New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > GIAC > Security Administration > GCIA

GCIA GCIA – GIAC Certified Intrusion Analyst Practice Test Question and Answers

Question # 4

Which of the following is an example of a firewall?

A.

ZoneAlarm

B.

PatriotBox

C.

Specter

D.

KFSensor

Full Access
Question # 5

You work as a Network Administrator for Tech2tech Inc. You have configured a network-based IDS for your company.

You have physically installed sensors at all key positions throughout the network such that they all report to the command console.

What will be the key functions of the sensors in such a physical layout?

Each correct answer represents a complete solution. Choose all that apply.

A.

To collect data from operating system logs

B.

To notify the console with an alert if any intrusion is detected

C.

To analyze for known signatures

D.

To collect data from Web servers

Full Access
Question # 6

Which of the following utilities is used to verify the existence of a host in a network?

A.

IPCONFIG

B.

NETSTAT

C.

CHKDSK

D.

PING

Full Access
Question # 7

You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 domain-based network. The network has three Windows Server 2008 member servers and 150 Windows Vista client computers. According to the company's security policy, you apply Windows firewall setting to the computers on the network. Now, you are troubleshooting a connectivity problem that might be caused by Windows firewall. What will you do to identify connections that Windows firewall allows or blocks?

A.

Configure Internet Protocol Security (IPSec).

B.

Configure Network address translation (NAT).

C.

Disable Windows firewall logging.

D.

Enable Windows firewall logging.

Full Access
Question # 8

Which of the following IDs is used to reassemble the fragments of a datagram at the destination point?

A.

MAK ID

B.

IP address

C.

IP identification number

D.

SSID

Full Access
Question # 9

Fill in the blank with the appropriate term.

___________is the practice of monitoring and potentially restricting the flow of information outbound from one network to another

Full Access
Question # 10

Which of the following command-line utilities is used to show the state of current TCP/IP connections?

A.

PING

B.

TRACERT

C.

NETSTAT

D.

NSLOOKUP

Full Access
Question # 11

Which of the following tools performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs?

A.

Dsniff

B.

Snort

C.

Nikto

D.

Sniffer

Full Access
Question # 12

Andrew works as a System Administrator for NetPerfect Inc. All client computers on the network run on Mac OS X. The Sales Manager of the company complains that his MacBook is not able to boot. Andrew wants to check the booting process. He suspects that an error persists in the bootloader of Mac OS X. Which of the following is the default bootloader on Mac OS X that he should use to resolve the issue?

A.

LILO

B.

BootX

C.

NT Loader

D.

GRUB

Full Access
Question # 13

Mark works as a Network administrator for SecureEnet Inc. His system runs on Mac OS X. He wants to boot his system from the Network Interface Controller (NIC). Which of the following snag keys will Mark use to perform the required function?

A.

D

B.

N

C.

Z

D.

C

Full Access
Question # 14

Which of the following is a signature-based intrusion detection system (IDS) ?

A.

Snort

B.

StealthWatch

C.

RealSecure

D.

Tripwire

Full Access
Question # 15

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based routed network. You have recently come to know about the Slammer worm, which attacked computers in 2003 and doubled the number of infected hosts every 9 seconds or so. Slammer infected 75000 hosts in the first 10 minutes of the attack. To mitigate such security threats, you want to configure security tools on the network. Which of the following tools will you use?

A.

Intrusion Prevention Systems

B.

Firewall

C.

Intrusion Detection Systems

D.

Anti-x

Full Access
Question # 16

The promiscuous mode is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just packets addressed to it. Which of the following tools works by placing the host system network card into the promiscuous mode?

A.

NetStumbler

B.

Snort

C.

THC-Scan

D.

Sniffer

Full Access
Question # 17

You are the Network Administrator for a large corporate network. You want to monitor all network traffic on your local network for suspicious activities and receive a notification when a possible attack is in process. Which of the following actions will you take for this?

A.

Enable verbose logging on the firewall

B.

Install a network-based IDS

C.

Install a DMZ firewall

D.

Install a host-based IDS

Full Access
Question # 18

Which of the following tools is used to detect spam email without checking the content?

A.

Kismet

B.

EtherApe

C.

DCC

D.

Sniffer

Full Access
Question # 19

You are the Administrator for a Windows 2000 based network that uses DHCP to dynamically assign IP addresses to the clients and DNS servers. You want to ensure that the DNS servers can communicate with another DNS server. Which type of query will you run to achieve this?

A.

PATHPING

B.

NSLOOKUP

C.

PING

D.

Recursive

Full Access
Question # 20

Which of the following tools are used to determine the hop counts of an IP packet?

Each correct answer represents a complete solution. Choose two.

A.

TRACERT

B.

Ping

C.

IPCONFIG

D.

Netstat

Full Access
Question # 21

Which of the following Web attacks is performed by manipulating codes of programming languages such as SQL, Perl, Java present in the Web pages?

A.

Command injection attack

B.

Code injection attack

C.

Cross-Site Request Forgery

D.

Cross-Site Scripting attack

Full Access
Question # 22

You work as a Network Administrator for Tech Perfect Inc. The office network is configured as an IPv6 network. You have to configure a computer with the IPv6 address, which is equivalent to an IPv4 publicly routable address. Which of the following types of addresses will you choose?

A.

Site-local

B.

Global unicast

C.

Local-link

D.

Loopback

Full Access
Question # 23

Which of the following is known as a message digest?

A.

Hash function

B.

Hashing algorithm

C.

Spider

D.

Message authentication code

Full Access
Question # 24

Which of the following OSI layers is responsible for protocol conversion, data encryption/decryption, and data compression?

A.

Network layer

B.

Data-link layer

C.

Presentation layer

D.

Transport layer

Full Access
Question # 25

Which of the following utilities produces the output shown in the image below?

A.

IPCONFIG

B.

PING

C.

PATHPING

D.

TRACERT

Full Access
Question # 26

Which of the following utilities is used to display the current TCP/IP configuration of a Windows NT computer?

A.

NBTSTAT

B.

IPCONFIG

C.

CONFIG.SYS

D.

FTP

Full Access
Question # 27

Fill in the blank with the appropriate term.

___________ is a technique used to make sure that incoming packets are actually from the networks that they claim to be from.

Full Access
Question # 28

You work as a Network Administrator for McRobert Inc. Your company has a TCP/IP-based network. You want to get the protocol statistics and the active TCP/IP network connections of your computer. Which of the following will you use?

A.

IPSTAT

B.

SNMP

C.

ARP

D.

NBTSTAT

E.

NETSTAT

Full Access
Question # 29

Which of the following is a valid IP address for class B Networks?

A.

225.128.98.7

B.

80.33.5.7

C.

212.136.45.8

D.

172.157.88.3

Full Access
Question # 30

You work as a Network Administrator for NetTech Inc. You want to know the local IP address, subnet mask, and default gateway of a NIC in a Windows 98 computer. Which of the following utilities will you use to accomplish this ?

A.

TRACERT

B.

WINIPCFG

C.

NETSTAT

D.

FDISK

Full Access
Question # 31

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.

You have configured a firewall on the network. A filter has been applied to block all the ports. You want to enable sending and receiving of emails on the network. Which of the following ports will you open?

Each correct answer represents a complete solution. Choose two.

A.

20

B.

25

C.

80

D.

110

Full Access
Question # 32

Which of the following types of firewall ensures that the packets are part of the established session?

A.

Switch-level firewall

B.

Application-level firewall

C.

Stateful inspection firewall

D.

Circuit-level firewall

Full Access
Question # 33

Sandra, an expert computer user, hears five beeps while booting her computer that has AMI BIOS; and after that her computer stops responding. Sandra knows that during booting process POST produces different beep codes for different types of errors. Which of the following errors refers to this POST beep code?

A.

Display memory error

B.

Cache memory test failed

C.

Processor failure

D.

Mother board timer not operational

Full Access
Question # 34

Which of the following is the default port for TACACS?

A.

UDP port 49

B.

TCP port 80

C.

TCP port 25

D.

TCP port 443

Full Access
Question # 35

Adam works as a Security Administrator for Umbrella. A project has been assigned to him to test the network security of the company. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a company's icon to mark the progress of the test. Adam successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access.

How was security compromised and how did the firewall respond?

A.

The attack was Cross Site Scripting and the firewall blocked it.

B.

Security was not compromised as the webpage was hosted internally.

C.

The attack was social engineering and the firewall did not detect it.

D.

Security was compromised as keylogger is invisible for firewall.

Full Access
Question # 36

Which of the following command line tools are available in Helix Live acquisition tool on Windows?

Each correct answer represents a complete solution. Choose all that apply.

A.

netstat

B.

ipconfig

C.

.cab extractors

D.

whois

Full Access
Question # 37

You work as a Network Security Administrator for NetPerfect Inc. The company has a Windowsbased network. You are incharge of the data and network security of the company. While performing a threat log analysis, you observe that one of the database administrators is pilfering confidential data. What type of threat is this?

A.

Zombie

B.

External threat

C.

Internal threat

D.

Malware

Full Access
Question # 38

Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use Steganographic file system method to encrypt and hide some secret information. Which of the following disk spaces will he use to store this secret information?

Each correct answer represents a complete solution. Choose all that apply.

A.

Slack space

B.

Dumb space

C.

Hidden partition

D.

Unused Sectors

Full Access
Question # 39

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate computer of an unfaithful employee of SecureEnet Inc. Suspect's computer runs on Windows operating system. Which of the following sources will Adam investigate on a Windows host to collect the electronic evidences?

Each correct answer represents a complete solution. Choose all that apply.

A.

Allocated cluster

B.

Swap files

C.

Slack spaces

D.

Unused and hidden partition

Full Access
Question # 40

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to send malicious data packets in such a manner that one packet fragment overlaps data from a previous fragment so that he can perform IDS evasion on the We-are-secure server and execute malicious data. Which of the following tools can he use to accomplish the task?

A.

Hunt

B.

Alchemy Remote Executor

C.

Mendax

D.

Ettercap

Full Access
Question # 41

Which of the following intrusion detection systems (IDS) monitors network traffic and compares it against an established baseline?

A.

Signature-based

B.

Network-based

C.

File-based

D.

Anomaly-based

Full Access
Question # 42

Maria works as the Chief Security Officer for passguide Inc. She wants to send secret messages to the CEO of the company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Maria using?

A.

Encryption

B.

Public-key cryptography

C.

Steganography

D.

RSA algorithm

Full Access
Question # 43

Which of the following ports is used for DNS services?

A.

Port 7

B.

Port 53

C.

Port 80

D.

Port 23

Full Access
Question # 44

Which of the following algorithms produces a digital signature which is used to authenticate the bit-stream images?

A.

MD6

B.

MD5

C.

BOINIC

D.

HashClash

Full Access
Question # 45

Which of the following attacks is designed to deduce the brand and/or version of an operating system or application?

A.

Vulnerability assessment

B.

Banner grabbing

C.

OS fingerprinting

D.

Port scanning

Full Access
Question # 46

Which of the following is NOT an Intrusion Detection System?

A.

Fragroute

B.

Stunnel

C.

Samhain

D.

AIDE

Full Access
Question # 47

Which of the following partitions contains the system files that are used to start the operating system?

A.

Secondary partition

B.

Boot partition

C.

Primary partition

D.

System partition

Full Access
Question # 48

Which of the following DOS commands is used to configure network protocols?

A.

netsh

B.

netsvc

C.

netstat

D.

ipconfig

Full Access
Question # 49

Adam works as a Computer Hacking Forensic Investigator in a law firm. He has been assigned with his first project. Adam collected all required evidences and clues. He is now required to write an investigative report to present before court for further prosecution of the case. He needs guidelines to write an investigative report for expressing an opinion. Which of the following are the guidelines to write an investigative report in an efficient way?

Each correct answer represents a complete solution. Choose all that apply.

A.

All ideas present in the investigative report should flow logically from facts to conclusions.

B.

Opinion of a lay witness should be included in the investigative report.

C.

The investigative report should be understandable by any reader.

D.

There should not be any assumptions made about any facts while writing the investigative report.

Full Access
Question # 50

Which of the following is not a Denial of Service (DoS) attack?

A.

Smurf attack

B.

Code injection attack

C.

Ping of Death attack

D.

Teardrop attack

Full Access
Question # 51

What is the name of the group of blocks which contains information used by the operating system in Linux system?

A.

logblock

B.

Bootblock

C.

Superblock

D.

Systemblock

Full Access
Question # 52

Which of the following tools are used to determine the hop counts of an IP packet?

Each correct answer represents a complete solution. Choose two.

A.

TRACERT

B.

Ping

C.

IPCONFIG

D.

Netstat

Full Access
Question # 53

Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?

A.

Linux Live CD

B.

DOS boot disk

C.

Secure Authentication for EnCase (SAFE)

D.

EnCase with a hardware write blocker

Full Access
Question # 54

Which of the following are the two sub-layers present in Data Link layer of the OSI Reference model?

A.

Logical control and Link control

B.

Data control and Media Access control

C.

Machine Link control and Logical Link control

D.

Logical Link control and Media Access control

Full Access
Question # 55

Which of the following statements are true about an IPv6 network?

Each correct answer represents a complete solution. Choose all that apply.

A.

For interoperability, IPv4 addresses use the last 32 bits of IPv6 addresses.

B.

It increases the number of available IP addresses.

C.

It provides improved authentication and security.

D.

It uses 128-bit addresses.

E.

It uses longer subnet masks than those used in IPv4.

Full Access
Question # 56

Which of the following NETSH commands for interface Internet protocol version 4 (IPv4) is used to delete a DNS server or all DNS servers from a list of DNS servers for a specified interface or for all interfaces?

A.

alter dnsserver

B.

delete dnsserver

C.

disable dnsserver

D.

remove dnsserver

Full Access
Question # 57

Which of the following commands is used to flush the destination cache for IPv6 interface?

A.

netsh interface ipv6 reset cache

B.

netsh interface ipv6 delete destinationcache

C.

netsh interface ipv6 flush destinationcache

D.

netsh interface ipv6 remove destinationcache

Full Access
Question # 58

Which of the following wireless network standards operates on the 5 GHz band and transfers data at a rate of 54 Mbps?

A.

802.11g

B.

802.11a

C.

802.11u

D.

802.11b

Full Access
Question # 59

Which of the following types of Intrusion detection systems (IDS) is used for port mirroring?

A.

Port address-based IDS

B.

Network-based IDS (NIDS)

C.

Host-based IDS (HIDS)

D.

Anomaly-based IDS

Full Access
Question # 60

Which of the following NETSH commands for interface Internet protocol version 4 (IPv4) is used to delete a DNS server or all DNS servers from a list of DNS servers for a specified interface or for all interfaces?

A.

disable dnsserver

B.

alter dnsserver

C.

delete dnsserver

D.

remove dnsserver

Full Access
Question # 61

Which of the following parts of hard disk in Mac OS X File system stores information related to the files?

A.

Resource fork

B.

Data fork

C.

System fork

D.

Log fork

Full Access
Question # 62

Which of the following tools is used to recover data and partitions, and can run on Windows, Linux, SunOS, and Macintosh OS X operating systems?

A.

GetDataBack

B.

Acronis Recovery Expert

C.

Active@ Disk Image

D.

TestDisk

Full Access
Question # 63

Which of the following protocols is used to translate IP addresses to Ethernet addresses?

A.

Border Gateway Protocol (BGP)

B.

Routing Information Protocol (RIP)

C.

Address Resolution Protocol (ARP)

D.

Internet Control Message Protocol (ICMP)

Full Access
Question # 64

Which of the following Windows Registry key contains the password file of the user?

A.

HKEY_USER

B.

HKEY_DYN_DATA

C.

HKEY_LOCAL_MACHINE

D.

HKEY_CURRENT_CONFIG

Full Access
Question # 65

Which of the following commands displays the IPX routing table entries?

A.

sh ipx traffic

B.

sh ipx int e0

C.

sh ipx route

D.

sho ipx servers

Full Access
Question # 66

You work as a Network Administrator for McNeil Inc. The company's Windows 2000-based network is configured with Internet Security and Acceleration (ISA) Server 2000. You configure intrusion detection on the server. Which of the following alerts notifies that repeated attempts to a destination computer are being made and no corresponding ACK (acknowledge) packet is being communicated?

A.

IP half scan attack

B.

UDP bomb attack

C.

Land attack

D.

Ping of death attack

Full Access
Question # 67

Which of the following ports is used by e-mail clients to send request to connect to the server?

A.

Port 21

B.

Port 20

C.

Port 23

D.

Port 25

Full Access
Question # 68

________ is a command-line tool that can check the DNS registration of a domain controller.

A.

NBTSTAT

B.

NETSH

C.

DNSCMD

D.

DCDIAG

Full Access
Question # 69

Peter works as a System Administrator for TechSoft Inc. The company uses Linux-based systems.

Peter's manager suspects that someone is trying to log in to his computer in his absence. Which of the following commands will Peter run to show the last unsuccessful login attempts, as well as the users who have last logged in to the manager's system?

Each correct answer represents a complete solution. Choose two.

A.

lastb

B.

pwd

C.

last

D.

rwho -a

Full Access
Question # 70

You work as a Network Administrator for McRobert Inc. Your company has a TCP/IP-based network.

You want to know the statistics of each protocol installed on your computer. Which of the following commands will you use?

A.

NBTSTAT -r

B.

NETSTAT -s

C.

NETSTAT -r

D.

NBTSTAT -s

Full Access
Question # 71

Mark works as a Network Administrator for Infonet Inc. The company has a Windows 2000 domainbased network. Mark wants to block all NNTP traffic between the network and the Internet. How will he configure the network?

A.

Disable anonymous logins in the NNTP configuration manager.

B.

Block port 25 by configuring the firewall.

C.

Block port 119 by configuring the firewall.

D.

Block TCP port 80 by configuring the firewall.

Full Access
Question # 72

Which of the following ports is used by NTP for communication?

A.

143

B.

123

C.

161

D.

53

Full Access
Question # 73

Which of the following partitions contains the system files that are used to start the operating system?

A.

Boot partition

B.

System partition

C.

Secondary partition

D.

Primary partition

Full Access
Question # 74

You work as a Network Administrator for PassGuide Inc. The company has deployed an ASA at the network perimeter. Which of the following types of firewall will you use to create two different communications, one between the client and the firewall, and the other between the firewall and the end server?

A.

Proxy-based firewall

B.

Endian firewall

C.

Stateful firewall

D.

Packet filter firewall

Full Access
Question # 75

Which of the following is an example of a social engineering attack?

A.

Phishing

B.

Man-in-the-middle attack

C.

Browser Sniffing

D.

E-mail bombing

Full Access
Question # 76

Andrew, a bachelor student of Faulkner University, creates a gmail account. He uses 'Faulkner' as the password for the gmail account. After a few days, he starts receiving a lot of e-mails stating that his gmail account has been hacked. He also finds that some of his important mails have been deleted by someone. Which of the following methods has the attacker used to crack Andrew's password?

Each correct answer represents a complete solution. Choose all that apply.

A.

Zero-day attack

B.

Dictionary-based attack

C.

Rainbow attack

D.

Denial-of-service (DoS) attack

E.

Brute force attack

F.

Buffer-overflow attack

G.

Password guessing

Full Access