Cyber Monday Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GIAC GCIA - GCIA – GIAC Certified Intrusion Analyst Practice Test

GIAC GCIA Premium Access     Download Demo    
Page: 4 / 11
Total 508 questions

Which of the following Denial-of-Service (DoS) attacks employ IP fragmentation mechanism?

Each correct answer represents a complete solution. Choose two.

A.

SYN flood attack

B.

Teardrop attack

C.

Land attack

D.

Ping of Death attack

Adam works as a Security Administrator for Umbrella. A project has been assigned to him to test the network security of the company. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a company's icon to mark the progress of the test. Adam successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access.

How was security compromised and how did the firewall respond?

A.

The attack was Cross Site Scripting and the firewall blocked it.

B.

Security was not compromised as the webpage was hosted internally.

C.

The attack was social engineering and the firewall did not detect it.

D.

Security was compromised as keylogger is invisible for firewall.

You are a professional Computer Hacking forensic investigator. You have been called to collect the evidences of Buffer Overflows or Cookie snooping attack. Which of the following logs will you review to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

A.

Event logs

B.

Program logs

C.

Web server logs

D.

System logs

An attacker wants to launch an attack on a wired Ethernet. He wants to accomplish the following tasks:

Sniff data frames on a local area network.

Modify the network traffic.

Stop the network traffic frequently.

Which of the following techniques will the attacker use to accomplish the task?

A.

IP spoofing

B.

Eavesdropping

C.

ARP spoofing

D.

Session hijacking

Victor works as a professional Ethical Hacker for SecureEnet Inc. He wants to scan the wireless network of the company. He uses a tool that is a free open-source utility for network exploration.

The tool uses raw IP packets to determine the following:

What ports are open on our network systems.

What hosts are available on the network.

Identify unauthorized wireless access points.

What services (application name and version) those hosts are offering.

What operating systems (and OS versions) they are running.

What type of packet filters/firewalls are in use.

Which of the following tools is Victor using?

A.

Nessus

B.

Nmap

C.

Sniffer

D.

Kismet

What are the limitations of the POP3 protocol?

Each correct answer represents a complete solution. Choose three.

A.

E-mails can be retrieved only from the Inbox folder of a mailbox. E-mails stored in any other folder are not accessible.

B.

It is only a retrieval protocol. It is designed to work with other applications that provide the ability to send e-mails.

C.

It does not support retrieval of encrypted e-mails.

D.

It uses less memory space.

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate and examine drive image of a compromised system, which is suspected to be used in cyber crime. Adam uses Forensic Sorter to sort the contents of hard drive in different categories. Which of the following type of image formats is NOT supported by Forensic Sorter?

A.

EnCase image file

B.

PFR image file

C.

RAW image file

D.

iso image file

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple smallsized packets to the target computer. Hence, it becomes very difficult for an IDS to detect the attack signatures of such attacks. Which of the following tools can be used to perform session splicing attacks?

Each correct answer represents a complete solution. Choose all that apply.

A.

Nessus

B.

Y.A.T.

C.

Whisker

D.

Fragroute

Which of the following tools works by using standard set of MS-DOS commands and can create an MD5 hash of an entire drive, partition, or selected files?

A.

DriveSpy

B.

Ontrack

C.

Device Seizure

D.

Forensic Sorter

John works as a Security Administrator for NetPerfect Inc. The company uses Windows-based systems. A project has been assigned to John to track malicious hackers and to strengthen the company's security system. John configures a computer system to trick malicious hackers into thinking that it is the company's main server, which in fact is a decoy system to track hackers.

Which system is John using to track the malicious hackers?

A.

Honeypot

B.

Honeytokens

C.

Intrusion Detection System (IDS)

D.

Bastion host

Which of the following is the default port for TACACS?

A.

UDP port 49

B.

TCP port 80

C.

TCP port 25

D.

TCP port 443

When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known as __________.

A.

True negative

B.

True positive

C.

False negative

D.

False positive

Ben works as a Network Administrator in Business Software Solutions Ltd. The company uses a Windowsbased operating system throughout its network. Ben finds the following mail exchange record on the server:

max1.passguide.com. IN A 613.0.2.1

IN AAAA 4ffe:d00:1:1::88

Which of the following conclusions can Ben derive from this record?

A.

It indicates the configuration of the POP3 server (max1) on the site passguide.com on how to handle e-mails from the site 613.0.2.1 and an internal computer with NIC address 4ffe:d00:1:1::88.

B.

It indicates the preference of the record.

C.

It indicates the configuration of the SMTP server (max1) on the site passguide.com on how to handle e-mails from the site 613.0.2.1 and an internal computer with NIC address 4ffe:d00:1:1::88.

D.

It indicates part of the DNS configuration for the primary server to handle both IPV4 and IPV6 requests.

Which of the following firewalls operates at three layers- Layer3, Layer4, and Layer5?

A.

Circuit-level firewall

B.

Application layer firewall

C.

Dynamic packet-filtering firewall

D.

Proxy firewall

The following output is generated by running the show ip route command:

RouterA#show ip route

< - - Output Omitted for brevity - ->

Which next hop address will RouterA use in forwarding traffic to 10.10.100.0/24?

A.

172.18.50.1

B.

192.168.10.0

C.

172.18.1.1

D.

172.18.60.1