GCIA Exam - GIAC Certified Intrusion Analyst

NEW QUESTION 1
Which of the following is included in a memory dump file?

• A. List of loaded drivers
• B. Security ID
• C. Stop message and its parameters
• D. The kernel-mode call stack for the thread that stopped the process from execution

Answer: ACD

NEW QUESTION 2
Adam works as a Computer Hacking Forensic Investigator in a law firm. He has been assigned with his first project. Adam collected all required evidences and clues. He is now required to write an investigative report to present before court for further prosecution of the case. He needs guidelines to write an investigative report for expressing an opinion. Which of the following are the guidelines to write an investigative report in an efficient way?
Each correct answer represents a complete solution. Choose all that apply.

• A. All ideas present in the investigative report should flow logically from facts to conclusion
• B. Opinion of a lay witness should be included in the investigative repor
• C. The investigative report should be understandable by any reade
• D. There should not be any assumptions made about any facts while writing the investigative repor

Answer: ACD

NEW QUESTION 3
Which of the following ports can be used for IP spoofing?

• A. Whois 43
• B. POP 110
• C. NNTP 119
• D. Rlogin 513

Answer: D

NEW QUESTION 4
Adam works as a professional Computer Hacking Forensic Investigator. He wants to investigate a suspicious email that is sent using a Microsoft Exchange server. Which of the following files will he review to accomplish the task?
Each correct answer represents a part of the solution. Choose all that apply.

• A. Checkpoint files
• B. EDB and STM database files
• C. Temporary files
• D. cookie files

Answer: ABC

NEW QUESTION 5
You work as a professional Computer Hacking Forensic Investigator. A project has been assigned to you to investigate Plagiarism occurred in the source code files of C#. Which of the following tools will you use to detect the software plagiarism?

• A. VAST
• B. Jplag
• C. SCAM
• D. Turnitin

Answer: B

NEW QUESTION 6
Where is the Hypertext Transfer Protocol (HTTP) used?

• A. On a client/server-based Wide Area Network (WAN).
• B. On the Internet to download text files and graphic file
• C. On a peer-to-peer based Local Area Network (LAN).
• D. On the World Wide Web (WWW) to display SQL database statistic
• E. On the World Wide Web (WWW) to display Hypertext Markup Language (HTML) page

Answer: E

NEW QUESTION 7
You work as a Network Administrator for Net Perfect Inc. The company's network is configured with Internet Security and Acceleration (ISA) Server 2000 to provide firewall services. You want to block all e-mails coming from the domain named fun4you.com. How will you accomplish this?

• A. Enable POP intrusion detection filter Block e-mails from the fun4you.com domain
• B. Enable SMTP filter Add the fun4you.com domain name to the list of rejected domains
• C. Create a site and content rule to prohibit access to the fun4you.com domain
• D. Create a protocol rule that allows only authorized users to use the SMTP protocol

Answer: B

NEW QUESTION 8
You work as a Network Administrator for Tech Perfect Inc. Your company has a Windows 2000-based network. You want to verify the connectivity of a host in the network. Which of the following utilities will you use?

• A. PING
• B. TELNET
• C. NETSTAT
• D. TRACERT

Answer: A

NEW QUESTION 9
Which of the following proxy servers is placed anonymously between the client and remote server and handles all of the traffic from the client?

• A. Caching proxy server
• B. Web proxy server
• C. Forced proxy server
• D. Open proxy server

Answer: C

NEW QUESTION 10
Which method would provide the highest level of protection for all data transmitted on the internal network only? (Click the Exhibit button on the toolbar to see the case study.)

• A. IPSec tunnel mode
• B. SSL
• C. PPTP
• D. SMB
• E. IPSec transport mode

Answer: E

NEW QUESTION 11
What is the maximum size of an IP datagram for Ethernet?

• A. 4500 bytes
• B. 1024 bytes
• C. 1200 bytes
• D. 1500 bytes

Answer: D

NEW QUESTION 12
Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer?

• A. Swatch
• B. IPLog
• C. Timbersee
• D. Snort

Answer: D

NEW QUESTION 13
Which of the following tools can be used to view active telnet sessions?

• A. Juggernaut
• B. Cgichk
• C. Nikto
• D. Hackbot

Answer: A

NEW QUESTION 14
You are the Administrator for a corporate network. You are concerned about denial of service attacks.
Which of the following would be the most help against Denial of Service (DOS) attacks?

• A. Network survey
• B. Honey pot
• C. Packet filtering firewall
• D. Stateful Packet Inspection (SPI) firewall

Answer: D

NEW QUESTION 15
Which of the following OSI layers is responsible for protocol conversion, data encryption/decryption, and data compression?

• A. Network layer
• B. Data-link layer
• C. Presentation layer
• D. Transport layer

Answer: C

NEW QUESTION 16
Which of the following tools is used to detect spam email without checking the content?

• A. Kismet
• B. EtherApe
• C. DCC
• D. Sniffer

Answer: C

NEW QUESTION 17
Which of the following utilities allows to view all files including invisible files and folders on a Macintosh OS X?

• A. Directory Scan
• B. Folder Scan
• C. File Scan
• D. System Scan

Answer: A

NEW QUESTION 18
John, a malicious hacker, forces a router to stop forwarding packets by flooding it with many open connections simultaneously so that all hosts behind it are effectively disabled. Which of the following attacks is John performing?

• A. Rainbow attack
• B. DoS attack
• C. ARP spoofing
• D. Replay attack

Answer: B

NEW QUESTION 19
Mark works as a Network Security Administrator for BlueWells Inc. The company has a Windowsbased network. Mark is giving a presentation on Network security threats to the newly recruited employees of the company. His presentation is about the External threats that the company recently faced in the past. Which of the following statements are true about external threats?
Each correct answer represents a complete solution. Choose three.

• A. These are the threats that originate from outside an organization in which the attacker attempts to gain unauthorized acces
• B. These are the threats that originate from within the organizatio
• C. These are the threats intended to flood a network with large volumes of access request
• D. These threats can be countered by implementing security controls on the perimeters of the network, such as firewalls, which limit user access to the Interne

Answer: ACD

NEW QUESTION 20
Which of the following partitions contains the system files that are used to start the operating system?

• A. Boot partition
• B. System partition
• C. Secondary partition
• D. Primary partition

Answer: A

NEW QUESTION 21
......