for password cracking? Each correct answer represents a complete solution. Choose all that apply.

Q124. Which of the following is used to determine the range of IP addresses that are mapped to a live hosts?

Q125. You work as a Network Administrator for Marioxnet Inc. You have the responsibility of handling two routers with BGP protocol for the enterprise’s network. One of the two routers gets flooded with an unexpected number of data packets, while the other router starves with no packets reaching it. Which of the following attacks can be a potential cause of this?

Q126. Which of the following can be used as a countermeasure against the SQL injection attack?
Each correct answer represents a complete solution. Choose two.

Q127. You run the following bash script in Linux:
for i in ‘cat hostlist.txt’ ;do
nc -q 2 -v $i 80 < request.txt done
Where, hostlist.txt file contains the list of IP addresses and request.txt is the output file. Which of the following tasks do you want to perform by running this script?

Q128. Which of the following types of attacks is mounted with the objective of causing a negative impact on the performance of a computer or network?

Q129. Adam has installed and configured his wireless network. He has enabled numerous security features such as changing
the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Adam notices that when
he uses his wireless connection, the speed is sometimes 16 Mbps and sometimes it is only 8 Mbps or less. Adam
connects to the management utility wireless router and finds out that a machine with an unfamiliar name is
connected through his wireless connection. Paul checks the router’s logs and notices that the unfamiliar machine has
the same MAC address as his laptop.
Which of the following attacks has been occurred on the wireless network of Adam?