GIAC Certified Incident Handler

Here you have the best GIAC GCIH practice exam questions

  • You have 842 total questions across 169 pages (5 per page)
  • These questions were last updated on February 19, 2026
  • This site is not affiliated with or endorsed by GIAC.
Question 1 of 842
Adam works as an Incident Handler for Umbrella Inc. He has been sent to the California unit to train the members of the incident response team. As a demo project he asked members of the incident response team to perform the following actions:
✑ Remove the network cable wires.
✑ Isolate the system on a separate VLAN
✑ Use a firewall or access lists to prevent communication into or out of the system.
✑ Change DNS entries to direct traffic away from compromised system
Which of the following steps of the incident handling process includes the above actions?
Answer

Suggested Answer

The suggested answer is B.

The steps listed such as removing network cables, isolating the system, using firewalls or access lists to block communication, and changing DNS entries are all measures aimed at preventing the spread of the incident and mitigating further damage. These actions are part of the Containment phase in the incident handling process. Containment focuses on limiting the scope and impact of an incident.

Community Votes

No votes yet

Join the discussion to cast yours

Question 2 of 842
Adam, a novice computer user, works primarily from home as a medical professional. He just bought a brand new Dual Core Pentium computer with over 3 GB of
RAM. After about two months of working on his new computer, he notices that it is not running nearly as fast as it used to. Adam uses antivirus software, anti- spyware software, and keeps the computer up-to-date with Microsoft patches. After another month of working on the computer, Adam finds that his computer is even more noticeably slow. He also notices a window or two pop-up on his screen, but they quickly disappear. He has seen these windows show up, even when he has not been on the Internet. Adam notices that his computer only has about 10 GB of free space available. Since his hard drive is a 200 GB hard drive, Adam thinks this is very odd.
Which of the following is the mostly likely the cause of the problem?
Answer

Suggested Answer

The suggested answer is C.

Adam's computer shows signs of being infected with the Stealth Trojan Virus. The symptoms described, such as the computer slowing down progressively, unexpected pop-up windows even when not connected to the internet, and a significant amount of hard drive space being used up despite antivirus and anti-spyware measures, are indicative of a Trojan. Trojans often disguise themselves as legitimate software and consume resources while carrying out malicious activities, which aligns with the behavior Adam's computer is exhibiting.

Community Votes

No votes yet

Join the discussion to cast yours

Question 3 of 842
Which of the following types of attacks is only intended to make a computer resource unavailable to its users?
Answer

Suggested Answer

The suggested answer is A.

A Denial of Service attack is intended to make a computer resource unavailable to its users by overwhelming the system with a flood of internet traffic, causing disruption or complete shutdown of the targeted service.

Community Votes2 votes
ASuggested
100%
Question 4 of 842
Which of the following types of attack can guess a hashed password?
Answer

Suggested Answer

The suggested answer is A.

A brute force attack involves systematically trying all possible combinations of characters to guess a password. When applied to hashed passwords, the attacker would try different inputs, hash each one, and compare the resulting hash to the target hash to find a match. This is the correct type of attack for guessing hashed passwords.

Community Votes

No votes yet

Join the discussion to cast yours

Question 5 of 842
In which of the following DoS attacks does an attacker send an ICMP packet larger than 65,536 bytes to the target system?
Answer

Suggested Answer

The suggested answer is A.

A Ping of Death attack involves sending an ICMP packet that is larger than the maximum size allowed by the IP protocol (65,536 bytes). This large packet can cause the target system to crash, reboot, or hang.

Community Votes

No votes yet

Join the discussion to cast yours

About the GIAC GCIH Certification Exam

About the Exam

The GIAC GCIH (GIAC Certified Incident Handler) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 842 practice questions across 169 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our GCIH questions are regularly updated to reflect the latest exam objectives.