GCIA Exam - GIAC Certified Intrusion Analyst

NEW QUESTION 1
You work as a System Administrator for McNeil Inc. The company has a Linux-based network. You are a root user on the Red Hat operating system. Your network is configured for IPv6 IP addressing. Which of the following commands will you use to test TCP/IP connectivity?

• A. ping6
• B. ifconfig
• C. traceroute
• D. ping

Answer: A

NEW QUESTION 2
Which system is designed to analyze, detect, and report on security-related events?

• A. NIPS
• B. HIPS
• C. NIDS
• D. HIDS

Answer: A

NEW QUESTION 3
In which of the following attacks does a hacker imitate a DNS server and obtain the entire DNS database?

• A. DNS poisoning attack
• B. Illicit zone transfer attack
• C. Illicit poisoning attack
• D. DNS transfer attack

Answer: B

NEW QUESTION 4
Which of the following types of firewall functions at the Session layer of OSI model?

• A. Circuit-level firewall
• B. Switch-level firewall
• C. Packet filtering firewall
• D. Application-level firewall

Answer: A

NEW QUESTION 5
What are the limitations of the POP3 protocol?
Each correct answer represents a complete solution. Choose three.

• A. E-mails can be retrieved only from the Inbox folder of a mailbo
• B. E-mails stored in any other folder are not accessibl
• C. It is only a retrieval protoco
• D. It is designed to work with other applications that provide the ability to send e-mail
• E. It does not support retrieval of encrypted e-mail
• F. It uses less memory spac

Answer: ABC

NEW QUESTION 6
Which of the following is computed from an arbitrary block of digital data for the purpose of detecting accidental errors?

• A. Hash filter
• B. Checksum
• C. Hash buster
• D. Firewall

Answer: B

NEW QUESTION 7
You work as a Network Administrator for Tech Perfect Inc. The office network is configured as an IPv6 network. You have to configure a computer with the IPv6 address, which is equivalent to an IPv4 publicly routable address. Which of the following types of addresses will you choose?

• A. Site-local
• B. Global unicast
• C. Local-link
• D. Loopback

Answer: B

NEW QUESTION 8
Which of the following statements about Secure Shell (SSH) are true?
Each correct answer represents a complete solution. Choose three.

• A. It is the core routing protocol of the Interne
• B. It allows data to be exchanged using a secure channel between two networked device
• C. It was designed as a replacement for TELNET and other insecure shell
• D. It is a network protocol used primarily on Linux and Unix based system

Answer: BCD

NEW QUESTION 9
What does a firewall check to prevent certain ports and applications from getting the packets into an Enterprise?

• A. The application layer port numbers and the transport layer headers
• B. The presentation layer headers and the session layer port numbers
• C. The network layer headers and the session layer port numbers
• D. The transport layer port numbers and the application layer headers

Answer: D

NEW QUESTION 10
Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate and examine drive image of a compromised system, which is suspected to be used in cyber crime. Adam uses Forensic Sorter to sort the contents of hard drive in different categories. Which of the following type of image formats is NOT supported by Forensic Sorter?

• A. EnCase image file
• B. PFR image file
• C. RAW image file
• D. iso image file

Answer: D

NEW QUESTION 11
Andrew, a bachelor student of Faulkner University, creates a gmail account. He uses 'Faulkner' as the password for the gmail account. After a few days, he starts receiving a lot of e-mails stating that his gmail account has been hacked. He also finds that some of his important mails have been deleted by someone. Which of the following methods has the attacker used to crack Andrew's password?
Each correct answer represents a complete solution. Choose all that apply.

• A. Zero-day attack
• B. Dictionary-based attack
• C. Rainbow attack
• D. Denial-of-service (DoS) attack
• E. Brute force attack
• F. Buffer-overflow attack
• G. Password guessing
• H. Social engineering

Answer: BCEGH

NEW QUESTION 12
You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 domain-based network. The network has three Windows Server 2008 member servers and 150 Windows Vista client computers. According to the company's security policy, you apply Windows firewall setting to the computers on the network. Now, you are troubleshooting a connectivity problem that might be caused by Windows firewall. What will you do to identify connections that Windows firewall allows or blocks?

• A. Configure Internet Protocol Security (IPSec).
• B. Configure Network address translation (NAT).
• C. Disable Windows firewall loggin
• D. Enable Windows firewall loggin

Answer: D

NEW QUESTION 13
You work as a Network Administrator for McNeil Inc. The company has a TCP/IP-based network.
You are configuring an Internet connection for your company. Your Internet service provider (ISP) has a UNIX-based server. Which of the following utilities will enable you to access the UNIX server, using a text-based connection?

• A. TELNET
• B. IPCONFIG
• C. PING
• D. FTP
• E. TRACERT

Answer: A

NEW QUESTION 14
Which of the following is NOT an Intrusion Detection System?

• A. Fragroute
• B. Stunnel
• C. Samhain
• D. AIDE

Answer: B

NEW QUESTION 15
You work as a Security Professional for CertLeader Inc. The company has a Linux-based network. You want to analyze the network traffic with Snort. You run the following command:
snort -v -i eth 0
Which of the following information will you get using the above command?
Each correct answer represents a complete solution. Choose all that apply.

• A. Protocol statistics
• B. Date stamp on the packets
• C. Number of packets received and dropped
• D. Application layer data

Answer: ABC

NEW QUESTION 16
You work as a Network Administrator for McRobert Inc. Your company has a Windows NT 4.0 TCP/IP-based network. You want to list the cache of NetBIOS names and IP addresses. Which of the following utilities will you use?

• A. TELNET
• B. NBTSTAT
• C. TRACERT
• D. NETSTAT

Answer: B

NEW QUESTION 17
Which of the following ICMPv6 neighbor discovery messages is sent by hosts to request an immediate router advertisement, instead of waiting for the next scheduled advertisement?

• A. Neighbor Solicitation
• B. Router Solicitation
• C. Neighbor Advertisement
• D. Router Advertisement

Answer: B

NEW QUESTION 18
Which of the following tools is used to recover data and partitions, and can run on Windows, Linux, SunOS, and Macintosh OS X operating systems?

• A. GetDataBack
• B. Acronis Recovery Expert
• C. Active@ Disk Image
• D. TestDisk

Answer: D

NEW QUESTION 19
Which of the following types of write blocker device uses one interface for one side and a different one for the other?

• A. Pros
• B. Tailgat
• C. Indiff
• D. Native

Answer: B

NEW QUESTION 20
Which of the following technologies is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet?

• A. Demilitarized zone (DMZ)
• B. Intrusion detection system (IDS)
• C. Firewall
• D. Packet filtering

Answer: B

NEW QUESTION 21
......