New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

GCIA GCIA – GIAC Certified Intrusion Analyst Practice Test Questions and Answers

Questions 4

Which of the following is a valid IP address for class B Networks?

Options:

A.

225.128.98.7

B.

80.33.5.7

C.

212.136.45.8

D.

172.157.88.3

Buy Now
Questions 5

Which of the following is an exact duplicate of computer's hard drive?

Options:

A.

system image

B.

bit-stream image

C.

data image

D.

drive image

Buy Now
Questions 6

Which of the following is a checksum algorithm?

Options:

A.

Dsniff

B.

Adler-32

C.

Hash buster

D.

Snort

Buy Now
Questions 7

Which of the following protocols is used by e-mail servers to send messages?

Options:

A.

SNMP

B.

FTP

C.

POP3

D.

SMTP

E.

HTTP

Buy Now
Questions 8

In which of the following IDS evasion techniques does an attacker deliver data in multiple small sized packets, which makes it very difficult for an IDS to detect the attack signatures of such attacks?

Options:

A.

Insertion

B.

Session splicing

C.

Fragmentation overlap

D.

Fragmentation overwrite

Buy Now
Questions 9

Which of the following methods is a behavior-based IDS detection method?

Options:

A.

Knowledge-based detection

B.

Protocol detection

C.

Statistical anomaly detection

D.

Pattern matching detection

Buy Now
Questions 10

Which of the following firewalls operates at three layers- Layer3, Layer4, and Layer5?

Options:

A.

Circuit-level firewall

B.

Application layer firewall

C.

Dynamic packet-filtering firewall

D.

Proxy firewall

Buy Now
Questions 11

Where is the Hypertext Transfer Protocol (HTTP) used?

Options:

A.

On a client/server-based Wide Area Network (WAN).

B.

On the Internet to download text files and graphic files.

C.

On a peer-to-peer based Local Area Network (LAN).

D.

On the World Wide Web (WWW) to display SQL database statistics.

E.

On the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages.

Buy Now
Questions 12

Which of the following tools can be used to check whether the network interface is in promiscuous mode or not?

Options:

A.

IPTraf

B.

MRTG

C.

Chkrootkit

D.

Ntop

Buy Now
Questions 13

Which of the following is the purpose of creating a Demilitarized zone (DMZ) in an enterprise network?

Options:

A.

Performing Isolation

B.

Creating Autonomous Systems

C.

Intrusion Detection

D.

Military usage

Buy Now
Questions 14

Which of the following programs in UNIX is used to identify and fix lost blocks or orphans?

Options:

A.

File Check (fck)

B.

Block Check (bsck)

C.

Lost Block (lck)

D.

Filesystem Check (fsck)

Buy Now
Questions 15

Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer?

Options:

A.

Swatch

B.

IPLog

C.

Timbersee

D.

Snort

Buy Now
Questions 16

Which of the following switches is used with Pslist command on the command line to show the statistics for all active threads on the system, grouping these threads with their owning process?

Options:

A.

Pslist -x

B.

Pslist -m

C.

Pslist -t

D.

Pslist -d

Buy Now
Questions 17

Mark works as a Network Security Administrator for BlueWells Inc. The company has a Windowsbased network. Mark is giving a presentation on Network security threats to the newly recruited employees of the company. His presentation is about the External threats that the company recently faced in the past. Which of the following statements are true about external threats?

Each correct answer represents a complete solution. Choose three.

Options:

A.

These threats can be countered by implementing security controls on the perimeters of the network, such as firewalls, which limit user access to the Internet.

B.

These are the threats intended to flood a network with large volumes of access requests.

C.

These are the threats that originate from outside an organization in which the attacker attempts to gain unauthorized access.

D.

These are the threats that originate from within the organization.

Buy Now
Questions 18

Which of the following fields of the IPv6 header is similar to the TTL field of IPv4?

Options:

A.

Hop Limit

B.

Next Header

C.

Flow Label

D.

Traffic Class

Buy Now
Questions 19

Which of the following is used over the Internet for better security?

Options:

A.

SOCKS

B.

S-HTTP

C.

Wingate

D.

IMAP Server

Buy Now
Questions 20

Which of the following software is used for Steganography?

Options:

A.

CryptoForge

B.

Fort Knox

C.

Dsniff

D.

Ethreal

Buy Now
Questions 21

Which of the following is used as a default port by the TELNET utility?

Options:

A.

21

B.

80

C.

23

D.

20

Buy Now
Questions 22

You work as a Network Administrator for NetTech Inc. You want to know the local IP address, subnet mask, and default gateway of a NIC in a Windows 98 computer. Which of the following utilities will you use to accomplish this ?

Options:

A.

TRACERT

B.

WINIPCFG

C.

NETSTAT

D.

FDISK

Buy Now
Questions 23

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.

You have configured a firewall on the network. A filter has been applied to block all the ports. You want to enable sending and receiving of emails on the network. Which of the following ports will you open?

Each correct answer represents a complete solution. Choose two.

Options:

A.

20

B.

25

C.

80

D.

110

Buy Now
Questions 24

Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use Steganographic file system method to encrypt and hide some secret information. Which of the following disk spaces will he use to store this secret information?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Slack space

B.

Dumb space

C.

Hidden partition

D.

Unused Sectors

Buy Now
Questions 25

You work as a Computer Hacking Forensic Investigator for SecureNet Inc. You want to investigate Cross-Site Scripting attack on your company's Website. Which of the following methods of investigation can you use to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Use a Web proxy to view the Web server transactions in real time and investigate any communication with outside servers.

B.

Review the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL to the company's site.

C.

Use Wireshark to capture traffic going to the server and then searching for the requests going to the input page, which may give log of the malicious traffic and the IP address of the source.

D.

Look at the Web servers logs and normal traffic logging.

Buy Now
Questions 26

You are a professional Computer Hacking forensic investigator. You have been called to collect the evidences of Buffer Overflows or Cookie snooping attack. Which of the following logs will you review to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Event logs

B.

Program logs

C.

Web server logs

D.

System logs

Buy Now
Questions 27

Which of the following types of attacks uses ICMP to consume bandwidth and crash sites?

Options:

A.

MITM attack

B.

SYN flood attack

C.

TFN attack

D.

XSS attack

Buy Now
Questions 28

Which of the following statements are true about an IPv6 network?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

For interoperability, IPv4 addresses use the last 32 bits of IPv6 addresses.

B.

It increases the number of available IP addresses.

C.

It provides improved authentication and security.

D.

It uses 128-bit addresses.

E.

It uses longer subnet masks than those used in IPv4.

Buy Now
Questions 29

Routers work at which layer of the OSI reference model?

Options:

A.

Transport

B.

Physical

C.

Presentation

D.

Network

Buy Now
Questions 30

Which of the following Windows XP system files handles memory management, I/O operations, and interrupts?

Options:

A.

Ntoskrnl.exe

B.

Advapi32.dll

C.

Kernel32.dll

D.

Win32k.sys

Buy Now
Questions 31

Which of the following partitions contains the system files that are used to start the operating system?

Options:

A.

Secondary partition

B.

Boot partition

C.

Primary partition

D.

System partition

Buy Now
Questions 32

What is the maximum size of an IP datagram for Ethernet?

Options:

A.

1200 bytes

B.

1024 bytes

C.

1500 bytes

D.

4500 bytes

Buy Now
Questions 33

Which of the following can be applied as countermeasures against DDoS attacks?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Limiting the amount of network bandwidth

B.

Blocking IP address

C.

Using LM hashes for passwords

D.

Using Intrusion detection systems

E.

Using the network-ingress filtering

Buy Now
Questions 34

Which of the following attacks is designed to deduce the brand and/or version of an operating system or application?

Options:

A.

Vulnerability assessment

B.

Banner grabbing

C.

OS fingerprinting

D.

Port scanning

Buy Now
Questions 35

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. John wants to redirect all TCP port 80 traffic to UDP port 40, so that he can bypass the firewall of the We-are-secure server. Which of the following tools will John use to accomplish his task?

Options:

A.

PsExec

B.

PsList

C.

Fpipe

D.

Cain

Buy Now
Questions 36

Which of the following tools are used to determine the hop counts of an IP packet?

Each correct answer represents a complete solution. Choose two.

Options:

A.

TRACERT

B.

Ping

C.

IPCONFIG

D.

Netstat

Buy Now
Questions 37

Which of the following ports can be used for IP spoofing?

Options:

A.

NNTP 119

B.

POP 110

C.

Rlogin 513

D.

Whois 43

Buy Now
Questions 38

Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except ports that must be used.

He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about programs like Hping2 that can get into a network through covert channels.

Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?

Options:

A.

Block ICMP type 13 messages

B.

Block all outgoing traffic on port 21

C.

Block all outgoing traffic on port 53

D.

Block ICMP type 3 messages

Buy Now
Questions 39

Which of the following is NOT the functional area of a forensic laboratory?

Options:

A.

Network facilities

B.

Evidence storage

C.

Administrative area

D.

Research area

Buy Now
Questions 40

What is the name of the first computer virus that infected the boot sector of the MS-DOS operating system?

Options:

A.

Sircam

B.

Stoner

C.

Code Red

D.

Brain

Buy Now
Questions 41

Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform a user must install a packet capture library.

What is the name of this library?

Options:

A.

libpcap

B.

WinPCap

C.

PCAP

D.

SysPCap

Buy Now
Questions 42

An attacker makes an attempt against a Web server. The result is that the attack takes the form of URLs. These URLs search for a certain string that identifies an attack against the Web server.

Which IDS/IPS detection method do the URLs use to detect and prevent an attack?

Options:

A.

Anamoly-based detection

B.

Policy-based detection

C.

Honey pot detection

D.

Signature-based detection

Buy Now
Questions 43

Which of the following types of firewall functions at the Session layer of OSI model?

Options:

A.

Circuit-level firewall

B.

Switch-level firewall

C.

Packet filtering firewall

D.

Application-level firewall

Buy Now
Questions 44

Mark works as a Network administrator for SecureEnet Inc. His system runs on Mac OS X. He wants to boot his system from the Network Interface Controller (NIC). Which of the following snag keys will Mark use to perform the required function?

Options:

A.

D

B.

N

C.

Z

D.

C

Buy Now
Questions 45

John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Dictionary attack

B.

Hybrid attack

C.

Brute Force attack

D.

Rule based attack

Buy Now
Questions 46

You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest single domain network. Active Directory integrated zone has been configured on the network. You want to create a text file that lists the resource records of a specified zone for your record. Which of the following commands will you use to accomplish the task?

Options:

A.

DNSCMD /createdirectorypartition

B.

DNSCMD /copydns

C.

DNSCMD /zoneexport

D.

DNSCMD /config

Buy Now
Questions 47

Which method would provide the highest level of protection for all data transmitted on the internal network only? (Click the Exhibit button on the toolbar to see the case study.)

Options:

A.

IPSec tunnel mode

B.

SSL

C.

PPTP

D.

SMB

E.

IPSec transport mode

Buy Now
Questions 48

Adam works as a professional Computer Hacking Forensic Investigator. He has been called by the FBI to examine data of the hard disk, which is seized from the house of a suspected terrorist.

Adam decided to acquire an image of the suspected hard drive. He uses a forensic hardware tool, which is capable of capturing data from IDE, Serial ATA, SCSI devices, and flash cards. This tool can also produce MD5 and CRC32 hash while capturing the data. Which of the following tools is Adam using?

Options:

A.

ImageMASSter Solo-3

B.

ImageMASSter 4002i

C.

FireWire DriveDock

D.

Wipe MASSter

Buy Now
Questions 49

Which of the following proxy servers is also referred to as transparent proxies or forced proxies?

Options:

A.

Tunneling proxy server

B.

Reverse proxy server

C.

Anonymous proxy server

D.

Intercepting proxy server

Buy Now
Questions 50

Which of the following attacks involves multiple compromised systems to attack a single target?

Options:

A.

Brute force attack

B.

DDoS attack

C.

Replay attack

D.

Dictionary attack

Buy Now
Questions 51

With reference to the given case study, one of the security goals requires to configure a secure connection between the Boston distribution center and the headquarters. You want to implement IP filter to fulfill the security requirements. How should you implement IP filters at the headquarters?

(Click the Exhibit button on the toolbar to see the case study.)

Options:

A.

Add source filters for the headquarters for UDP port 80 and IP protocol 50.

Add destination filters for the Boston distribution center for UDP port 80 and IP protocol 50.

B.

Add source filters for the Boston distribution center for UDP port 80 and IP protocol 50.

Add destination filters for headquarters for UDP port 80 and IP protocol 50.

C.

Add source filters for the Boston distribution center for UDP port 1701 and IP protocol 50.

Add destination filters for the headquarters for UDP port 1701 and IP protocol 50.

D.

Add source filters for the headquarters for UDP port 1701 and IP protocol 50.

Add destination filters for the Boston distribution center for UDP port 1701 and IP protocol 50.

Buy Now
Questions 52

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a multimedia enabled mobile phone, which is suspected to be used in a cyber crime. Adam uses a tool, with the help of which he can recover deleted text messages, photos, and call logs of the mobile phone. Which of the following tools is Adam using?

Options:

A.

FAU

B.

FTK Imager

C.

Galleta

D.

Device Seizure

Buy Now
Questions 53

Which of the following Denial-of-Service (DoS) attacks employ IP fragmentation mechanism?

Each correct answer represents a complete solution. Choose two.

Options:

A.

SYN flood attack

B.

Teardrop attack

C.

Land attack

D.

Ping of Death attack

Buy Now
Questions 54

At which port does a DHCPv6 client listen for DHCP messages?

Options:

A.

TCP port 546

B.

TCP port 547

C.

UDP port 546

D.

UDP port 547

Buy Now
Questions 55

Which of the following utilities produces the output displayed in the image below?

Options:

A.

IPCONFIG

B.

TRACERT

C.

PING

D.

PATHPING

Buy Now
Questions 56

Which of the following statements about User Datagram Protocol (UDP) is true?

Options:

A.

It is a hardware protocol.

B.

It is a connectionless protocol.

C.

It is a tunneling protocol.

D.

It is a connection-oriented protocol.

Buy Now
Questions 57

You work as a Network Administrator for McRobert Inc. Your company has a TCP/IP-based network. You have configured a WAN link for the network. You are facing connectivity problem across the WAN link. What will be your first step in troubleshooting the issue?

Options:

A.

Reinstall TCP/IP protocol.

B.

Check that the correct default gateway is set.

C.

Enable DNS.

D.

Ensure that NetBEUI protocol is loaded.

E.

Use the NETSTAT utility to view TCP/IP statistics.

Buy Now
Questions 58

Which of the following is a correct sequence of different layers of Open System Interconnection (OSI) model?

Options:

A.

Physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer

B.

Physical layer, data link layer, network layer, transport layer, presentation layer, session layer, and application layer

C.

application layer, presentation layer, network layer, transport layer, session layer, data link layer, and physical layer

D.

Physical layer, network layer, transport layer, data link layer, session layer, presentation layer, and application layer

Buy Now
Questions 59

In which of the following attacks does a hacker imitate a DNS server and obtain the entire DNS database?

Options:

A.

DNS poisoning attack

B.

Illicit zone transfer attack

C.

Illicit poisoning attack

D.

DNS transfer attack

Buy Now
Questions 60

Mark works as a Network Administrator for Infonet Inc. The company has a Windows 2000 domainbased network. Mark wants to block all NNTP traffic between the network and the Internet. How will he configure the network?

Options:

A.

Disable anonymous logins in the NNTP configuration manager.

B.

Block port 25 by configuring the firewall.

C.

Block port 119 by configuring the firewall.

D.

Block TCP port 80 by configuring the firewall.

Buy Now
Questions 61

Which of the following NETSH commands for interface Internet protocol version 4 (IPv4) is used to add a DNS server to a list of DNS servers for a specified interface?

Options:

A.

net dnsserver

B.

add address

C.

add dnsserver

D.

add neighbors

Buy Now
Questions 62

Which of the following sectors on a hard disk contains codes that the computer uses to start the system?

Options:

A.

Sector 256

B.

Sector 0

C.

Sector 1

D.

Sector 128

Buy Now
Questions 63

Sandra, a novice computer user, works on Windows environment. She experiences some problem regarding bad sectors formed in a hard disk of her computer. She wants to run CHKDSK command to check the hard disk for bad sectors and to fix the errors, if any, occurred. Which of the following switches will she use with CHKDSK command to accomplish the task?

Options:

A.

CHKDSK /I

B.

CHKDSK /R /F

C.

CHKDSK /C /L

D.

CHKDSK /V /X

Buy Now
Questions 64

Which of the following terms is used to represent IPv6 addresses?

Options:

A.

Hexadecimal-dot notation

B.

Colon-dot

C.

Dot notation

D.

Colon-hexadecimal

Buy Now
Questions 65

Which of the following image file formats uses a lossy data compression technique?

Options:

A.

GIF

B.

JPG

C.

PNG

D.

TIF

Buy Now
Questions 66

You work as a Network Administrator for McRobert Inc. You want to know the NetBIOS name of your computer. Which of the following commands will you use?

Options:

A.

NETSTAT -n

B.

NETSTAT -s

C.

NBTSTAT -n

D.

NBTSTAT -s

Buy Now
Questions 67

An attacker changes the address of a sub-routine in such a manner that it begins to point to the address of the malicious code. As a result, when the function has been exited, the application can be forced to shift to the malicious code. The image given below explains this phenomenon:

Which of the following tools can be used as a countermeasure to such an attack?

Options:

A.

Obiwan

B.

SmashGuard

C.

Kismet

D.

Absinthe

Buy Now
Questions 68

Which of the following best describes the term protocol?

Options:

A.

The ability to move data through layers of the OSI model.

B.

The combination of cable type and access method used on a network.

C.

A set of rules.

D.

The permissible amount of data contained in a packet.

Buy Now
Questions 69

Adam works as a professional Computer Hacking Forensic Investigator. He has been assigned with a project to investigate a computer in the network of SecureEnet Inc. The compromised system runs on Windows operating system. Adam decides to use Helix Live for Windows to gather data and electronic evidences starting with retrieving volatile data and transferring it to server component via TCP/IP. Which of the following application software in Helix Windows Live will he use to retrieve volatile data and transfer it to the server component via TCP/IP?

Options:

A.

FAU

B.

FTK imager

C.

Drive Manager

D.

FSP

Buy Now
Questions 70

Which of the following is computed from an arbitrary block of digital data for the purpose of detecting accidental errors?

Options:

A.

Hash buster

B.

Firewall

C.

Checksum

D.

Hash filter

Buy Now
Questions 71

You are the Administrator for a Windows 2000 based network that uses DHCP to dynamically assign IP addresses to the clients and DNS servers. You want to ensure that the DNS servers can communicate with another DNS server. Which type of query will you run to achieve this?

Options:

A.

PATHPING

B.

NSLOOKUP

C.

PING

D.

Recursive

Buy Now
Questions 72

Which of the following is the correct order of loading system files into the main memory of the system, when the computer is running on Microsoft's Windows XP operating system?

Options:

A.

NTLDR, BOOT.ini, HAL.dll, NTDETECT.com, NTOSKRNL.exe

B.

BOOT.ini, HAL.dll, NTDETECT.com, NTLDR, NTOSKRNL.exe

C.

NTLDR, BOOT.ini, HAL.dll, NTDETECT.com, NTOSKRNL.exe

D.

NTLDR, BOOT.ini, NTDETECT.com, HAL.dll, NTOSKRNL.exe

Buy Now
Questions 73

You work as a Network Administrator for McNeil Inc. The company has a TCP/IP-based network.

You are configuring an Internet connection for your company. Your Internet service provider (ISP) has a UNIX-based server. Which of the following utilities will enable you to access the UNIX server, using a text-based connection?

Options:

A.

TELNET

B.

IPCONFIG

C.

PING

D.

FTP

E.

TRACERT

Buy Now
Questions 74

Trinity wants to send an email to her friend. She uses the MD5 generator to calculate cryptographic hash of her email to ensure the security and integrity of the email. MD5 generator, which Trinity is using operates in two steps:

Creates check file

Verifies the check file

Which of the following MD5 generators is Trinity using?

Options:

A.

Secure Hash Signature Generator

B.

Mat-MD5

C.

Chaos MD5

D.

MD5 Checksum Verifier

Buy Now
Questions 75

Which of the following utilities is used to verify the existence of a host in a network?

Options:

A.

IPCONFIG

B.

NETSTAT

C.

CHKDSK

D.

PING

Buy Now
Questions 76

You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 Active Directory-based single forest multiple domain IPv4 network. All the DNS servers on the network run Windows Server 2008. The users in the network use NetBIOS name to connect network application on the network. You have migrated the network to IPv6-enabled network. Now you want to enable DNS Server to perform lookups in GlobalNames Zone. Which of the following commands will you use to accomplish the task?

Options:

A.

Dnscmd /config /enableglobalnames 1

B.

Dnscmd /config /enableglobalnamessupport 0

C.

Dnscmd /config /enableglobalnamessupport 1

D.

Dnscmd /config /globalnamesqueryorder 0

Buy Now
Exam Code: GCIA
Exam Name: GCIA – GIAC Certified Intrusion Analyst Practice Test
Last Update: Dec 27, 2024
Questions: 508
GCIA pdf

GCIA PDF

$25.5  $84.99
GCIA Engine

GCIA Testing Engine

$30  $99.99
GCIA PDF + Engine

GCIA PDF + Testing Engine

$40.5  $134.99