GCIH Online Practice Questions and Answers

Which of the following is a network worm that exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system?

A. Win32/Agent

B. WMA/TrojanDownloader.GetCodec

C. Win32/Conflicker

D. Win32/PSW.OnLineGames

You want to perform passive footprinting against we-are-secure Inc. Web server. Which of the following tools will you use?

A. Nmap

B. Ethereal

C. Ettercap

D. Netcraft

You want to add a netbus Trojan in the chess.exe game program so that you can gain remote access to a friend's computer. Which of the following tools will you use to accomplish the task? Each correct answer represents a complete solution. (Choose all that apply.)

A. Tripwire

B. Yet Another Binder

C. Pretator Wrapper

D. Beast

Which of the following virus is a script that attaches itself to a file or template?

A. Boot sector

B. Trojan horse

C. Macro virus

D. E-mail virus

Which of the following threats is a combination of worm, virus, and Trojan horse characteristics?

A. Spyware

B. Heuristic

C. Blended

D. Rootkits

Logs show that a malicious host has remotely accessed the file "Documents and Settings:logs". At what step of the attack process is the attacker most likely operating in?

A. Establishing a backdoor

B. Using steganography

C. Initial reconnaissance

D. Port scanning

E. Covering tracks

An administrator needs to repeatedly scan a very large network with thousands of hosts, what is the best way of accomplishing this very quickly?

A. Nessus

B. Nmap

C. Masscan

D. Hping3

A company's external DNS server was used by an attacker in a DDoS attack against a third party. Which of the following configurations should be changed to prevent this from happening again?

A. Disable recursive DNS queries on the server

B. Do not allow TCP to be used for large DNS queries

C. Require DNSSEC for DNS zone transfers

D. Remove the forward lookup zone on the server

One typical way to help secure applications such as Virtual Network Computing (VNC) is to send the application traffic using which of the following?

A. Secure Copy (SCP)

B. Secure Shell (SSH)

C. rlogin

D. IKE

Where could you refer to a honeypot web page in order to lure and identify possible attackers?

A. Link on main webpage

B. www.google.com/addurl.html

C. robots.txt

D. www.google.com/remove.gtml

E. NOINDEX Meta tag