GCIA - GIAC Certified Intrusion Analyst
Go back to GIAC
You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 domain-based network. The network has three Windows Server 2008 member servers and 150 Windows Vista client computers. The network contains a Windows Server 2008 Core computer. You want to install the DNS server role on the Windows Server 2008 Core computer. Which of the following commands will you use to accomplish the task?
start /w ocsetup DNS-Server-Core-Role
Which of the following tools can be used for passive OS fingerprinting?
Which of the following tools can be used to view active telnet sessions?
Which of the following tools allows an attacker to intentionally craft the packets to gain unauthorized access? Each correct answer represents a complete solution. Choose two.
Which of the following software is used for Steganography?
Which of the following is a hardware/software platform that is designed to analyze, detect, and report on security related events. NIPS is designed to inspect traffic and based on its configuration or security policy, it can drop the malicious traffic?
John enters a URL http://www.cisco.com/web/learning in the web browser. A web page appears after he enters the URL. Which of the following protocols is used to resolve www.cisco.com into the correct IP address?
Peter works as a professional Computer Hacking Forensic Investigator for eLaw-Suit law firm. He is working on a case of a cyber crime. Peter knows that the good investigative report should not only communicate the relevant facts, but also present expert opinion. This report should not include the cases in which the expert acted as a lay witness. Which of the following type of witnesses is a lay witness?
One who is not qualified as an expert witness.
Which of the following is not a Denial of Service (DoS) attack?
Code injection attack
Which of the following activities will you use to retrieve user names, and info on groups, shares, and services of networked computers?
John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks? Each correct answer represents a complete solution. Choose all that apply.
Brute Force attack
Which of the following NETSH commands for interface Internet protocol version 4 (IPv4) is used to delete a DNS server or all DNS servers from a list of DNS servers for a specified interface or for all interfaces?
Which of the following tools is an open source protocol analyzer that can capture traffic in real time?
Adam works on a Linux system. He is using Sendmail as the primary application to transmit e- mails. Linux uses Syslog to maintain logs of what has occurred on the system. Which of the following log files contains e-mail information such as source and destination IP addresses, date and time stamps etc?
Which of the following distributes incorrect IP address to divert the traffic?
Domain name server (DNS) poisoning
Which of the following hacking tools provides shell access over ICMP?
Which of the following commands will you use with the tcpdump command to display the contents of the packets?
Which of the following statements is NOT true about the file slack spaces in Windows operating system?
Large cluster size will decrease the volume of the file slack.
What is the process of detecting unauthorized access known as?
Which of the following technologies is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet?
Intrusion detection system (IDS)
Which of the following is the default port for File Transport Protocol (FTP)?
Which of the following commands used in Linux to create bit-stream images?
The promiscuous mode is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just packets addressed to it. Which of the following tools works by placing the host system network card into the promiscuous mode?
Which of the following encryption methods are used by the BlackBerry to provide security to the data stored in it? Each correct answer represents a complete solution. Choose two.
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except ports that must be used. He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about programs like Hping2 that can get into a network through covert channels. Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?
Block ICMP type 13 messages
Which of the following tools is used to analyze a system and report any unsigned drivers found?
Which of the following file systems supports the hot fixing feature?
Which of the following configuration schemes in IPv6 allows a client to automatically configure its own IP address with or without IPv6 routers?
Which of the following is a reason to implement security logging on a DNS server?
For monitoring unauthorized zone transfer
John works as a Network Administrator for DigiNet Inc. He wants to investigate failed logon attempts to a network. He uses Log Parser to detail out the failed logons over a specific time frame. He uses the following commands and query to list all failed logons on a specific date: logparser.exe file:FailedLogons.sql -i:EVT -o:datagrid SELECT timegenerated AS LogonTime, extract_token(strings, 0, '|') AS UserName FROM Security WHERE EventID IN (529; 530; 531; 532; 533; 534; 535; 537; 539) AND to_string(timegenerated,'yyyy-MM-dd HH:mm:ss') like '2004-09%' After investigation, John concludes that two logon attempts were made by using an expired account. Which of the following EventID refers to this failed logon?
Which of the following terms describes an attempt to transfer DNS zone data?
Which of the following ports is used by e-mail clients to send request to connect to the server?
Which of the following tools is described below? It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.
You work as a Network Administrator for Tech Perfect Inc. Your company has a Windows 2000- based network. You want to verify the connectivity of a host in the network. Which of the following utilities will you use?
Which of the following types of firewall functions by creating two different communications, one between the client and the firewall, and the other between the firewall and the end server?
Which of the following honeypots is a low-interaction honeypot and is used by companies or corporations for capturing limited information about malicious hackers?
Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate and examine drive image of a compromised system, which is suspected to be used in cyber crime. Adam uses Forensic Sorter to sort the contents of hard drive in different categories. Which of the following type of image formats is NOT supported by Forensic Sorter?
iso image file
Which of the following ports can be used for IP spoofing?
You work as a Network Administrator for SmartCert Inc. The company's network contains five Windows 2003 servers and ninety Windows XP Professional client computers. You want to view all the incoming requests to an Internet Information Services (IIS) server and allow only requests that comply with a rule set, created by you, to be processed. You also want to detect the intrusion attempts by recognizing the strange characters in a URL on a Web server. What will you do to accomplish the task?
Use the URLScan tool.
Which of the following techniques is used to identify attacks originating from a botnet?
Passive OS fingerprinting
How many bits does IPv6 use in IP addresses?
John works as a Network Security Administrator for NetPerfect Inc. The manager of the company has told John that the company's phone bill has increased drastically. John suspects that the company's phone system has been cracked by a malicious hacker. Which attack is used by malicious hackers to crack the phone system?
Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer?
Which of the following is a valid IP address for class B Networks?
With reference to the given case study, one of the security goals requires to configure a secure connection between the Boston distribution center and the headquarters. You want to implement IP filter to fulfill the security requirements. How should you implement IP filters at the headquarters? (Viewon the toolbar to see the case study.)
Add source filters for the Boston distribution center for UDP port 1701 and IP protocol 50. Add destination filters for the headquarters for UDP port 1701 and IP protocol 50.
You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP-based network. The network is connected to the Internet through a firewall. A user complains that he is unable to access the abc.com site. However, he can access all other sites. Which of the following tools will help you diagnose the problem?
You are concerned about outside attackers penetrating your network via your company Web server. You wish to place your Web server between two firewalls. One firewall between the Web server and the outside world. The other between the Web server and your network. What is this called?
You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 domainbased network. The network has three Windows Server 2008 member servers and 150 Windows Vista client computers. According to the company's security policy, you apply Windows firewall setting to the computers on the network. Now, you are troubleshooting a connectivity problem that might be caused by Windows firewall. What will you do to identify connections that Windows firewall allows or blocks?
Enable Windows firewall logging.
Which of the following is an automated vulnerability assessment tool?
What is the name of the group of blocks which contains information used by the operating system in Linux system?