Summer Sale Coupon - 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sbfdisc

GCIA PDF

$44

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

GCIA PDF + Testing Engine

$70.4

$175.99

3 Months Free Update

  • Exam Name: GCIA - GIAC Certified Intrusion Analyst Practice Test
  • Last Update: Apr 17, 2024
  • Questions and Answers: 508
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

GCIA Engine

$52.8

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

GCIA Practice Exam Questions with Answers GCIA - GIAC Certified Intrusion Analyst Practice Test Certification

Question # 6

Maria works as the Chief Security Officer for passguide Inc. She wants to send secret messages to the CEO of the company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Maria using?

A.

Encryption

B.

Public-key cryptography

C.

Steganography

D.

RSA algorithm

Full Access
Question # 7

You work as a Network Administrator of a TCP/IP network. You are having DNS resolution problem. Which of the following utilities will you use to diagnose the problem?

A.

IPCONFIG

B.

PING

C.

TRACERT

D.

NSLOOKUP

Full Access
Question # 8

You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server2008 network environment. The network is configured as a Windows Active Directory-based single forest single domain network. The network is configured on IP version 6 protocol. All the computers on the network are connected to a switch device. One day, users complain that they are unable to connect to a file server. You try to ping the client computers from the server, but the pinging fails. You try to ping the server's own loopback address, but it fails to ping. You restart the server, but the problem persists.

What is the most likely cause?

A.

The switch device is not working.

B.

The cable that connects the server to the switch is broken.

C.

Automatic IP addressing is not working.

D.

The server's NIC is not working.

E.

The server is configured with unspecified IP address.

Full Access
Question # 9

By gaining full control of router, hackers often acquire full control of the network. Which of the following methods are commonly used to attack Routers?

Each correct answer represents a complete solution. Choose all that apply.

A.

By launching Sequence++ attack

B.

Route table poisoning

C.

By launching Social Engineering attack

D.

By launching Max Age attack

Full Access
Question # 10

You work as a technician for Tech Perfect Inc. You are troubleshooting an Internet name resolution issue. You ping your ISP's DNS server address and find that the server is down. You want to continuously ping the DNS address until you have stopped the command. Which of the following commands will you use?

A.

ping -a

B.

ping -l

C.

ping -t

D.

ping –n

Full Access
Question # 11

Which of the following commands will you use with the tcpdump command to capture the traffic from a filter stored in a file?

A.

tcpdump -A file_name

B.

tcpdump -D file_name

C.

tcpdump -X file_name

D.

tcpdump -F file_name

Full Access
Question # 12

Victor wants to send an encrypted message to his friend. He is using certain steganography technique to accomplish this task. He takes a cover object and changes it accordingly to hide information. This secret information is recovered only when the algorithm compares the changed cover with the original cover. Which of the following Steganography methods is Victor using to accomplish the task?

A.

The distortion technique

B.

The spread spectrum technique

C.

The cover generation technique

D.

The substitution technique

Full Access
Question # 13

Which of the following algorithms produces a digital signature which is used to authenticate the bit-stream images?

A.

MD6

B.

MD5

C.

BOINIC

D.

HashClash

Full Access
Question # 14

Which of the following tools performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs?

A.

Dsniff

B.

Snort

C.

Nikto

D.

Sniffer

Full Access
Question # 15

Which of the following Web attacks is performed by manipulating codes of programming languages such as SQL, Perl, Java present in the Web pages?

A.

Command injection attack

B.

Code injection attack

C.

Cross-Site Request Forgery

D.

Cross-Site Scripting attack

Full Access
Question # 16

Which of the following DNS resource records is used to resolve a host name to an IPv6 address?

A.

AAAA

B.

HINFO

C.

CNAME

D.

A

Full Access
Question # 17

Which of the following is the default port for Simple Network Management Protocol (SNMP)?

A.

TCP port 110

B.

TCP port 25

C.

TCP port 80

D.

UDP port 161

Full Access
Question # 18

How many bits does IPv6 use in IP addresses?

A.

40 bits

B.

32 bits

C.

64 bits

D.

128 bits

Full Access
Question # 19

In which of the following attacks does a hacker imitate a DNS server and obtain the entire DNS database?

A.

Illicit zone transfer attack

B.

DNS poisoning attack

C.

Illicit poisoning attack

D.

DNS transfer attack

Full Access
Question # 20

Which of the following are the two sub-layers present in Data Link layer of the OSI Reference model?

A.

Logical control and Link control

B.

Data control and Media Access control

C.

Machine Link control and Logical Link control

D.

Logical Link control and Media Access control

Full Access
Question # 21

Mark works as a Network administrator for SecureEnet Inc. His system runs on Mac OS X. He wants to boot his system from the Network Interface Controller (NIC). Which of the following snag keys will Mark use to perform the required function?

A.

D

B.

N

C.

Z

D.

C

Full Access
Question # 22

Adam works as a Computer Hacking Forensic Investigator in a law firm. He has been assigned with his first project. Adam collected all required evidences and clues. He is now required to write an investigative report to present before court for further prosecution of the case. He needs guidelines to write an investigative report for expressing an opinion. Which of the following are the guidelines to write an investigative report in an efficient way?

Each correct answer represents a complete solution. Choose all that apply.

A.

All ideas present in the investigative report should flow logically from facts to conclusions.

B.

Opinion of a lay witness should be included in the investigative report.

C.

The investigative report should be understandable by any reader.

D.

There should not be any assumptions made about any facts while writing the investigative report.

Full Access
Question # 23

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. John wants to redirect all TCP port 80 traffic to UDP port 40, so that he can bypass the firewall of the We-are-secure server. Which of the following tools will John use to accomplish his task?

A.

PsExec

B.

PsList

C.

Fpipe

D.

Cain

Full Access
Question # 24

Which of the following can be applied as countermeasures against DDoS attacks?

Each correct answer represents a complete solution. Choose all that apply.

A.

Limiting the amount of network bandwidth

B.

Blocking IP address

C.

Using LM hashes for passwords

D.

Using Intrusion detection systems

E.

Using the network-ingress filtering

Full Access
Question # 25

Which of the following proxy servers can be used for spamming?

A.

Caching proxy server

B.

Web proxy server

C.

Open proxy server

D.

Anonymizing proxy server

Full Access
Question # 26

Which of the following command-line utilities is used to show the state of current TCP/IP connections?

A.

PING

B.

TRACERT

C.

NETSTAT

D.

NSLOOKUP

Full Access
Question # 27

In which of the following IKE phases the IPsec endpoints establish parameters for a secure ISAKMP session?

A.

IKE Phase 2.5

B.

IKE Phase 2

C.

IKE Phase 1

D.

IKE Phase 1.5

Full Access
Question # 28

Which of the following standard file formats is used by Apple's iPod to store contact information?

A.

HFS+

B.

vCard

C.

FAT32

D.

hCard

Full Access
Question # 29

Which of the following tools allows an attacker to intentionally craft the packets to gain unauthorized access?

Each correct answer represents a complete solution. Choose two.

A.

Tcpdump

B.

Ettercap

C.

Mendax

D.

Fragroute

Full Access
Question # 30

You are the Administrator for a Windows 2000 based network that uses DHCP to dynamically assign IP addresses to the clients and DNS servers. You want to ensure that the DNS servers can communicate with another DNS server. Which type of query will you run to achieve this?

A.

PATHPING

B.

NSLOOKUP

C.

PING

D.

Recursive

Full Access
Question # 31

Which of the following statements are true about an IPv6 network?

Each correct answer represents a complete solution. Choose all that apply.

A.

For interoperability, IPv4 addresses use the last 32 bits of IPv6 addresses.

B.

It increases the number of available IP addresses.

C.

It provides improved authentication and security.

D.

It uses 128-bit addresses.

E.

It uses longer subnet masks than those used in IPv4.

Full Access
Question # 32

At which layers of the OSI and TCP/IP models does IP addressing function?

A.

OSI Layer 5 and TCP/IP Transport Layer

B.

OSI Layer 2 and TCP/IP Network Layer

C.

OSI Layer 4 and TCP/IP Application Layer

D.

OSI Layer 3 and TCP/IP Internet Layer

Full Access
Question # 33

Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment within the work place. Peter started with the definition and types of sexual harassment. He then wants to convey that it is important that records of the sexual harassment incidents should be maintained, which helps in further legal prosecution. Which of the following data should be recorded in this documentation?

Each correct answer represents a complete solution. Choose all that apply.

A.

Names of the victims

B.

Date and time of incident

C.

Nature of harassment

D.

Location of each incident

Full Access
Question # 34

You work as a Network Administrator for Tech2tech Inc. You have configured a network-based IDS for your company.

You have physically installed sensors at all key positions throughout the network such that they all report to the command console.

What will be the key functions of the sensors in such a physical layout?

Each correct answer represents a complete solution. Choose all that apply.

A.

To collect data from operating system logs

B.

To notify the console with an alert if any intrusion is detected

C.

To analyze for known signatures

D.

To collect data from Web servers

Full Access
Question # 35

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. A firewall has been configured on the network. You configure a filter on the router. You verify that SMTP operations have stopped after the recent configuration. Which of the following ports will you have to open on the router to resolve the issue?

A.

25

B.

21

C.

80

D.

20

Full Access
Question # 36

Which of the following commands displays the IPX routing table entries?

A.

sh ipx traffic

B.

sh ipx route

C.

sh ipx int e0

D.

sho ipx servers

Full Access
Question # 37

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has written the following snort signature:

GCIA question answer

Which of the following statements about this snort signature is true?

A.

It detects the session splicing IDS evasion attack.

B.

It detects AOL IM chat.

C.

It detects Yahoo IM chat.

D.

It detects the bad file attachments coming to the mail server.

Full Access
Question # 38

You work as a Desktop Support Technician for umbrella Inc. The company uses a Windows-based network. An employee of the production department is facing the problem in the IP configuration of the network connection.

He called you to resolve the issue. You suspect that the IP configuration is not configured properly. You want to use the ping command to ensure that IPv4 protocol is working on a computer. While running the ping command from the command prompt, you find that Windows Firewall is blocking the ping command. You enter the following command in the elevated command prompt on the computer:

netsh advfirewall firewall add rule name="ICMPv4" protocol=icmpv4:any,any dir=in action=allow

Which of the following actions will this command perform?

A.

Permit ICMPv4 packet to pass through the firewall.

B.

Permit ICMPv4 Echo Request.

C.

Enable packet filtering by Windows Firewall.

D.

Disable Firewall temporarily.

Full Access
Question # 39

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based routed network. You have recently come to know about the Slammer worm, which attacked computers in 2003 and doubled the number of infected hosts every 9 seconds or so. Slammer infected 75000 hosts in the first 10 minutes of the attack. To mitigate such security threats, you want to configure security tools on the network. Which of the following tools will you use?

A.

Intrusion Prevention Systems

B.

Firewall

C.

Intrusion Detection Systems

D.

Anti-x

Full Access
Question # 40

Which of the following techniques is used to identify attacks originating from a botnet?

A.

IFilter

B.

BPF-based filter

C.

Passive OS fingerprinting

D.

Recipient filtering

Full Access
Question # 41

Which of the following work as traffic monitoring tools in the Linux operating system?

Each correct answer represents a complete solution. Choose all that apply.

A.

MRTG

B.

John the Ripper

C.

IPTraf

D.

Ntop

Full Access
Question # 42

Mark has been assigned a project to configure a wireless network for a company. The network should contain a Windows 2003 server and 30 Windows XP client computers. Mark has a single dedicated Internet connection that has to be shared among all the client computers and the server. The configuration needs to be done in a manner that the server should act as a proxy server for the client computers. Which of the following programs can Mark use to fulfill this requirement?

A.

Microsoft Internet Security & Acceleration Server (ISA)

B.

Wingate

C.

Sniffer

D.

SOCKS

Full Access
Question # 43

Which of the following is the default port for Simple Network Management Protocol (SNMP)?

A.

TCP port 110

B.

TCP port 25

C.

TCP port 80

D.

UDP port 161

Full Access
Question # 44

You are concerned about outside attackers penetrating your network via your company Web server. You wish to place your Web server between two firewalls. One firewall between the Web server and the outside world. The other between the Web server and your network. What is this called?

A.

DMZ

B.

SPI firewall

C.

IDS

D.

Application Gateway firewall

Full Access
Question # 45

Which of the following types of Intrusion detection systems (IDS) is used for port mirroring?

A.

Port address-based IDS

B.

Network-based IDS (NIDS)

C.

Host-based IDS (HIDS)

D.

Anomaly-based IDS

Full Access
Question # 46

Which of the following partitions contains the system files that are used to start the operating system?

A.

Secondary partition

B.

Boot partition

C.

Primary partition

D.

System partition

Full Access
Question # 47

Which of the following wireless network standards operates on the 5 GHz band and transfers data at a rate of 54 Mbps?

A.

802.11g

B.

802.11a

C.

802.11u

D.

802.11b

Full Access
Question # 48

Which of the following is NOT the functional area of a forensic laboratory?

A.

Network facilities

B.

Evidence storage

C.

Administrative area

D.

Research area

Full Access
Question # 49

Which of the following techniques is used to log network traffic?

A.

Cracking

B.

IP address spoofing

C.

Tunneling

D.

Sniffing

Full Access
Question # 50

Which of the following firewalls depends on the three-way handshake of the TCP protocol?

A.

Stateful firewall

B.

Endian firewall

C.

Proxy-based firewall

D.

Packet filter firewall

Full Access
Question # 51

You work as a Network Administrator for McNeil Inc. The company has a TCP/IP-based network.

You are configuring an Internet connection for your company. Your Internet service provider (ISP) has a UNIX-based server. Which of the following utilities will enable you to access the UNIX server, using a text-based connection?

A.

TELNET

B.

IPCONFIG

C.

PING

D.

FTP

E.

TRACERT

Full Access
Question # 52

In which of the following IDS evasion attacks does an attacker send a data packet such that IDS accepts the data packet but the host computer rejects it?

A.

Fragmentation overlap attack

B.

Evasion attack

C.

Fragmentation overwrite attack

D.

Insertion attack

Full Access
Question # 53

Which of the following statements is NOT true about FAT16 file system?

Each correct answer represents a complete solution. Choose all that apply.

A.

FAT16 file system supports Linux operating system.

B.

FAT16 file system supports file-level compression.

C.

FAT16 file system works well with large disks because the cluster size increases as the disk partition size increases.

D.

FAT16 does not support file-level security.

Full Access
Question # 54

What is the order of the extension headers that is followed by IPv6?

A.

Destination Options (first), Routing, IPv6 header, Hop-by-Hop, Fragment, Authentication, Encrypted Security Payload, Destination Options (second), followed by an Upper-layer header, indicating payload.

B.

Routing, Hop-by-Hop, Destination Options (first), Fragment, Authentication, Encrypted Security Payload, Destination Options (second), followed by an Upper-layer header, indicating payload.

C.

Fragment, Routing, Hop-by-Hop, Destination Options (first), Authentication, Encrypted Security Payload, Destination Options (second), followed by an Upper-layer header, indicating payload.

D.

IPv6 header, Hop-by-Hop, Destination Options (first), Routing, Fragment, Authentication, Encrypted Security Payload, Destination Options (second), followed by an Upper-layer header, indicating payload.

Full Access
Question # 55

Which of the following are the types of intrusion detection systems?

Each correct answer represents a complete solution. Choose all that apply.

A.

Server-based intrusion detection system (SIDS)

B.

Network intrusion detection system (NIDS)

C.

Client-based intrusion detection system (CIDS)

D.

Host-based intrusion detection system (HIDS)

Full Access
Question # 56

John works as a Security Administrator for NetPerfect Inc. The company uses Windows-based systems. A project has been assigned to John to track malicious hackers and to strengthen the company's security system. John configures a computer system to trick malicious hackers into thinking that it is the company's main server, which in fact is a decoy system to track hackers.

Which system is John using to track the malicious hackers?

A.

Honeypot

B.

Honeytokens

C.

Intrusion Detection System (IDS)

D.

Bastion host

Full Access
Question # 57

Which of the following is a valid IP address for class B Networks?

A.

225.128.98.7

B.

80.33.5.7

C.

212.136.45.8

D.

172.157.88.3

Full Access
Question # 58

Which of the following is an expression of interference that triggers a false positive signal during an intrusion detection process performed by IDS?

A.

Confidence value

B.

Handshake

C.

Site policy

D.

Noise

Full Access
Question # 59

Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?

A.

DOS boot disk

B.

EnCase with a hardware write blocker

C.

Linux Live CD

D.

Secure Authentication for EnCase (SAFE)

Full Access
Question # 60

Which of the following switches is used with Pslist command on the command line to show the statistics for all active threads on the system, grouping these threads with their owning process?

A.

Pslist -x

B.

Pslist -m

C.

Pslist -t

D.

Pslist -d

Full Access
Question # 61

Andrew, a bachelor student of Faulkner University, creates a gmail account. He uses 'Faulkner' as the password for the gmail account. After a few days, he starts receiving a lot of e-mails stating that his gmail account has been hacked. He also finds that some of his important mails have been deleted by someone. Which of the following methods has the attacker used to crack Andrew's password?

Each correct answer represents a complete solution. Choose all that apply.

A.

Zero-day attack

B.

Dictionary-based attack

C.

Rainbow attack

D.

Denial-of-service (DoS) attack

E.

Brute force attack

F.

Buffer-overflow attack

G.

Password guessing

Full Access
Question # 62

Which of the following is not a valid Failed Logon EventID?

A.

535

B.

536

C.

534

D.

533

Full Access
Question # 63

You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP-based network. The network is connected to the Internet through a firewall. A user complains that he is unable to access the abc.com site. However, he can access all other sites. Which of the following tools will help you diagnose the problem?

A.

IPCONFIG

B.

ROUTE

C.

TELNET

D.

TRACERT

Full Access
Question # 64

Which of the following networks relies on the tunneling protocol?

A.

Wide Area Network (WAN)

B.

Virtual Private Network (VPN)

C.

Local Area Network (LAN)

D.

Wireless Network

Full Access
Question # 65

What netsh command should be run to enable IPv6 routing?

Each correct answer represents a part of the solution. Choose two.

A.

netsh interface IPv6 show interface

B.

netsh interface IPv6 add routes

C.

netsh interface IPv6 set interface

D.

netsh interface IPv6 add address

Full Access
Question # 66

Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?

A.

Brute Force attack

B.

Hybrid attack

C.

Dictionary attack

D.

Rainbow attack

Full Access
Question # 67

Which of the following is computed from an arbitrary block of digital data for the purpose of detecting accidental errors?

A.

Hash buster

B.

Firewall

C.

Checksum

D.

Hash filter

Full Access
Question # 68

Which of the following is the best method of accurately identifying the services running on a victim host?

A.

Use of hit and trial method to guess the services and ports of the victim host.

B.

Use of a port scanner to scan each port to confirm the services running.

C.

Use of a vulnerability scanner to try to probe each port to verify which service is running.

D.

Use of the manual method of telnet to each of the open ports.

Full Access
Question # 69

You work as a Desktop Support Technician for umbrella Inc. The company uses a Windows-based network. An employee from the sales department is facing problem in the IP configuration of the network connection. He called you to resolve the issue. You suspect that the IP configuration is not configured properly. You want to use the ping command to ensure that IPv4 protocol is working on a computer. While running the ping command from the command prompt, you find that Windows Firewall is blocking the ping command. What is the cause of the issue?

A.

Core Networking Firewall rules do not allow IPv4 or IPv6.

B.

Windows Firewall rules do not allow Core Networking Tools.

C.

Windows Firewall blocks the command line tools.

D.

Core Networking Firewall rules do not allow ICMPv4 or ICMPv6 Echo Requests.

Full Access
Question # 70

Which of the following ICMP types refers to the message "Time Exceeded"?

A.

Type 4

B.

Type 12

C.

Type 11

D.

Type 5

Full Access
Question # 71

Which of the following IP packet elements is responsible for authentication while using IPSec?

A.

Authentication Header (AH)

B.

Layer 2 Tunneling Protocol (L2TP)

C.

Internet Key Exchange (IKE)

D.

Encapsulating Security Payload (ESP)

Full Access
Question # 72

Which of the following processes is used to convert plain text into cipher text?

A.

Encryption

B.

Decryption

C.

Encapsulation

D.

Steganography

Full Access
Question # 73

You work as a Network Administrator for McRobert Inc. You want to know the NetBIOS name of your computer. Which of the following commands will you use?

A.

NETSTAT -n

B.

NETSTAT -s

C.

NBTSTAT -n

D.

NBTSTAT -s

Full Access
Question # 74

Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform acts like account hijacking, history theft etc. Which of the following types of Cross-Site Scripting attack Ryan intends to do?

A.

Non persistent

B.

SAX

C.

Persistent

D.

Document Object Model (DOM)

Full Access
Question # 75

What is the maximum size of an IP datagram for Ethernet?

A.

4500 bytes

B.

1024 bytes

C.

1200 bytes

D.

1500 bytes

Full Access
Question # 76

Which of the following ICMPv6 neighbor discovery messages is sent by hosts to request an immediate router advertisement, instead of waiting for the next scheduled advertisement?

A.

Neighbor Solicitation

B.

Router Solicitation

C.

Neighbor Advertisement

D.

Router Advertisement

Full Access