Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium GIAC GCIA Dumps Questions Answers

Page: 1 / 19
Total 508 questions

GCIA - GIAC Certified Intrusion Analyst Practice Test Questions and Answers

Question 1

Which of the following tools is used to recover data and partitions, and can run on Windows, Linux, SunOS, and Macintosh OS X operating systems?

Options:

A.

GetDataBack

B.

Acronis Recovery Expert

C.

Active@ Disk Image

D.

TestDisk

Buy Now
Question 2

Which of the following utilities is used for decrypting WEP encryption on an 802.11b network?

Options:

A.

Wireshark

B.

NetStumbler

C.

Airsnort

D.

Kismet

Question 3

Which of the following IP packet elements is responsible for authentication while using IPSec?

Options:

A.

Authentication Header (AH)

B.

Layer 2 Tunneling Protocol (L2TP)

C.

Internet Key Exchange (IKE)

D.

Encapsulating Security Payload (ESP)

Question 4

Which of the following ICMP types refers to the message "Time Exceeded"?

Options:

A.

Type 4

B.

Type 12

C.

Type 11

D.

Type 5

Question 5

Which of the following ports can be used for IP spoofing?

Options:

A.

Whois 43

B.

POP 110

C.

NNTP 119

D.

Rlogin 513

Question 6

Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?

Options:

A.

Brute Force attack

B.

Hybrid attack

C.

Dictionary attack

D.

Rainbow attack

Question 7

You work as a Desktop Support Technician for umbrella Inc. The company uses a Windows-based network. An employee from the sales department is facing problem in the IP configuration of the network connection. He called you to resolve the issue. You suspect that the IP configuration is not configured properly. You want to use the ping command to ensure that IPv4 protocol is working on a computer. While running the ping command from the command prompt, you find that Windows Firewall is blocking the ping command. What is the cause of the issue?

Options:

A.

Core Networking Firewall rules do not allow IPv4 or IPv6.

B.

Windows Firewall rules do not allow Core Networking Tools.

C.

Windows Firewall blocks the command line tools.

D.

Core Networking Firewall rules do not allow ICMPv4 or ICMPv6 Echo Requests.

Question 8

Which of the following terms is used to represent IPv6 addresses?

Options:

A.

Hexadecimal-dot notation

B.

Colon-dot

C.

Dot notation

D.

Colon-hexadecimal

Question 9

Which of the following tools is used to analyze a system and report any unsigned drivers found?

Options:

A.

regedit.exe

B.

sigverify.exe

C.

sigverif.exe

D.

msconfig

Question 10

Which of the following tools is used to collect volatile data over a network?

Options:

A.

Liveview

B.

Netcat

C.

Pdd

D.

FTimes

Question 11

Which of the following is true for XSS, SQL injection, and RFI?

Options:

A.

These are Trojans.

B.

These are hacking tools.

C.

These are types of Web application vulnerabilities.

D.

These are viruses.

Question 12

Steve works as a Network Administrator for Blue Tech Inc. All client computers in the company run the Windows Vista operating system. He often travels long distances on official duty. While traveling, he connects to the office server through his laptop by using remote desktop connection.

He wants to run an application that is available on the server of the company. When he connects to the server, he gets a message that the connection is blocked by the firewall. He returns to his office to resolve the issue. He opens the Windows Firewall Settings dialog box. What actions should he perform in the dialog box given below to accomplish the task?

Options:

A.

Question 13

Mark works as a Network Administrator for Infonet Inc. The company has a Windows 2000 domainbased network. Mark wants to block all NNTP traffic between the network and the Internet. How will he configure the network?

Options:

A.

Disable anonymous logins in the NNTP configuration manager.

B.

Block port 25 by configuring the firewall.

C.

Block port 119 by configuring the firewall.

D.

Block TCP port 80 by configuring the firewall.

Question 14

Where is the Hypertext Transfer Protocol (HTTP) used?

Options:

A.

On a client/server-based Wide Area Network (WAN).

B.

On the Internet to download text files and graphic files.

C.

On a peer-to-peer based Local Area Network (LAN).

D.

On the World Wide Web (WWW) to display SQL database statistics.

E.

On the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages.

Question 15

You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 domain-based network. The network has three Windows Server 2008 member servers and 150 Windows Vista client computers. The network contains a Windows Server 2008 Core computer. You want to install the DNS server role on the Windows Server 2008 Core computer. Which of the following commands will you use to accomplish the task?

Options:

A.

start /w ocsetup DnsServercorerole

B.

net start "dns server"

C.

start /w ocsetup DNS-Server-Core-Role

D.

start /w ocsetup DnsServer

Question 16

In the DNS Zone transfer enumeration, an attacker attempts to retrieve a copy of the entire zone file for a domain from a DNS server. The information provided by the DNS zone can help an attacker gather user names, passwords, and other valuable information. To attempt a zone transfer, an attacker must be connected to a DNS server that is the authoritative server for that zone. Besides this, an attacker can launch a Denial of Service attack against the zone's DNS servers by flooding them with a lot of requests. Which of the following tools can an attacker use to perform a DNS zone transfer?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Dig

B.

Host

C.

NSLookup

D.

DSniff

Question 17

Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer?

Options:

A.

Swatch

B.

IPLog

C.

Timbersee

D.

Snort

Question 18

You work as a Network Administrator for McRobert Inc. Your company has a TCP/IP-based network.

You want to know the statistics of each protocol installed on your computer. Which of the following commands will you use?

Options:

A.

NBTSTAT -r

B.

NETSTAT -s

C.

NETSTAT -r

D.

NBTSTAT -s

Question 19

Which of the following tools allows an attacker to intentionally craft the packets to gain unauthorized access?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Fragroute

B.

Ettercap

C.

Mendax

D.

Tcpdump

Question 20

You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server2008 network environment. The network is configured as a Windows Active Directory-based single forest single domain network. The network is configured on IP version 6 protocol. All the computers on the network are connected to a switch device. One day, users complain that they are unable to connect to a file server. You try to ping the client computers from the server, but the pinging fails. You try to ping the server's own loopback address, but it fails to ping. You restart the server, but the problem persists.

What is the most likely cause?

Options:

A.

The switch device is not working.

B.

The cable that connects the server to the switch is broken.

C.

Automatic IP addressing is not working.

D.

The server's NIC is not working.

E.

The server is configured with unspecified IP address.

Question 21

Which of the following is the default port used by Simple Mail Transfer Protocol (SMTP)?

Options:

A.

80

B.

25

C.

20

D.

21

Question 22

Which of the following configuration schemes in IPv6 allows a client to automatically configure its own IP address with or without IPv6 routers?

Options:

A.

Stateless autoconfiguration

B.

Stateful autoconfiguration

C.

Stateless configuration

D.

Stateful configuration

Question 23

Which of the following proxy servers is placed anonymously between the client and remote server and handles all of the traffic from the client?

Options:

A.

Caching proxy server

B.

Web proxy server

C.

Forced proxy server

D.

Open proxy server

Question 24

Which of the following technologies is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet?

Options:

A.

Demilitarized zone (DMZ)

B.

Intrusion detection system (IDS)

C.

Firewall

D.

Packet filtering

Question 25

Which of the following utilities is used to display the current TCP/IP configuration of a Windows NT computer?

Options:

A.

NBTSTAT

B.

IPCONFIG

C.

CONFIG.SYS

D.

FTP

Question 26

You work as a Network Administrator for McRobert Inc. Your company has a TCP/IP-based network. You want to get the protocol statistics and the active TCP/IP network connections of your computer. Which of the following will you use?

Options:

A.

IPSTAT

B.

SNMP

C.

ARP

D.

NBTSTAT

E.

NETSTAT

Question 27

You are using a Windows-based sniffer named ASniffer to record the data traffic of a network. You have extracted the following IP Header information of a randomly chosen packet from the sniffer's log:

45 00 00 28 00 00 40 00 29 06 43 CB D2 D3 82 5A 3B 5E AA 72

Which of the following TTL decimal values and protocols are being carried by the IP Header of this packet?

Options:

A.

41, UDP

B.

16, ICMP

C.

41, TCP

D.

16, UDP

Question 28

You are using the TRACERT utility to trace the route to passguide.com. You receive the following output:

Which of the following conclusions can you draw from viewing the output?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Everything is fine.

B.

One of the routers on the path to the destination is not functional.

C.

The destination computer is not operational.

D.

The IP address of the destination computer is not resolved.

Question 29

Which of the following is used as a default port by the TELNET utility?

Options:

A.

21

B.

80

C.

23

D.

20

Question 30

Sandra, an expert computer user, hears five beeps while booting her computer that has AMI BIOS; and after that her computer stops responding. Sandra knows that during booting process POST produces different beep codes for different types of errors. Which of the following errors refers to this POST beep code?

Options:

A.

Display memory error

B.

Cache memory test failed

C.

Processor failure

D.

Mother board timer not operational

Question 31

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate computer of an unfaithful employee of SecureEnet Inc. Suspect's computer runs on Windows operating system. Which of the following sources will Adam investigate on a Windows host to collect the electronic evidences?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Allocated cluster

B.

Swap files

C.

Slack spaces

D.

Unused and hidden partition

Question 32

You work as a Network Administrator of a TCP/IP network. You are having DNS resolution problem. Which of the following utilities will you use to diagnose the problem?

Options:

A.

IPCONFIG

B.

PING

C.

TRACERT

D.

NSLOOKUP

Question 33

Which of the following is a valid IP address for class B Networks?

Options:

A.

225.128.98.7

B.

80.33.5.7

C.

212.136.45.8

D.

172.157.88.3

Question 34

Maria works as the Chief Security Officer for passguide Inc. She wants to send secret messages to the CEO of the company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Maria using?

Options:

A.

Encryption

B.

Public-key cryptography

C.

Steganography

D.

RSA algorithm

Question 35

Which of the following IPv4 to IPv6 transition methods uses encapsulation of IPv6 packets to traverse IPv4 networks?

Options:

A.

Dual-stack

B.

Translation

C.

Tunneling

D.

Stack

Question 36

Which of the following is the default port for Hypertext Transfer Protocol (HTTP)?

Options:

A.

23

B.

21

C.

80

D.

25

Question 37

Which of the following programs is used to add words to spam e-mails so that the e-mail is not considered spam and therefore is delivered as if it were a normal message?

Options:

A.

Adler-32

B.

Hash filtrer

C.

Hash buster

D.

Checksum

Question 38

In which of the following IDS evasion attacks does an attacker send a data packet such that IDS accepts the data packet but the host computer rejects it?

Options:

A.

Fragmentation overlap attack

B.

Evasion attack

C.

Fragmentation overwrite attack

D.

Insertion attack

Question 39

Sasha wants to add an entry to your DNS database for your mail server. Which of the following types of resource records will she use to accomplish this?

Options:

A.

ANAME

B.

SOA

C.

MX

D.

CNAME

Question 40

Which of the following command-line utilities is used to show the state of current TCP/IP connections?

Options:

A.

PING

B.

TRACERT

C.

NETSTAT

D.

NSLOOKUP

Question 41

Which of the following techniques allows probing firewall rule-sets and finding entry points into the targeted system or network?

Options:

A.

Network enumerating

B.

Packet collision

C.

Distributed Checksum Clearinghouse

D.

Packet crafting

Question 42

Computer networks and the Internet are the prime mode of Information transfer today. Which of the following is a technique used for modifying messages, providing Information and Cyber security, and reducing the risk of hacking attacks during communications and message passing over the Internet?

Options:

A.

Risk analysis

B.

Cryptography

C.

Firewall security

D.

OODA loop

Question 43

Which of the following components are usually found in an Intrusion detection system (IDS)?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Sensor

B.

Gateway

C.

Firewall

D.

Modem

E.

Console

Question 44

Sandra, a novice computer user, works on Windows environment. She experiences some problem regarding bad sectors formed in a hard disk of her computer. She wants to run CHKDSK command to check the hard disk for bad sectors and to fix the errors, if any, occurred. Which of the following switches will she use with CHKDSK command to accomplish the task?

Options:

A.

CHKDSK /I

B.

CHKDSK /R /F

C.

CHKDSK /C /L

D.

CHKDSK /V /X

Question 45

You work as a System Administrator for McNeil Inc. The company has a Linux-based network. You are a root user on the Red Hat operating system. Your network is configured for IPv6 IP addressing. Which of the following commands will you use to test TCP/IP connectivity?

Options:

A.

ping6

B.

ifconfig

C.

traceroute

D.

ping

Question 46

You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 Active Directory-based single forest multiple domain IPv4 network. All the DNS servers on the network run Windows Server 2008. The users in the network use NetBIOS name to connect network application on the network. You have migrated the network to IPv6-enabled network. Now you want to enable DNS Server to perform lookups in GlobalNames Zone. Which of the following commands will you use to accomplish the task?

Options:

A.

Dnscmd /config /enableglobalnames 1

B.

Dnscmd /config /enableglobalnamessupport 0

C.

Dnscmd /config /enableglobalnamessupport 1

D.

Dnscmd /config /globalnamesqueryorder 0

Question 47

Which of the following file systems is designed by Sun Microsystems?

Options:

A.

NTFS

B.

CIFS

C.

ZFS

D.

ext2

Question 48

Fill in the blank with the appropriate term.

___________is the practice of monitoring and potentially restricting the flow of information outbound from one network to another

Options:

Question 49

You work as a Network Administrator for TechPerfect Inc. The company has a corporate intranet setup. A router is configured on your network to connect outside hosts to the internetworking. For security, you want to prevent outside hosts from pinging to the hosts on the internetwork. Which of the following steps will you take to accomplish the task?

Options:

A.

Block the ICMP protocol through ACL.

B.

Block the IPv6 protocol through ACL.

C.

Block the UDP protocol through ACL.

D.

Block the TCP protocol through ACL.

Question 50

You are concerned about outside attackers penetrating your network via your company Web server. You wish to place your Web server between two firewalls. One firewall between the Web server and the outside world. The other between the Web server and your network. What is this called?

Options:

A.

DMZ

B.

SPI firewall

C.

IDS

D.

Application Gateway firewall

Question 51

Which of the following honeypots is a low-interaction honeypot and is used by companies or corporations for capturing limited information about malicious hackers?

Options:

A.

Production honeypot

B.

Research honeypot

C.

Honeynet

D.

Honeyfarm

Question 52

Which of the following tools allows an attacker to intentionally craft the packets to gain unauthorized access?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Tcpdump

B.

Ettercap

C.

Mendax

D.

Fragroute

Question 53

In which of the following IKE phases the IPsec endpoints establish parameters for a secure ISAKMP session?

Options:

A.

IKE Phase 2.5

B.

IKE Phase 2

C.

IKE Phase 1

D.

IKE Phase 1.5

Question 54

Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform acts like account hijacking, history theft etc.

Which of the following types of Cross-Site Scripting attack Ryan intends to do?

Options:

A.

Document Object Model (DOM)

B.

Non persistent

C.

SAX

D.

Persistent

Question 55

Which of the following methods is a behavior-based IDS detection method?

Options:

A.

Knowledge-based detection

B.

Protocol detection

C.

Statistical anomaly detection

D.

Pattern matching detection

Question 56

Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform a user must install a packet capture library.

What is the name of this library?

Options:

A.

libpcap

B.

WinPCap

C.

PCAP

D.

SysPCap

Question 57

Which of the following well-known ports is used by BOOTP?

Options:

A.

TCP 161

B.

UDP 69

C.

TCP 21

D.

UDP 67

Question 58

Which of the following tools are used to determine the hop counts of an IP packet?

Each correct answer represents a complete solution. Choose two.

Options:

A.

TRACERT

B.

Ping

C.

IPCONFIG

D.

Netstat

Question 59

Which of the following algorithms produces a digital signature which is used to authenticate the bit-stream images?

Options:

A.

MD6

B.

MD5

C.

BOINIC

D.

HashClash

Question 60

Which of the following ports is used for DNS services?

Options:

A.

Port 7

B.

Port 53

C.

Port 80

D.

Port 23

Question 61

John works as a professional Ethical Hacker. He has been assigned a project to test the security of John wants to redirect all TCP port 80 traffic to UDP port 40, so that he can bypass the firewall of the We-are-secure server. Which of the following tools will John use to accomplish his task?

Options:

A.

PsExec

B.

PsList

C.

Fpipe

D.

Cain

Question 62

Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?

Options:

A.

Linux Live CD

B.

DOS boot disk

C.

Secure Authentication for EnCase (SAFE)

D.

EnCase with a hardware write blocker

Question 63

Which of the following attacks is used to hack simple alphabetical passwords?

Options:

A.

Dictionary-based attack

B.

Sniffing

C.

Man-in-the-middle attack

D.

Black hat attack

Question 64

Sandra, a novice computer user, works on Windows environment. She experiences some problem regarding bad sectors formed in a hard disk of her computer. She wants to run CHKDSK command to check the hard disk for bad sectors and to fix the errors, if any, occurred. Which of the following switches will she use with CHKDSK command to accomplish the task?

Options:

A.

CHKDSK /I

B.

CHKDSK /R /F

C.

CHKDSK /C /L

D.

CHKDSK /V /X

Question 65

Which of the following proxy servers can be used for spamming?

Options:

A.

Caching proxy server

B.

Web proxy server

C.

Open proxy server

D.

Anonymizing proxy server

Question 66

Which of the following attacks is designed to deduce the brand and/or version of an operating system or application?

Options:

A.

Vulnerability assessment

B.

Banner grabbing

C.

OS fingerprinting

D.

Port scanning

Question 67

Which of the following is a checksum algorithm?

Options:

A.

Dsniff

B.

Adler-32

C.

Hash buster

D.

Snort

Question 68

You work as a Network Administrator for Tech Perfect Inc. Your company has a Windows 2000- based network. You want to verify the connectivity of a host in the network. Which of the following utilities will you use?

Options:

A.

PING

B.

TELNET

C.

NETSTAT

D.

TRACERT

Question 69

Routers work at which layer of the OSI reference model?

Options:

A.

Transport

B.

Physical

C.

Presentation

D.

Network

Question 70

Mark works as a Network Security Administrator for BlueWells Inc. The company has a Windowsbased network. Mark is giving a presentation on Network security threats to the newly recruited employees of the company. His presentation is about the External threats that the company recently faced in the past. Which of the following statements are true about external threats?

Each correct answer represents a complete solution. Choose three.

Options:

A.

These are the threats that originate from outside an organization in which the attacker attempts to gain unauthorized access.

B.

These are the threats that originate from within the organization.

C.

These are the threats intended to flood a network with large volumes of access requests.

D.

These threats can be countered by implementing security controls on the perimeters of the network, such as firewalls, which limit user access to the Internet.

Question 71

Which of the following NETSH commands for interface Internet protocol version 4 (IPv4) is used to delete a DNS server or all DNS servers from a list of DNS servers for a specified interface or for all interfaces?

Options:

A.

disable dnsserver

B.

alter dnsserver

C.

delete dnsserver

D.

remove dnsserver

Question 72

Which of the following hacking tools provides shell access over ICMP?

Options:

A.

John the Ripper

B.

Loki

C.

Nessus

D.

Nmap

Question 73

Which of the following types of Intrusion detection systems (IDS) is used for port mirroring?

Options:

A.

Port address-based IDS

B.

Network-based IDS (NIDS)

C.

Host-based IDS (HIDS)

D.

Anomaly-based IDS

Question 74

What is the process of detecting unauthorized access known as?

Options:

A.

Intrusion detection

B.

Misuse detection

C.

Anomaly detection

D.

Integrity detection

Question 75

Which of the following is NOT an Intrusion Detection System?

Options:

A.

Fragroute

B.

Stunnel

C.

Samhain

D.

AIDE

Question 76

Mark works as a Network administrator for SecureEnet Inc. His system runs on Mac OS X. He wants to boot his system from the Network Interface Controller (NIC). Which of the following snag keys will Mark use to perform the required function?

Options:

A.

D

B.

N

C.

Z

D.

C

Page: 1 / 19
Total 508 questions