Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

GIAC CERTIFIED INCIDENT HANDLER (GCIH) –QUESTIONS AND CORRECT ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES 2026 Q&A | INSTANT DOWNLOAD PDF.

Rating
-
Sold
-
Pages
138
Grade
A+
Uploaded on
22-05-2026
Written in
2025/2026

GIAC CERTIFIED INCIDENT HANDLER (GCIH) –QUESTIONS AND CORRECT ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES 2026 Q&A | INSTANT DOWNLOAD PDF.

Institution
GIAC CERTIFIED INCIDENT HANDLER
Course
GIAC CERTIFIED INCIDENT HANDLER

Content preview

GIAC CERTIFIED INCIDENT HANDLER (GCIH) –QUESTIONS AND CORRECT
ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES 2026 Q&A | INSTANT
DOWNLOAD PDF.

Core Domains:
- Incident Handling and Digital Forensics Foundations
- Cyber Defence and Intelligence Analysis
- Computer Crime and Digital Investigations
- Memory Forensics and Malware Analysis
- Network Protocols and Traffic Analysis
- Host-Based Creative Security and Logging
- Cloud Incident Response and Security Architecture
- Covering Legal, Regulatory, and Ethical Standards

Introduction:
The GIAC Certified Incident Handler certification assessment validates a practitioner's
ability to detect, respond to, and resolve computer security incidents utilizing a structured
and comprehensive framework. This examination evaluates critical competencies across
the incident handling lifecycle, including preparation, identification, containment,
eradication, recovery, and lessons learned. Through a combination of foundational
conceptual problems and complex, scenario-based questions, candidates must
demonstrate an advanced understanding of exploit mechanics, defensive engineering,
and digital forensics. This guide emphasizes real-world application, technical decision-

,making, regulatory compliance, and strict ethical standards required to protect enterprise
infrastructure from modern threat actors.

Section One: Questions 1–100

Question 1
An incident responder discovers an ongoing exfiltration attempt via Domain Name
System (DNS) tunneling. The attacker is mapping data into subdomains of a malicious
authoritative domain. Which of the following containment actions stops the exfiltration
immediately while preserving the most forensic data on the local infrastructure?

A. Clear the local DNS resolver cache on all corporate workstations.
B. Implement a temporary block on outbound UDP and TCP port 53 at the perimeter
firewall for all internal hosts.
C. Configure the internal DNS forwarders to sinkhole queries resolving to the malicious
domain.
D. Shut down the authoritative active directory domain controllers serving the internal
network.

🟢 C. Configure the internal DNS forwarders to sinkhole queries resolving to the
malicious domain.
🔴 RATIONALE: Sinkholing the specific malicious domain at the internal DNS forwarder
level drops or redirects the traffic without disrupting the entire organization's internet
access, which would happen if port 53 were blocked globally. It preserves local host logs,

,endpoint artifacts, and prevents active alert flags from tipping off the attacker, unlike
broad network shutdowns.

Question 2
During an active investigation, an incident response analyst discovers that a system
administrator shared access credentials over an unencrypted chat channel, violating
internal security policies and industry best practices. Which component of the incident
handling process governs how this discovery should be addressed?

A. Identification
B. Eradication
C. Containment
D. Lessons Learned

🟢 D. Lessons Learned
🔴 RATIONALE: Discovering policy violations, systemic gaps, or procedural errors
during or after an incident is addressed within the Lessons Learned phase. This phase
focuses on developing remediation strategies, updating security controls, and training
staff to prevent future occurrences, rather than the active technical containment or
eradication of the current threat.

Question 3
Under the General Data Protection Regulation (GDPR), what is the maximum

, permissible timeframe for an organization to notify the relevant supervisory authority after
becoming aware of a personal data breach?

A. 24 hours
B. 48 hours
C. 72 hours
D. 96 hours

🟢 C. 72 hours
🔴 RATIONALE: Article 33 of the GDPR dictates that in the case of a personal data
breach, the data controller shall without undue delay and, where feasible, not later than
72 hours after having become aware of it, notify the personal data breach to the
supervisory authority competent in accordance with Article 55.

Question 4
A security analyst runs a netstat -anob command on a suspected Windows server and
observes an unknown process listening on TCP port 4444. This port is highly
characteristic of which default framework component?

A. PsExec remote execution utility
B. Metasploit Framework default Reverse TCP payload
C. Windows Remote Management service
D. Netcat basic listener mode

Written for

Institution
GIAC CERTIFIED INCIDENT HANDLER
Course
GIAC CERTIFIED INCIDENT HANDLER

Document information

Uploaded on
May 22, 2026
Number of pages
138
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$25.99
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller
Seller avatar
tutorcase
1.0
(1)

Get to know the seller

Seller avatar
tutorcase For state PCS, UPSC, UGC NET
View profile
Follow You need to be logged in order to follow users or courses
Sold
2
Member since
1 month
Number of followers
0
Documents
818
Last sold
1 week ago

1.0

1 reviews

5
0
4
0
3
0
2
0
1
1

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions