1. Home
  2. SANS
  3. Certified Incident Handler
  4. SEC504
  5. Hacker Tools, Techniques, Exploits and Incident Handling Questions and Answers

Pass the SANS Certified Incident Handler SEC504 Questions and answers with CertsForce

 SANS Exams      Go to Exam Detail      Get Premium Access
Viewing page 4 out of 10 pages
Viewing questions 31-40 out of questions
Questions # 31:

Which of the following characters will you use to check whether an application is vulnerable to an SQL injection attack?

Options:
A.

Dash (-)

B.

Double quote (")

C.

Single quote (')

D.

Semi colon (;)

Expert Solution
Questions # 32:

Your network is being flooded by ICMP packets. When you trace them down they come from multiple different IP addresses. What kind of attack is this?

Options:
A.

Syn flood

B.

Ping storm

C.

Smurf attack

D.

DDOS

Expert Solution
Questions # 33:

Which of the following functions can you use to mitigate a command injection attack?

Each correct answer represents a part of the solution. Choose all that apply.

Options:
A.

escapeshellarg()

B.

escapeshellcmd()

C.

htmlentities()

D.

strip_tags()

Expert Solution
Questions # 34:

You want to measure the number of heaps used and overflows occurred at a point in time. Which of the following commands will you run to activate the appropriate monitor?

Options:
A.

UPDATE DBM CONFIGURATION USING DFT_MON_TABLE

B.

UPDATE DBM CONFIGURATION DFT_MON_TIMESTAMP

C.

UPDATE DBM CONFIGURATION USING DFT_MON_BUFPOOL

D.

UPDATE DBM CONFIGURATION USING DFT_MON_SORT

Expert Solution
Questions # 35:

Which of the following attacks allows an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether?

Options:
A.

Port scanning

B.

ARP spoofing

C.

Man-in-the-middle

D.

Session hijacking

Expert Solution
Questions # 36:

You work as a Senior Marketing Manager for Umbrella Inc. You find out that some of the software applications on the systems were malfunctioning and also you were not able to access your remote desktop session. You suspected that some malicious attack was performed on the network of the company. You immediately called the incident response team to handle the situation who enquired the Network Administrator to acquire all relevant information regarding the malfunctioning. The Network Administrator informed the incident response team that he was reviewing the security of the network which caused all these problems. Incident response team announced that this was a controlled event not an incident.

Which of the following steps of an incident handling process was performed by the incident response team?

Options:
A.

Containment

B.

Eradication

C.

Preparation

D.

Identification

Expert Solution
Questions # 37:

John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?

Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

Hybrid attack

B.

Rule based attack

C.

Dictionary attack

D.

Brute Force attack

Expert Solution
Questions # 38:

Which of the following types of skills are required in the members of an incident handling team?

Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

Organizational skills

B.

Diplomatic skills

C.

Methodical skills

D.

Technical skills

Expert Solution
Questions # 39:

Fill in the blank with the appropriate option to complete the statement below.

You want to block all UDP packets coming to the Linux server using the portsentry utility. For this, you have to enable the ______ option in the portsentry configuration file.

Expert Solution
Questions # 40:

Which of the following types of scan does not open a full TCP connection?

Options:
A.

FIN scan

B.

ACK scan

C.

Stealth scan

D.

Idle scan

Expert Solution
Viewing page 4 out of 10 pages
Viewing questions 31-40 out of questions