Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

GIAC CERTIFIED INCIDENT HANDLER (GCIH) –QUESTIONS AND CORRECT ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES 2026 Q&A | INSTANT DOWNLOAD PDF.

Puntuación
-
Vendido
-
Páginas
138
Grado
A+
Subido en
22-05-2026
Escrito en
2025/2026

GIAC CERTIFIED INCIDENT HANDLER (GCIH) –QUESTIONS AND CORRECT ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES 2026 Q&A | INSTANT DOWNLOAD PDF.

Institución
GIAC CERTIFIED INCIDENT HANDLER
Grado
GIAC CERTIFIED INCIDENT HANDLER

Vista previa del contenido

GIAC CERTIFIED INCIDENT HANDLER (GCIH) –QUESTIONS AND CORRECT
ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES 2026 Q&A | INSTANT
DOWNLOAD PDF.

Core Domains:
- Incident Handling and Digital Forensics Foundations
- Cyber Defence and Intelligence Analysis
- Computer Crime and Digital Investigations
- Memory Forensics and Malware Analysis
- Network Protocols and Traffic Analysis
- Host-Based Creative Security and Logging
- Cloud Incident Response and Security Architecture
- Covering Legal, Regulatory, and Ethical Standards

Introduction:
The GIAC Certified Incident Handler certification assessment validates a practitioner's
ability to detect, respond to, and resolve computer security incidents utilizing a structured
and comprehensive framework. This examination evaluates critical competencies across
the incident handling lifecycle, including preparation, identification, containment,
eradication, recovery, and lessons learned. Through a combination of foundational
conceptual problems and complex, scenario-based questions, candidates must
demonstrate an advanced understanding of exploit mechanics, defensive engineering,
and digital forensics. This guide emphasizes real-world application, technical decision-

,making, regulatory compliance, and strict ethical standards required to protect enterprise
infrastructure from modern threat actors.

Section One: Questions 1–100

Question 1
An incident responder discovers an ongoing exfiltration attempt via Domain Name
System (DNS) tunneling. The attacker is mapping data into subdomains of a malicious
authoritative domain. Which of the following containment actions stops the exfiltration
immediately while preserving the most forensic data on the local infrastructure?

A. Clear the local DNS resolver cache on all corporate workstations.
B. Implement a temporary block on outbound UDP and TCP port 53 at the perimeter
firewall for all internal hosts.
C. Configure the internal DNS forwarders to sinkhole queries resolving to the malicious
domain.
D. Shut down the authoritative active directory domain controllers serving the internal
network.

🟢 C. Configure the internal DNS forwarders to sinkhole queries resolving to the
malicious domain.
🔴 RATIONALE: Sinkholing the specific malicious domain at the internal DNS forwarder
level drops or redirects the traffic without disrupting the entire organization's internet
access, which would happen if port 53 were blocked globally. It preserves local host logs,

,endpoint artifacts, and prevents active alert flags from tipping off the attacker, unlike
broad network shutdowns.

Question 2
During an active investigation, an incident response analyst discovers that a system
administrator shared access credentials over an unencrypted chat channel, violating
internal security policies and industry best practices. Which component of the incident
handling process governs how this discovery should be addressed?

A. Identification
B. Eradication
C. Containment
D. Lessons Learned

🟢 D. Lessons Learned
🔴 RATIONALE: Discovering policy violations, systemic gaps, or procedural errors
during or after an incident is addressed within the Lessons Learned phase. This phase
focuses on developing remediation strategies, updating security controls, and training
staff to prevent future occurrences, rather than the active technical containment or
eradication of the current threat.

Question 3
Under the General Data Protection Regulation (GDPR), what is the maximum

, permissible timeframe for an organization to notify the relevant supervisory authority after
becoming aware of a personal data breach?

A. 24 hours
B. 48 hours
C. 72 hours
D. 96 hours

🟢 C. 72 hours
🔴 RATIONALE: Article 33 of the GDPR dictates that in the case of a personal data
breach, the data controller shall without undue delay and, where feasible, not later than
72 hours after having become aware of it, notify the personal data breach to the
supervisory authority competent in accordance with Article 55.

Question 4
A security analyst runs a netstat -anob command on a suspected Windows server and
observes an unknown process listening on TCP port 4444. This port is highly
characteristic of which default framework component?

A. PsExec remote execution utility
B. Metasploit Framework default Reverse TCP payload
C. Windows Remote Management service
D. Netcat basic listener mode

Escuela, estudio y materia

Institución
GIAC CERTIFIED INCIDENT HANDLER
Grado
GIAC CERTIFIED INCIDENT HANDLER

Información del documento

Subido en
22 de mayo de 2026
Número de páginas
138
Escrito en
2025/2026
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

$25.99
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF

Conoce al vendedor
Seller avatar
tutorcase
1.0
(1)

Conoce al vendedor

Seller avatar
tutorcase For state PCS, UPSC, UGC NET
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
2
Miembro desde
1 mes
Número de seguidores
0
Documentos
818
Última venta
1 semana hace

1.0

1 reseñas

5
0
4
0
3
0
2
0
1
1

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes