Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. GIAC
  3. Security Administration
  4. GCIA - GCIA – GIAC Certified Intrusion Analyst Practice Test

GIAC GCIA GCIA – GIAC Certified Intrusion Analyst Practice Test Exam Practice Test

Demo: 76 questions
Total 508 questions
Get GCIA Full Access Download GCIA PDF

GCIA – GIAC Certified Intrusion Analyst Practice Test Questions and Answers

Question 1

Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?

Options:

A.

Linux Live CD

B.

DOS boot disk

C.

Secure Authentication for EnCase (SAFE)

D.

EnCase with a hardware write blocker

Question 2

Which of the following NETSH commands for interface Internet protocol version 4 (IPv4) is used to delete a DNS server or all DNS servers from a list of DNS servers for a specified interface or for all interfaces?

Options:

A.

disable dnsserver

B.

alter dnsserver

C.

delete dnsserver

D.

remove dnsserver

Question 3

What is the maximum size of an IP datagram for Ethernet?

Options:

A.

1200 bytes

B.

1024 bytes

C.

1500 bytes

D.

4500 bytes

Question 4

Which of the following can be applied as countermeasures against DDoS attacks?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Limiting the amount of network bandwidth

B.

Blocking IP address

C.

Using LM hashes for passwords

D.

Using Intrusion detection systems

E.

Using the network-ingress filtering

Question 5

Which of the following is a technique of attacks in which the attacker secretly listens to the private conversation between victims?

Options:

A.

Dialler attack

B.

Denial of service

C.

Eavesdropping

D.

Intrusion

Question 6

What is the name of the first computer virus that infected the boot sector of the MS-DOS operating system?

Options:

A.

Stoner

B.

Code Red

C.

Brain

D.

Sircam

Question 7

How many bits does IPv6 use in IP addresses?

Options:

A.

40 bits

B.

32 bits

C.

64 bits

D.

128 bits

Question 8

Which of the following DoS attacks points the Central Processing Unit (CPU) to a non-existent memory location causing the running process to end abruptly?

Options:

A.

Buffer Overflow attack

B.

Teardrop attack

C.

Fraggle attack

D.

Snork attack

Question 9

Allen works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a computer, which is used by the suspect to sexually harass the victim using instant messenger program. Suspect's computer runs on Windows operating system. Allen wants to recover password from instant messenger program, which suspect is using, to collect the evidence of the crime. Allen is using Helix Live for this purpose. Which of the following utilities of Helix will he use to accomplish the task?

Options:

A.

Asterisk Logger

B.

Access PassView

C.

Mail Pass View

D.

MessenPass

Question 10

Which of the following statements are true about snort?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It develops a new signature to find vulnerabilities.

B.

It detects and alerts a computer user when it finds threats such as buffer overflows, stealth port scans, CGI attacks, SMB probes and NetBIOS queries, NMAP and other port scanners, well-known backdoors and system vulnerabilities, and DDoS clients.

C.

It encrypts the log file using the 256 bit AES encryption scheme algorithm.

D.

It is used as a passive trap to record the presence of traffic that should not be found on a network, such as NFS or Napster connections.

Question 11

This tool is known as __________.

Options:

A.

Kismet

B.

Absinthe

C.

NetStumbler

D.

THC-Scan

Question 12

Which of the following is an exact duplicate of computer's hard drive?

Options:

A.

system image

B.

bit-stream image

C.

data image

D.

drive image

Question 13

Which of the following algorithms produces a digital signature which is used to authenticate the bit-stream images?

Options:

A.

MD6

B.

MD5

C.

BOINIC

D.

HashClash

Question 14

Which of the following proxy servers can be used for spamming?

Options:

A.

Caching proxy server

B.

Web proxy server

C.

Open proxy server

D.

Anonymizing proxy server

Question 15

Which of the following is NOT the primary type of firewall?

Options:

A.

Network firewall

B.

Proxy based firewall

C.

Stateful inspection firewall

D.

Packet filter firewall

Question 16

Sandra, a novice computer user, works on Windows environment. She experiences some problem regarding bad sectors formed in a hard disk of her computer. She wants to run CHKDSK command to check the hard disk for bad sectors and to fix the errors, if any, occurred. Which of the following switches will she use with CHKDSK command to accomplish the task?

Options:

A.

CHKDSK /I

B.

CHKDSK /R /F

C.

CHKDSK /C /L

D.

CHKDSK /V /X

Question 17

Routers work at which layer of the OSI reference model?

Options:

A.

Transport

B.

Physical

C.

Presentation

D.

Network

Question 18

You work as a Network Administrator for Tech Perfect Inc. Your company has a Windows 2000- based network. You want to verify the connectivity of a host in the network. Which of the following utilities will you use?

Options:

A.

PING

B.

TELNET

C.

NETSTAT

D.

TRACERT

Question 19

Which of the following is NOT an Intrusion Detection System?

Options:

A.

Fragroute

B.

Stunnel

C.

Samhain

D.

AIDE

Question 20

Victor wants to use Wireless Zero Configuration (WZC) to establish a wireless network connection using his computer running on Windows XP operating system. Which of the following are the most likely threats to his computer?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Attacker can use the Ping Flood DoS attack if WZC is used.

B.

Information of probing for networks can be viewed using a wireless analyzer and may be used to gain access.

C.

It will not allow the configuration of encryption and MAC filtering. Sending information is not secure on wireless network.

D.

Attacker by creating a fake wireless network with high power antenna cause Victor's computer to associate with his network to gain access.

Question 21

Which of the following sectors on a hard disk contains codes that the computer uses to start the system?

Options:

A.

Sector 256

B.

Sector 0

C.

Sector 1

D.

Sector 128

Question 22

Which of the following switches is used with Pslist command on the command line to show the statistics for all active threads on the system, grouping these threads with their owning process?

Options:

A.

Pslist -x

B.

Pslist -m

C.

Pslist -t

D.

Pslist -d

Question 23

Which of the following wireless security features provides the best wireless security mechanism?

Options:

A.

WPA

B.

WPA with Pre Shared Key

C.

WPA with 802.1X authentication

D.

WEP

Question 24

Which of the following groups provides tools and creates procedures for testing and validating computer forensic software?

Options:

A.

Society of Forensic Tools and Testing (SFTT)

B.

National Institute of Standards and Technology (NIST)

C.

Association of Computer Forensic Standards (ACFS)

D.

Forensic Tool and Standards Committee (FTSC)

Question 25

Smith works as a Network Administrator for HCP Inc. He sets up a DNS server on the network and enables DNS service on all computers. However, DNS is not working properly. Which of the following commands should Smith use to verify the DNS configuration?

Options:

A.

ping

B.

nslookup

C.

tracert

D.

pathping

Question 26

Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform acts like account hijacking, history theft etc. Which of the following types of Cross-Site Scripting attack Ryan intends to do?

Options:

A.

SAX

B.

Persistent

C.

Document Object Model (DOM)

D.

Non persistent

Question 27

A firewall is a combination of hardware and software, used to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Which of the following tools works as a firewall for the Linux 2.4 kernel?

Options:

A.

Stunnel

B.

IPTables

C.

IPChains

D.

OpenSSH

Question 28

Which of the following user authentications are supported by the SSH-1 protocol but not by the SSH-2 protocol?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

TIS authentication

B.

Rhosts (rsh-style) authentication

C.

Kerberos authentication

D.

Password-based authentication

Question 29

Which of the following utilities is used for decrypting WEP encryption on an 802.11b network?

Options:

A.

Wireshark

B.

NetStumbler

C.

Airsnort

D.

Kismet

Question 30

Which of the following is the ability of a hacker to determine the nature of the network?

Options:

A.

Investigating

B.

Profiling

C.

Sniffing

D.

Intruding

Question 31

Peter, a malicious hacker, wants to perform an attack. He first compromises computers distributed across the internet and then installs specialized software on these computers. He then instructs the compromised hosts to execute the attack. Every host can then be used to launch its own attack on the target computers. Which of the following attacks is Peter performing?

Options:

A.

Ping of Death attack

B.

DDoS attack

C.

SYN flood attack

D.

Teardrop attack

Question 32

Which of the following Windows Registry key contains the password file of the user?

Options:

A.

HKEY_USER

B.

HKEY_DYN_DATA

C.

HKEY_LOCAL_MACHINE

D.

HKEY_CURRENT_CONFIG

Question 33

Which of the following ports can be used for IP spoofing?

Options:

A.

Whois 43

B.

POP 110

C.

NNTP 119

D.

Rlogin 513

Question 34

John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Brute Force attack

B.

Dictionary attack

C.

Rule based attack

D.

Hybrid attack

Question 35

You work as a Network Administrator for McRobert Inc. You want to know the NetBIOS name of your computer. Which of the following commands will you use?

Options:

A.

NETSTAT -n

B.

NETSTAT -s

C.

NBTSTAT -n

D.

NBTSTAT -s

Question 36

Which of the following programs in UNIX is used to identify and fix lost blocks or orphans?

Options:

A.

File Check (fck)

B.

Block Check (bsck)

C.

Lost Block (lck)

D.

Filesystem Check (fsck)

Question 37

Which of the following IP packet elements is responsible for authentication while using IPSec?

Options:

A.

Authentication Header (AH)

B.

Layer 2 Tunneling Protocol (L2TP)

C.

Internet Key Exchange (IKE)

D.

Encapsulating Security Payload (ESP)

Question 38

Which of the following is the best method of accurately identifying the services running on a victim host?

Options:

A.

Use of hit and trial method to guess the services and ports of the victim host.

B.

Use of a port scanner to scan each port to confirm the services running.

C.

Use of a vulnerability scanner to try to probe each port to verify which service is running.

D.

Use of the manual method of telnet to each of the open ports.

Question 39

Peter, a malicious hacker, obtains e-mail addresses by harvesting them from postings, blogs, DNS listings, and Web pages. He then sends large number of unsolicited commercial e-mail (UCE) messages on these addresses. Which of the following e-mail crimes is Peter committing?

Options:

A.

E-mail spoofing

B.

E-mail bombing

C.

E-mail Storm

D.

E-mail Spam

Question 40

Which of the following IPv6 transition technologies is used by the DirectAccess if a user is in a remote location and a public IPv4 address, instead of public IPv6 address, has been assigned to the computer?

Options:

A.

ISATAP

B.

PortProxy

C.

6to4

D.

Teredo

Question 41

John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?

Options:

A.

Insertion attack

B.

Session splicing attack

C.

Evasion attack

D.

Polymorphic shell code attack

Question 42

Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:

1. Smoothening and decreasing contrast by averaging the pixels of the area where significant color transitions occurs.

2. Reducing noise by adjusting color and averaging pixel value.

3. Sharpening, Rotating, Resampling, and Softening the image.

Which of the following Steganography attacks is Victor using?

Options:

A.

Chosen-Stego Attack

B.

Active Attacks

C.

Stegdetect Attack

D.

Steg-Only Attack

Question 43

Which of the following tools can be used for passive OS fingerprinting?

Options:

A.

dig

B.

nmap

C.

ping

D.

tcpdump

Question 44

What are the limitations of the POP3 protocol?

Each correct answer represents a complete solution. Choose three.

Options:

A.

E-mails can be retrieved only from the Inbox folder of a mailbox. E-mails stored in any other folder are not accessible.

B.

It is only a retrieval protocol. It is designed to work with other applications that provide the ability to send e-mails.

C.

It does not support retrieval of encrypted e-mails.

D.

It uses less memory space.

Question 45

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.

You have configured a firewall on the network. A filter has been applied to block all the ports. You want to enable sending and receiving of emails on the network. Which of the following ports will you open?

Each correct answer represents a complete solution. Choose two.

Options:

A.

20

B.

25

C.

80

D.

110

Question 46

Which of the following protocols is used by voice over IP (VoIP) applications?

Options:

A.

UDP

B.

TCP

C.

ICMP

D.

IPv6

Question 47

Which of the following is a valid IPv6 address?

Options:

A.

45CF. 6D53: 12CD. AFC7: E654: BB32: 54AT: FACE

B.

45CF. 6D53: 12KP: AFC7: E654: BB32: 543C. FACE

C.

123.111.243.123

D.

45CF. 6D53: 12CD. AFC7: E654: BB32: 543C. FACE

Question 48

Which of the following types of scan does not open a full TCP connection?

Options:

A.

ACK scan

B.

FIN scan

C.

Stealth scan

D.

Idle scan

Question 49

You work as a Network Administrator for McRobert Inc. Your company has a TCP/IP-based network. You want to get the protocol statistics and the active TCP/IP network connections of your computer. Which of the following will you use?

Options:

A.

IPSTAT

B.

SNMP

C.

ARP

D.

NBTSTAT

E.

NETSTAT

Question 50

You work as a Network Administrator for SmartCert Inc. The company's network contains five Windows 2003 servers and ninety Windows XP Professional client computers. You want to view all the incoming requests to an Internet Information Services (IIS) server and allow only requests that comply with a rule set, created by you, to be processed. You also want to detect the intrusion attempts by recognizing the strange characters in a URL on a Web server. What will you do to accomplish the task?

Options:

A.

Use the Remote Desktop Protocol (RDP).

B.

Use the HFNETCHK utility.

C.

Use the URLScan tool.

D.

Configure a connection to the SQL database by using the RELOG command-line utility.

Question 51

Which of the following is used to detect the bad sectors in a hard disk under Linux environment?

Options:

A.

Badblocks

B.

CheckDisk

C.

ScanDisk

D.

CHKDSK

Question 52

Which of the following statements best describes the string matching method of signature analysis?

Options:

A.

String matching searches specific strings that may indicate an attack.

B.

String matching examines multiple fields from different protocols, such as source address, destination port, or TCP flags.

C.

In string matching, each packet is wrapped in predefined layers of different protocols.

D.

In string matching, an incoming packet is compared, byte by byte, with a single signature, a string of code.

Question 53

Which of the following commands prints out the headers of packets regarding the boolean expression?

Options:

A.

tcpdump

B.

vmstat

C.

iftop

D.

iostat

Question 54

Andrew works as an Administrator for a Windows 2000 based network. The network has a primary external DNS server, and a secondary DNS server located on the ISP's UNIX server, in order to provide fault tolerance. Users complain that they are unable to connect to the URL when using the secondary server. What should Andrew do to resolve the problem?

Options:

A.

He should disable the fast zone transfer in the Advanced tab of the Properties window on the secondary server.

B.

He should select the BIND secondaries check box in the Zone Transfer tab of the Properties window on the primary server.

C.

He should select the BIND secondaries check box in the Advanced tab of the Properties window on the primary server.

D.

He should enable the fast zone transfer in the Advanced tab of the Properties window on the primary server.

Question 55

Which of the following is a hardware/software platform that is designed to analyze, detect, and report on security related events. NIPS is designed to inspect traffic and based on its configuration or security policy, it can drop the malicious traffic?

Options:

A.

NIPS

B.

HIPS

C.

NIDS

D.

HIDS

Question 56

Adam works as a professional Computer Hacking Forensic Investigator. He has been assigned with a project to investigate a computer in the network of SecureEnet Inc. The compromised system runs on Windows operating system. Adam decides to use Helix Live for Windows to gather data and electronic evidences starting with retrieving volatile data and transferring it to server component via TCP/IP. Which of the following application software in Helix Windows Live will he use to retrieve volatile data and transfer it to the server component via TCP/IP?

Options:

A.

FAU

B.

FTK imager

C.

Drive Manager

D.

FSP

Question 57

What are the advantages of an application layer firewall?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It provides detailed logging information for management purposes.

B.

It prevents most of the spoofing and DoS attacks.

C.

It monitors and filters data.

D.

It provides authentication to a device.

Question 58

You work as a Network Administrator for Tech2tech Inc. You have configured a network-based IDS for your company.

You have physically installed sensors at all key positions throughout the network such that they all report to the command console.

What will be the key functions of the sensors in such a physical layout?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

To collect data from operating system logs

B.

To notify the console with an alert if any intrusion is detected

C.

To analyze for known signatures

D.

To collect data from Web servers

Question 59

Adam works as a professional Computer Hacking Forensic Investigator, a project has been assigned to him to investigate and examine files present on suspect's computer. Adam uses a tool with the help of which he can examine recovered deleted files, fragmented files, and other corrupted data. He can also examine the data, which was captured from the network, and access the physical RAM, and any processes running in virtual memory with the help of this tool. Which of the following tools is Adam using?

Options:

A.

Vedit

B.

WinHex

C.

HxD

D.

Evidor

Question 60

Which of the following log files are used to collect evidences before taking the bit-stream image of the BlackBerry?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

user history

B.

Transmit/Receive

C.

Radio status

D.

Roam and Radio

Question 61

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has written the following snort signature:

Which of the following statements about this snort signature is true?

Options:

A.

It detects the session splicing IDS evasion attack.

B.

It detects AOL IM chat.

C.

It detects Yahoo IM chat.

D.

It detects the bad file attachments coming to the mail server.

Question 62

Which of the following files in LILO booting process of Linux operating system stores the location of Kernel on the hard drive?

Options:

A.

/boot/boot.b

B.

/boot/map

C.

/sbin/lilo

D.

/etc/lilo.conf

Question 63

Which of the following tools is described below?

It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.

Options:

A.

Dsniff

B.

Libnids

C.

Cain

D.

LIDS

Question 64

Which of the following well-known ports is used by BOOTP?

Options:

A.

TCP 161

B.

UDP 69

C.

TCP 21

D.

UDP 67

Question 65

Which of the following organizations is dedicated to computer security research and information sharing?

Options:

A.

FBI

B.

NIPC

C.

Honeynet Project

D.

IEEE

Question 66

Which of the following statements are true about routers?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Routers do not limit physical broadcast traffic.

B.

Routers organize addresses into classes, which are used to determine how to move packets from one network to another.

C.

Routers act as protocol translators and bind dissimilar networks.

D.

Routers are responsible for making decisions about which of several paths network (or Internet) traffic will follow.

Question 67

Which of the following utilities produces the output displayed in the image below?

Options:

A.

IPCONFIG

B.

TRACERT

C.

PING

D.

PATHPING

Question 68

You work as a Network Administrator for McRobert Inc. Your company has a TCP/IP-based network. You have configured a WAN link for the network. You are facing connectivity problem across the WAN link. What will be your first step in troubleshooting the issue?

Options:

A.

Reinstall TCP/IP protocol.

B.

Check that the correct default gateway is set.

C.

Enable DNS.

D.

Ensure that NetBEUI protocol is loaded.

E.

Use the NETSTAT utility to view TCP/IP statistics.

Question 69

Which of the following utilities is used to verify the existence of a host in a network?

Options:

A.

IPCONFIG

B.

NETSTAT

C.

CHKDSK

D.

PING

Question 70

Which of the following attacks involves multiple compromised systems to attack a single target?

Options:

A.

Brute force attack

B.

DDoS attack

C.

Replay attack

D.

Dictionary attack

Question 71

Which of the following file systems supports the hot fixing feature?

Options:

A.

FAT16

B.

exFAT

C.

NTFS

D.

FAT32

Question 72

Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?

Options:

A.

Request for service, initial analysis, data collection, data reporting, data analysis

B.

Initial analysis, request for service, data collection, data analysis, data reporting

C.

Initial analysis, request for service, data collection, data reporting, data analysis

D.

Request for service, initial analysis, data collection, data analysis, data reporting

Question 73

You are the Administrator for a Windows 2000 based network that uses DHCP to dynamically assign IP addresses to the clients and DNS servers. You want to ensure that the DNS servers can communicate with another DNS server. Which type of query will you run to achieve this?

Options:

A.

PATHPING

B.

NSLOOKUP

C.

PING

D.

Recursive

Question 74

Which of the following statements about a host-based intrusion prevention system (HIPS) are true?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It can detect events scattered over the network.

B.

It can handle encrypted and unencrypted traffic equally.

C.

It cannot detect events scattered over the network.

D.

It is a technique that allows multiple computers to share one or more IP addresses.

Question 75

Which of the following firewalls keeps track of the state of network connections traveling across the network?

Options:

A.

Stateful firewall

B.

Application-level firewall

C.

Packet filtering firewall

D.

Circuit-level firewall

Question 76

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a multimedia enabled mobile phone, which is suspected to be used in a cyber crime. Adam uses a tool, with the help of which he can recover deleted text messages, photos, and call logs of the mobile phone. Which of the following tools is Adam using?

Options:

A.

FAU

B.

FTK Imager

C.

Galleta

D.

Device Seizure

Load More GCIA Questions
Demo: 76 questions
Total 508 questions
Get GCIA Full Access Download GCIA PDF