GCIA Exam - GIAC Certified Intrusion Analyst

NEW QUESTION 1
Which of the following is computed from an arbitrary block of digital data for the purpose of detecting accidental errors?

• A. Hash buster
• B. Firewall
• C. Checksum
• D. Hash filter

Answer: C

NEW QUESTION 2
John works as a Network Administrator for DigiNet Inc. He wants to investigate failed logon attempts to a network. He uses Log Parser to detail out the failed logons over a specific time frame. He uses the following commands and query to list all failed logons on a specific date:
logparser.exe file:FailedLogons.sql -i:EVT -o:datagrid
SELECT
timegenerated AS LogonTime,
extract_token(strings, 0, '|') AS UserName
FROM Security
WHERE EventID IN (529;
530;
531;
532;
533;
534;
535;
537;
539)
AND to_string(timegenerated,'yyyy-MM-dd HH:mm:ss') like '2004-09%'
After investigation, John concludes that two logon attempts were made by using an expired account. Which of the following EventID refers to this failed logon?

• A. 532
• B. 531
• C. 534
• D. 529

Answer: A

NEW QUESTION 3
Which of the following attacks involves multiple compromised systems to attack a single target?

• A. Brute force attack
• B. DDoS attack
• C. Replay attack
• D. Dictionary attack

Answer: B

NEW QUESTION 4
Which of the following applications cannot proactively detect anomalies related to a computer?

• A. NIDS
• B. Firewall installed on the computer
• C. HIDS
• D. Anti-virus scanner

Answer: A

NEW QUESTION 5
Which of the following classes refers to the fire involving electricity?

• A. Class B
• B. Class D
• C. Class A
• D. Class C

Answer: D

NEW QUESTION 6
What is the maximum size of an IP datagram for Ethernet?

• A. 1200 bytes
• B. 1024 bytes
• C. 1500 bytes
• D. 4500 bytes

Answer: C

NEW QUESTION 7
Which of the following command-line utilities is used to show the state of current TCP/IP connections?

• A. PING
• B. TRACERT
• C. NETSTAT
• D. NSLOOKUP

Answer: C

NEW QUESTION 8
Allen works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a computer, which is used by the suspect to sexually harass the victim using instant messenger program. Suspect's computer runs on Windows operating system. Allen wants to recover password from instant messenger program, which suspect is using, to collect the evidence of the crime. Allen is using Helix Live for this purpose. Which of the following utilities of Helix will he use to accomplish the task?

• A. Asterisk Logger
• B. Access PassView
• C. Mail Pass View
• D. MessenPass

Answer: D

NEW QUESTION 9
Which of the following is the default port for Hypertext Transfer Protocol (HTTP)?

• A. 23
• B. 21
• C. 80
• D. 25

Answer: C

NEW QUESTION 10
Which of the following port numbers are valid ephemeral port numbers?
Each correct answer represents a complete solution. Choose two.

• A. 143
• B. 1025
• C. 161
• D. 1080

Answer: BD

NEW QUESTION 11
The National Shoes Inc. has an SNMP enabled router installed on its network. IT Manager wants to monitor all SNMP traffic generated by the router. So, he installs a Network Monitor on a Windows2000 Server computer on the network. The router is configured to send traps to an SNMP manager installed on another server. He wants to get a notification whenever the network router raises an SNMP trap. What will he do to achieve this?
(Click the Exhibit button on the toolbar to see the case study.)
Each correct answer represents a part of the solution. Choose two.

• A. Install an SNMP manager on the route
• B. Start the Windows 2000 Alert Service on the serve
• C. Create a TCP/IP filter on the serve
• D. Create a Network Monitor filter that has a pattern match for SNMP traffi
• E. Create a Network Monitor trigger to run the NET SEND comman
• F. Configure the network router to trap the IP address of the serve

Answer: DE

NEW QUESTION 12
Which of the following commands displays the IPX routing table entries?

• A. sh ipx traffic
• B. sh ipx int e0
• C. sh ipx route
• D. sho ipx servers

Answer: C

NEW QUESTION 13
Which of the following standard file formats is used by Apple's iPod to store contact information?

• A. HFS+
• B. vCard
• C. FAT32
• D. hCard

Answer: B

NEW QUESTION 14
Which of the following best describes the term protocol?

• A. The ability to move data through layers of the OSI mode
• B. The combination of cable type and access method used on a networ
• C. A set of rule
• D. The permissible amount of data contained in a packe

Answer: C

NEW QUESTION 15
At which layers of the OSI and TCP/IP models does IP addressing function?

• A. OSI Layer 5 and TCP/IP Transport Layer
• B. OSI Layer 2 and TCP/IP Network Layer
• C. OSI Layer 4 and TCP/IP Application Layer
• D. OSI Layer 3 and TCP/IP Internet Layer

Answer: D

NEW QUESTION 16
You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based routed network. You have recently come to know about the Slammer worm, which attacked computers in 2003 and doubled the number of infected hosts every 9 seconds or so. Slammer infected 75000 hosts in the first 10 minutes of the attack. To mitigate such security threats, you want to configure security tools on the network. Which of the following tools will you use?

• A. Intrusion Prevention Systems
• B. Firewall
• C. Intrusion Detection Systems
• D. Anti-x

Answer: A

NEW QUESTION 17
You are implementing a host based intrusion detection system on your web server. You feel that the best way to monitor the web server is to find your baseline of activity (connections, traffic, etc.) and to monitor for conditions above that baseline. This type of IDS is called __________.

• A. Anomaly Based
• B. Reactive IDS
• C. Passive IDS
• D. Signature Based

Answer: A

NEW QUESTION 18
You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.
A branch office is connected to the headquarters through a T1 line. Users at the branch office report poor voice quality on the IP phone while communicating with the headquarters. You find that an application, named WorkReport, at the branch office is suffocating bandwidth by sending large packets for file synchronization. You need to improve the voice quality on the IP phone. Which of the following steps will you choose to accomplish this?

• A. Configure traffic shaping to increase the time interval for the WorkReport packet
• B. Configure traffic shaping to increase the time interval for the IP phone packet
• C. Configure traffic shaping to reduce bandwidth for the IP phon
• D. Configure traffic shaping to reduce bandwidth for WorkRepor

Answer: D

NEW QUESTION 19
Which of the following tools are used to determine the hop counts of an IP packet?
Each correct answer represents a complete solution. Choose two.

• A. TRACERT
• B. Ping
• C. IPCONFIG
• D. Netstat

Answer: AB

NEW QUESTION 20
Which of the following commands in MQC tool matches IPv4 and IPv6 packets when IP parameter is missing?

• A. Match access-group
• B. Match fr-dlci
• C. Match IP precedence
• D. Match cos

Answer: C

NEW QUESTION 21
......