GCIH Practice Questions: Drive-By Attacks Domain
Test your GCIH knowledge with 5 practice questions from the Drive-By Attacks domain. Includes detailed explanations and answers.
GCIH Practice Questions
Master the Drive-By Attacks Domain
Test your knowledge in the Drive-By Attacks domain with these 5 practice questions. Each question is designed to help you prepare for the GCIH certification exam with detailed explanations to reinforce your learning.
Question 1
After isolating a system involved in a drive-by attack, what is the best initial triage step to identify the scope of the compromise?
Show Answer & Explanation
Correct Answer: A
Explanation: Checking browser history can quickly reveal suspicious URLs that may have been visited as part of the drive-by attack. This can help in identifying the source of the attack. System logs, file changes, and memory analysis are useful but typically follow the initial identification of the attack vector.
Question 2
Which tool is most appropriate for analyzing network traffic for signs of a drive-by attack?
Show Answer & Explanation
Correct Answer: A
Explanation: Wireshark is the most appropriate tool for analyzing network traffic and identifying signs of a drive-by attack, such as unusual HTTP requests or responses. Nmap (Option B) is used for network scanning, Exiftool (Option C) for metadata analysis, and Metasploit (Option D) for penetration testing, none of which are suitable for initial traffic analysis.
Question 3
During a drive-by attack investigation, you need to prioritize actions. Which of the following should be your first response after confirming the attack?
Show Answer & Explanation
Correct Answer: A
Explanation: Isolating the affected systems from the network is crucial to prevent further spread of the attack and limit data exfiltration. Notifying users, forensic imaging, and updating antivirus signatures are important but secondary actions after containment.
Question 4
In the context of a drive-by attack, why is it important to review the browser's security settings?
Show Answer & Explanation
Correct Answer: C
Explanation: Reviewing the browser's security settings is important to confirm that security features like pop-up blocking are enabled, which can prevent malicious scripts from executing. Ensuring the browser does not store passwords (Option B) and clearing cache on exit (Option D) are good practices but not directly related to preventing drive-by attacks. Checking RAM usage (Option A) is unrelated to security settings.
Question 5
Which initial step should an incident handler take to verify a drive-by attack after receiving an alert about suspicious activity on a popular website?
Show Answer & Explanation
Correct Answer: C
Explanation: Using a web proxy to monitor traffic is the best initial step to verify a drive-by attack, as it allows for real-time observation of requests and responses, potentially revealing malicious activity. Checking outbound connections (A) and browser history (B) are useful but less direct. Running a vulnerability scan (D) is not an immediate action for verification.
Ready to Accelerate Your GCIH Preparation?
Join thousands of professionals who are advancing their careers through expert certification preparation with FlashGenius.
- ✅ Unlimited practice questions across all GCIH domains
- ✅ Full-length exam simulations with real-time scoring
- ✅ AI-powered performance tracking and weak area identification
- ✅ Personalized study plans with adaptive learning
- ✅ Mobile-friendly platform for studying anywhere, anytime
- ✅ Expert explanations and study resources
Already have an account? Sign in here
About GCIH Certification
The GCIH certification validates your expertise in drive-by attacks and other critical domains. Our comprehensive practice questions are carefully crafted to mirror the actual exam experience and help you identify knowledge gaps before test day.