Weekend Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. GIAC
  3. Security Administration
  4. GCIA
  5. GCIA - GCIA – GIAC Certified Intrusion Analyst Practice Test

GIAC GCIA GCIA – GIAC Certified Intrusion Analyst Practice Test Exam Practice Test

Page: 1 / 51
Total 508 questions
Get GCIA Full Access Download GCIA PDF

GCIA – GIAC Certified Intrusion Analyst Practice Test Questions and Answers

Question 1

Which of the following programs in UNIX is used to identify and fix lost blocks or orphans?

Options:

A.

File Check (fck)

B.

Block Check (bsck)

C.

Lost Block (lck)

D.

Filesystem Check (fsck)

Question 2

Which system is designed to analyze, detect, and report on security-related events?

Options:

A.

NIPS

B.

HIPS

C.

NIDS

D.

HIDS

Question 3

For a host to have successful Internet communication, which of the following network protocols are required? You should assume that the users will not manually configure the computer in anyway and that the measure of success will be whether the user can access Web sites after powering the computer and logging on.

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

NTP

B.

HTTP/HTTPS

C.

DNS

D.

DHCP

Question 4

Which of the following determines which protocols can be used by clients to access the Internet in an ISA Server enabled network?

Options:

A.

SMTP filter

B.

POP intrusion detection filter

C.

Site and content rule

D.

Protocol rule

Question 5

Which of the following commands used in Linux to create bit-stream images?

Options:

A.

ss

B.

xcopy

C.

dd

D.

img

Question 6

Which of the following monitors program activities and modifies malicious activities on a system?

Options:

A.

RADIUS

B.

NIDS

C.

Back door

D.

HIDS

Question 7

What is the maximum size of an IP datagram for Ethernet?

Options:

A.

4500 bytes

B.

1024 bytes

C.

1200 bytes

D.

1500 bytes

Question 8

Which of the following switches is used with Pslist command on the command line to show the statistics for all active threads on the system, grouping these threads with their owning process?

Options:

A.

Pslist -x

B.

Pslist -m

C.

Pslist -t

D.

Pslist -d

Question 9

John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Brute Force attack

B.

Dictionary attack

C.

Rule based attack

D.

Hybrid attack

Question 10

Which of the following tools is used to analyze a system and report any unsigned drivers found?

Options:

A.

regedit.exe

B.

sigverify.exe

C.

sigverif.exe

D.

msconfig

Question 11

Which of the following commands is used to verify the hash value in Netcat?

Options:

A.

type

B.

check

C.

mount

D.

checksum

Question 12

Which of the following is an example of a social engineering attack?

Options:

A.

Phishing

B.

Man-in-the-middle attack

C.

Browser Sniffing

D.

E-mail bombing

Question 13

Which of the following is used to provide a protective shield for the data passing over the Internet?

Options:

A.

Proxy server

B.

Intrusion detection system

C.

Firewall

D.

Tunneling

Question 14

Adam works as a Senior Programmer for Umbrella Inc. A project has been assigned to him to write a short program to gather user input for a Web application. He wants to keep his program neat and simple. His chooses to use printf(str) where he should have ideally used printf("%s", str).

What attack will his program expose the Web application to?

Options:

A.

Sequence++ attack

B.

Cross Site Scripting attack

C.

Format string attack

D.

SQL injection attack

Question 15

Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform acts like account hijacking, history theft etc. Which of the following types of Cross-Site Scripting attack Ryan intends to do?

Options:

A.

SAX

B.

Persistent

C.

Document Object Model (DOM)

D.

Non persistent

Question 16

Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer?

Options:

A.

Swatch

B.

IPLog

C.

Timbersee

D.

Snort

Question 17

Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?

Options:

A.

DOS boot disk

B.

EnCase with a hardware write blocker

C.

Linux Live CD

D.

Secure Authentication for EnCase (SAFE)

Question 18

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple small-sized packets to the target computer. Hence, it becomes very difficult for an IDS to detect the attack signatures of such attacks. Which of the following tools can be used to perform session splicing attacks?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Nessus

B.

Whisker

C.

Y.A.T.

D.

Fragroute

Question 19

Which of the following interfaces is NOT used for connecting a hard disk?

Options:

A.

IDE

B.

SCSI

C.

SATA

D.

PS/2

Question 20

An attacker wants to launch an attack on a wired Ethernet. He wants to accomplish the following tasks:

Sniff data frames on a local area network.

Modify the network traffic.

Stop the network traffic frequently.

Which of the following techniques will the attacker use to accomplish the task?

Options:

A.

IP spoofing

B.

Eavesdropping

C.

ARP spoofing

D.

Session hijacking

Question 21

An IDS is a group of processes working together in a network. These processes work on different computers and devices across the network. Which of the following processes does an IDS perform?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Network traffic analysis

B.

Event log analysis

C.

Monitoring and analysis of user and system activity

D.

Statistical analysis of abnormal traffic patterns

Question 22

Trinity wants to send an email to her friend. She uses the MD5 generator to calculate cryptographic hash of her email to ensure the security and integrity of the email. MD5 generator, which Trinity is using operates in two steps:

Creates check file

Verifies the check file

Which of the following MD5 generators is Trinity using?

Options:

A.

Secure Hash Signature Generator

B.

Mat-MD5

C.

Chaos MD5

D.

MD5 Checksum Verifier

Question 23

Which of the following is a valid IPv6 address?

Options:

A.

45CF. 6D53: 12CD. AFC7: E654: BB32: 54AT: FACE

B.

45CF. 6D53: 12KP: AFC7: E654: BB32: 543C. FACE

C.

123.111.243.123

D.

45CF. 6D53: 12CD. AFC7: E654: BB32: 543C. FACE

Question 24

Which of the following are the types of intrusion detection systems?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Server-based intrusion detection system (SIDS)

B.

Network intrusion detection system (NIDS)

C.

Client-based intrusion detection system (CIDS)

D.

Host-based intrusion detection system (HIDS)

Question 25

Which of the following is the default port used by Simple Mail Transfer Protocol (SMTP)?

Options:

A.

80

B.

25

C.

20

D.

21

Question 26

You work as a Network Administrator in a company. The NIDS is implemented on the network.

You want to monitor network traffic. Which of the following modes will you configure on the network interface card to accomplish the task?

Options:

A.

Promiscuous

B.

Audit mode

C.

Full Duplex

D.

Half duplex

Question 27

Which of the following proxy servers is placed anonymously between the client and remote server and handles all of the traffic from the client?

Options:

A.

Caching proxy server

B.

Web proxy server

C.

Forced proxy server

D.

Open proxy server

Question 28

What is the order of the extension headers that is followed by IPv6?

Options:

A.

Destination Options (first), Routing, IPv6 header, Hop-by-Hop, Fragment, Authentication, Encrypted Security Payload, Destination Options (second), followed by an Upper-layer header, indicating payload.

B.

Routing, Hop-by-Hop, Destination Options (first), Fragment, Authentication, Encrypted Security Payload, Destination Options (second), followed by an Upper-layer header, indicating payload.

C.

Fragment, Routing, Hop-by-Hop, Destination Options (first), Authentication, Encrypted Security Payload, Destination Options (second), followed by an Upper-layer header, indicating payload.

D.

IPv6 header, Hop-by-Hop, Destination Options (first), Routing, Fragment, Authentication, Encrypted Security Payload, Destination Options (second), followed by an Upper-layer header, indicating payload.

Question 29

Which of the following OSI layers is responsible for protocol conversion, data encryption/decryption, and data compression?

Options:

A.

Network layer

B.

Data-link layer

C.

Presentation layer

D.

Transport layer

Question 30

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.

You have configured a firewall on the network. A filter has been applied to block all the ports. You want to enable sending and receiving of emails on the network. Which of the following ports will you open?

Each correct answer represents a complete solution. Choose two.

Options:

A.

20

B.

25

C.

80

D.

110

Question 31

Which of the following command line tools are available in Helix Live acquisition tool on Windows?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

netstat

B.

ipconfig

C.

.cab extractors

D.

whois

Question 32

You work as a Network Administrator for NetTech Inc. You want to know the local IP address, subnet mask, and default gateway of a NIC in a Windows 98 computer. Which of the following utilities will you use to accomplish this ?

Options:

A.

TRACERT

B.

WINIPCFG

C.

NETSTAT

D.

FDISK

Question 33

Which of the following is the primary TCP/IP protocol used to transfer text and binary files over the Internet?

Options:

A.

PPTP

B.

SNMP

C.

FTP

D.

SMTP

Question 34

Which of the following encryption methods are used by the BlackBerry to provide security to the data stored in it?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Triple DES

B.

Blowfish

C.

AES

D.

RSA

Question 35

What are the advantages of stateless autoconfigration in IPv6?

Each correct answer represents a part of the solution. Choose three.

Options:

A.

Ease of use.

B.

It provides basic authentication to determine which systems can receive configuration data

C.

No server is needed for stateless autoconfigration.

D.

No host configuration is necessary.

Question 36

Adam works as a Security Administrator for Umbrella. A project has been assigned to him to test the network security of the company. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a company's icon to mark the progress of the test. Adam successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access.

How was security compromised and how did the firewall respond?

Options:

A.

The attack was Cross Site Scripting and the firewall blocked it.

B.

Security was not compromised as the webpage was hosted internally.

C.

The attack was social engineering and the firewall did not detect it.

D.

Security was compromised as keylogger is invisible for firewall.

Question 37

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple smallsized packets to the target computer. Hence, it becomes very difficult for an IDS to detect the attack signatures of such attacks. Which of the following tools can be used to perform session splicing attacks?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Nessus

B.

Y.A.T.

C.

Whisker

D.

Fragroute

Question 38

Which of the following Linux file systems is a journaled file system?

Options:

A.

ext3

B.

ext4

C.

ext2

D.

ext

Question 39

You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to investigate e-mail information of an employee of the company. The suspected employee is using an online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer will you review to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

History folder

B.

Download folder

C.

Cookies folder

D.

Temporary Internet Folder

Question 40

Which of the following work as traffic monitoring tools in the Linux operating system?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

MRTG

B.

John the Ripper

C.

IPTraf

D.

Ntop

Question 41

Which of the following proxy servers is also referred to as transparent proxies or forced proxies?

Options:

A.

Tunneling proxy server

B.

Reverse proxy server

C.

Anonymous proxy server

D.

Intercepting proxy server

Question 42

Which of the following methods is a behavior-based IDS detection method?

Options:

A.

Knowledge-based detection

B.

Protocol detection

C.

Statistical anomaly detection

D.

Pattern matching detection

Question 43

Which of the following honeypots is a low-interaction honeypot and is used by companies or corporations for capturing limited information about malicious hackers?

Options:

A.

Production honeypot

B.

Research honeypot

C.

Honeynet

D.

Honeyfarm

Question 44

Which of the following files in LILO booting process of Linux operating system stores the location of Kernel on the hard drive?

Options:

A.

/boot/boot.b

B.

/boot/map

C.

/sbin/lilo

D.

/etc/lilo.conf

Question 45

For a host to have successful Internet communication, which of the following network protocols are required? You should assume that the users will not manually configure the computer in anyway and that the measure of success will be whether the user can access Web sites after powering the computer and logging on.

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

DNS

B.

HTTP/HTTPS

C.

DHCP

D.

NTP

Question 46

Which of the following statements about a host-based intrusion prevention system (HIPS) are true?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It can detect events scattered over the network.

B.

It can handle encrypted and unencrypted traffic equally.

C.

It cannot detect events scattered over the network.

D.

It is a technique that allows multiple computers to share one or more IP addresses.

Question 47

Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS) to encrypt the data stored on a disk on a file-by-file basis?

Options:

A.

Public key

B.

Digital certificates

C.

Twofish

D.

RSA

Question 48

Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except ports that must be used.

He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about programs like Hping2 that can get into a network through covert channels.

Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?

Options:

A.

Block ICMP type 13 messages

B.

Block all outgoing traffic on port 21

C.

Block all outgoing traffic on port 53

D.

Block ICMP type 3 messages

Question 49

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. A firewall has been configured on the network. You configure a filter on the router. You verify that SMTP operations have stopped after the recent configuration. Which of the following ports will you have to open on the router to resolve the issue?

Options:

A.

25

B.

21

C.

80

D.

20

Question 50

Nathan works as a Computer Hacking Forensic Investigator for SecureEnet Inc. He uses Visual TimeAnalyzer software to track all computer usage by logging into individual users account or specific projects and compile detailed accounts of time spent within each program. Which of the following functions are NOT performed by Visual TimeAnalyzer?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It monitors all user data such as passwords and personal documents.

B.

It gives parents control over their children's use of the personal computer.

C.

It tracks work time, pauses, projects, costs, software, and internet usage.

D.

It records specific keystrokes and run screen captures as a background process.

Question 51

You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server

2008 network environment. The servers on the network run Windows Server 2008 R2. All client computers on the network run Windows 7 Ultimate. You have configured DirectAccess feature on the laptop of few sales managers so that they can access corporate network from remote locations. Their laptops run Windows 7 Ultimate. Which of the following options does the DirectAccess use to keep data safer while traveling through travels public networks?

Options:

A.

IPv6-over-IPsec

B.

IPSec-over-IPv4

C.

VPN

D.

SSL

Question 52

Adam works as a professional Computer Hacking Forensic Investigator. He has been called by the FBI to examine data of the hard disk, which is seized from the house of a suspected terrorist.

Adam decided to acquire an image of the suspected hard drive. He uses a forensic hardware tool, which is capable of capturing data from IDE, Serial ATA, SCSI devices, and flash cards. This tool can also produce MD5 and CRC32 hash while capturing the data. Which of the following tools is Adam using?

Options:

A.

ImageMASSter Solo-3

B.

ImageMASSter 4002i

C.

FireWire DriveDock

D.

Wipe MASSter

Question 53

At which layers of the OSI and TCP/IP models does IP addressing function?

Options:

A.

OSI Layer 5 and TCP/IP Transport Layer

B.

OSI Layer 2 and TCP/IP Network Layer

C.

OSI Layer 4 and TCP/IP Application Layer

D.

OSI Layer 3 and TCP/IP Internet Layer

Question 54

Users on a TCP/IP network are able to ping resources using IP addresses. However, they are unable to connect to those resources through their host names. A malfunction or failure of which of the following servers may be the cause of the issue?

Options:

A.

Proxy

B.

DHCP

C.

DNS

D.

WINS

Question 55

You work as a Network Administrator for Tech Perfect Inc. Your company has a Windows 2000- based network. You want to verify the connectivity of a host in the network. Which of the following utilities will you use?

Options:

A.

PING

B.

TELNET

C.

NETSTAT

D.

TRACERT

Question 56

Which of the following tools are used to determine the hop counts of an IP packet?

Each correct answer represents a complete solution. Choose two.

Options:

A.

TRACERT

B.

Ping

C.

IPCONFIG

D.

Netstat

Question 57

Which of the following is a correct sequence of different layers of Open System Interconnection (OSI) model?

Options:

A.

Physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer

B.

Physical layer, data link layer, network layer, transport layer, presentation layer, session layer, and application layer

C.

application layer, presentation layer, network layer, transport layer, session layer, data link layer, and physical layer

D.

Physical layer, network layer, transport layer, data link layer, session layer, presentation layer, and application layer

Question 58

Which of the following utilities allows to view all files including invisible files and folders on a Macintosh OS X?

Options:

A.

Directory Scan

B.

Folder Scan

C.

File Scan

D.

System Scan

Question 59

Sandra, a novice computer user, works on Windows environment. She experiences some problem regarding bad sectors formed in a hard disk of her computer. She wants to run CHKDSK command to check the hard disk for bad sectors and to fix the errors, if any, occurred. Which of the following switches will she use with CHKDSK command to accomplish the task?

Options:

A.

CHKDSK /I

B.

CHKDSK /R /F

C.

CHKDSK /C /L

D.

CHKDSK /V /X

Question 60

Which of the following Windows XP system files handles memory management, I/O operations, and interrupts?

Options:

A.

Ntoskrnl.exe

B.

Advapi32.dll

C.

Kernel32.dll

D.

Win32k.sys

Question 61

Which of the following forensic tool suite is developed for Linux operating system?

Options:

A.

Wetstone

B.

MForensicsLab

C.

ProDiscover

D.

S.M.A.R.T.

Question 62

What is the maximum size of an IP datagram for Ethernet?

Options:

A.

1200 bytes

B.

1024 bytes

C.

1500 bytes

D.

4500 bytes

Question 63

Which of the following statements are true about snort?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It develops a new signature to find vulnerabilities.

B.

It detects and alerts a computer user when it finds threats such as buffer overflows, stealth port scans, CGI attacks, SMB probes and NetBIOS queries, NMAP and other port scanners, well-known backdoors and system vulnerabilities, and DDoS clients.

C.

It encrypts the log file using the 256 bit AES encryption scheme algorithm.

D.

It is used as a passive trap to record the presence of traffic that should not be found on a network, such as NFS or Napster connections.

Question 64

Which of the following is NOT an Intrusion Detection System?

Options:

A.

Fragroute

B.

Stunnel

C.

Samhain

D.

AIDE

Question 65

Which of the following commands is used to flush the destination cache for IPv6 interface?

Options:

A.

netsh interface ipv6 reset cache

B.

netsh interface ipv6 delete destinationcache

C.

netsh interface ipv6 flush destinationcache

D.

netsh interface ipv6 remove destinationcache

Question 66

Mark works as a Network Security Administrator for BlueWells Inc. The company has a Windowsbased network. Mark is giving a presentation on Network security threats to the newly recruited employees of the company. His presentation is about the External threats that the company recently faced in the past. Which of the following statements are true about external threats?

Each correct answer represents a complete solution. Choose three.

Options:

A.

These are the threats that originate from outside an organization in which the attacker attempts to gain unauthorized access.

B.

These are the threats that originate from within the organization.

C.

These are the threats intended to flood a network with large volumes of access requests.

D.

These threats can be countered by implementing security controls on the perimeters of the network, such as firewalls, which limit user access to the Internet.

Question 67

Mark works as a Network administrator for SecureEnet Inc. His system runs on Mac OS X. He wants to boot his system from the Network Interface Controller (NIC). Which of the following snag keys will Mark use to perform the required function?

Options:

A.

D

B.

N

C.

Z

D.

C

Question 68

Which of the following is NOT the primary type of firewall?

Options:

A.

Network firewall

B.

Proxy based firewall

C.

Stateful inspection firewall

D.

Packet filter firewall

Question 69

Which of the following algorithms produces a digital signature which is used to authenticate the bit-stream images?

Options:

A.

MD6

B.

MD5

C.

BOINIC

D.

HashClash

Question 70

What is the name of the first computer virus that infected the boot sector of the MS-DOS operating system?

Options:

A.

Stoner

B.

Code Red

C.

Brain

D.

Sircam

Question 71

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. John wants to redirect all TCP port 80 traffic to UDP port 40, so that he can bypass the firewall of the We-are-secure server. Which of the following tools will John use to accomplish his task?

Options:

A.

PsExec

B.

PsList

C.

Fpipe

D.

Cain

Question 72

Which of the following is NOT the functional area of a forensic laboratory?

Options:

A.

Network facilities

B.

Evidence storage

C.

Administrative area

D.

Research area

Question 73

How many bits does IPv6 use in IP addresses?

Options:

A.

40 bits

B.

32 bits

C.

64 bits

D.

128 bits

Question 74

Which of the following are the two sub-layers present in Data Link layer of the OSI Reference model?

Options:

A.

Logical control and Link control

B.

Data control and Media Access control

C.

Machine Link control and Logical Link control

D.

Logical Link control and Media Access control

Question 75

Which of the following DOS commands is used to configure network protocols?

Options:

A.

netsh

B.

netsvc

C.

netstat

D.

ipconfig

Question 76

Which of the following is not a Denial of Service (DoS) attack?

Options:

A.

Smurf attack

B.

Code injection attack

C.

Ping of Death attack

D.

Teardrop attack

Load More GCIA Questions 
Page: 1 / 51
Total 508 questions
Get GCIA Full Access Download GCIA PDF