SBN

GCIH Certification Overview

The GIAC Certified Incident Handler (GCIH) is one of the most prestigious certs for IT professionals who are starting their journey into the world of Incident Handling, and even for seasoned employees as well. This article provides an overview of the GCIH Certification, its objectives, exam style and other relevant details.

The GCIH exam consists of the following characteristics:

  • Exam Questions:150
  • Type: Proctored
  • Time Limit: 4 Hours
  • Minimum Passing Score: 73%
  • Renewal of cert: At 4-year intervals

The GCIH cert requires the candidate to understand what a Security Incident is and to deal with an incident after it has occurred. The following are the exam objectives upon which a candidate is expected to demonstrate their skills.

  • Reconnaissance
    • Gathering information about any inbuilt tools like whois.com and be able to interpret the information generated from such them.
    • Knowledge around the DNS and how misconfiguration like DNS Zone can be identified using tools such as nslookup, dig, etc.
    • Knowledge of how to use web search engines for reconnaissance such as GHDB.
  • Scanning
    • How to map networks to reveal misconfigurations and vulnerabilities.
    • An understanding of ports mapping and OS fingerprinting.
    • How to evade certain network security tools such as IDS/IPS when launching a mock Cyber-attack.
    • Knowledge of different vulnerability management tools such as Nessus, Nikto, etc.
    • How to configure SMB mapping to gather information around the Windows environment. This includes executing various commands to map and enumerate smb shares both from Windows to Windows and Linux to Windows OS environments.
  • Exploitation
    • Gathering information and mapping network, services.
    • Knowledge around Netcat to achieve persistence and data transfer.
    • Configuring around IP address and the ability to spoof with tools like Wireshark and Dsniff etc.
    • Know the fundamentals around Session hijacking using tools like Ettercap.
    • How to launch DNS cache poisoning attacks and mitigating them (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Security Ninja. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/SyjeqBbgZGY/