GIAC GCIA Free Practice Questions

NEW QUESTION 1
Mark works as a Network Security Administrator for BlueWells Inc. The company has a Windowsbased network. Mark is giving a presentation on Network security threats to the newly recruited employees of the company. His presentation is about the External threats that the company recently faced in the past. Which of the following statements are true about external threats?
Each correct answer represents a complete solution. Choose three.

• A. These threats can be countered by implementing security controls on the perimeters of the network, such as firewalls, which limit user access to the Interne
• B. These are the threats intended to flood a network with large volumes of access request
• C. These are the threats that originate from outside an organization in which the attacker attempts to gain unauthorized acces
• D. These are the threats that originate from within the organizatio

Answer: ABC

NEW QUESTION 2
You are using the TRACERT utility to trace the route to CertLeader.com. You receive the following output:
Which of the following conclusions can you draw from viewing the output?
Each correct answer represents a complete solution. Choose two.

• A. Everything is fin
• B. One of the routers on the path to the destination is not functiona
• C. The destination computer is not operationa
• D. The IP address of the destination computer is not resolve

Answer: BC

NEW QUESTION 3
Which of the following terms is used to represent IPv6 addresses?

• A. Colon-dot
• B. Colon-hexadecimal
• C. Hexadecimal-dot notation
• D. Dot notation

Answer: B

NEW QUESTION 4
Adam works as a professional Computer Hacking Forensic Investigator. He works with the local police.
A project has been assigned to him to investigate an iPod, which was seized from a student of the high school. It is suspected that the explicit child pornography contents are stored in the iPod. Adam wants to investigate the iPod extensively. Which of the following operating systems will Adam use to carry out his investigations in more extensive and elaborate manner?

• A. Linux
• B. Mac OS
• C. MINIX 3
• D. Windows XP

Answer: B

NEW QUESTION 5
Which of the following Linux/UNIX commands is used to delete files permanently so that the files cannot be recovered?

• A. del
• B. shred
• C. erase
• D. rm

Answer: B

NEW QUESTION 6
Mark works as a Network Security Administrator for BlueWells Inc. The company has a Windowsbased network. Mark is giving a presentation on Network security threats to the newly recruited employees of the company. His presentation is about the External threats that the company recently faced in the past. Which of the following statements are true about external threats?
Each correct answer represents a complete solution. Choose three.

• A. These are the threats that originate from outside an organization in which the attacker attempts to gain unauthorized acces
• B. These are the threats that originate from within the organizatio
• C. These are the threats intended to flood a network with large volumes of access request
• D. These threats can be countered by implementing security controls on the perimeters of the network, such as firewalls, which limit user access to the Interne

Answer: ACD

NEW QUESTION 7
Which of the following file systems supports the hot fixing feature?

• A. FAT16
• B. exFAT
• C. NTFS
• D. FAT32

Answer: C

NEW QUESTION 8
Which of the following protocols is used by TFTP as a file transfer protocol?

• A. UDP
• B. SNMP
• C. TCP
• D. SMTP

Answer: A

NEW QUESTION 9
John works as a Network Administrator for DigiNet Inc. He wants to investigate failed logon attempts to a network. He uses Log Parser to detail out the failed logons over a specific time frame. He uses the following commands and query to list all failed logons on a specific date:
logparser.exe file:FailedLogons.sql -i:EVT -o:datagrid
SELECT
timegenerated AS LogonTime,
extract_token(strings, 0, '|') AS UserName
FROM Security
WHERE EventID IN (529;
530;
531;
532;
533;
534;
535;
537;
539)
AND to_string(timegenerated,'yyyy-MM-dd HH:mm:ss') like '2004-09%'
After investigation, John concludes that two logon attempts were made by using an expired account. Which of the following EventID refers to this failed logon?

• A. 532
• B. 531
• C. 534
• D. 529

Answer: A

NEW QUESTION 10
Peter works as a professional Computer Hacking Forensic Investigator for eLaw-Suit law firm. He is working on a case of a cyber crime. Peter knows that the good investigative report should not only communicate the relevant facts, but also present expert opinion. This report should not include the cases in which the expert acted as a lay witness. Which of the following type of witnesses is a lay witness?

• A. One who can give a firsthand account of something seen, heard, or experience
• B. One with special knowledge of the subject about which he or she is testifyin
• C. One who observes an even
• D. One who is not qualified as an expert witnes

Answer: D

NEW QUESTION 11
Which of the following cryptographic methods are used in EnCase to ensure the integrity of the data, which is acquired for the investigation?
Each correct answer represents a complete solution. Choose two.

• A. CRC
• B. HAVAL
• C. Twofish
• D. MD5

Answer: AD

NEW QUESTION 12
Which of the following commands is used to verify the hash value in Netcat?

• A. type
• B. check
• C. mount
• D. checksum

Answer: A

NEW QUESTION 13
Which of the following Windows XP system files handles memory management, I/O operations, and interrupts?

• A. Ntoskrnl.exe
• B. Advapi32.dll
• C. Kernel32.dll
• D. Win32k.sys

Answer: C

NEW QUESTION 14
Which of the following IDs is used to reassemble the fragments of a datagram at the destination point?

• A. MAK ID
• B. IP address
• C. IP identification number
• D. SSID

Answer: C

NEW QUESTION 15
Victor works as a network administrator for DataSecu Inc. He uses a dual firewall Demilitarized
Zone (DMZ) to insulate the rest of the network from the portions that is available to the Internet.
Which of the following security threats may occur if DMZ protocol attacks are performed?
Each correct answer represents a complete solution. Choose all that apply.

• A. Attacker can perform Zero Day attack by delivering a malicious payload that is not a part of the intrusion detection/prevention systems guarding the networ
• B. Attacker can gain access to the Web server in a DMZ and exploit the databas
• C. Attacker managing to break the first firewall defense can access the internal network without breaking the second firewall if it is differen
• D. Attacker can exploit any protocol used to go into the internal network or intranet of the com pany

Answer: ABD

NEW QUESTION 16
Which of the following attacks is designed to deduce the brand and/or version of an operating system or application?

• A. Vulnerability assessment
• B. Banner grabbing
• C. OS fingerprinting
• D. Port scanning

Answer: B

NEW QUESTION 17
Which of the following types of Intrusion detection systems (IDS) is used for port mirroring?

• A. Port address-based IDS
• B. Network-based IDS (NIDS)
• C. Host-based IDS (HIDS)
• D. Anomaly-based IDS

Answer: B

NEW QUESTION 18
Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?

• A. Linux Live CD
• B. DOS boot disk
• C. Secure Authentication for EnCase (SAFE)
• D. EnCase with a hardware write blocker

Answer: C

NEW QUESTION 19
Which of the following commands used in Linux to create bit-stream images?

• A. ss
• B. xcopy
• C. dd
• D. img

Answer: C

NEW QUESTION 20
......