Katy Morgan
- Apr 14, 2021
- 4 min read

Introduction to GIAC Certified Intrusion Analyst (GCIA) Exam

The GIAC GCIA Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the GCIA certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. These study guides for the GIAC Intrusion Analyst will help guide you through the study process for your certification.

GCIA pdf, GCIA questions, GCIA exam guide, GCIA practice test, GCIA books, GCIA tutorial, GCIA syllabus, GCIA study guide, GCIA, GCIA sample questions, GCIA exam questions, GCIA study guide pdf, GCIA dumps free pdf, GCIA preparation tips, GCIA exam, GCIA certification, GCIA certification exam, GCIA dumps free download, GCIA dumps free, GIAC Intrusion Analyst, GIAC Intrusion Analyst pdf, GIAC Intrusion Analyst exam, GIAC Intrusion Analyst questions, GIAC Intrusion Analyst study guide, GIAC Intrusion Analyst practice test, GIAC Intrusion Analyst syllabus, GIAC Intrusion Analyst sample questions, GIAC Intrusion Analyst exam questions — Get Ready to Crack GCIA GIAC Intrusion Analyst Certification Exam

GCIA GIAC Intrusion Analyst Exam Summary

● Exam Name: GIAC Intrusion Analyst

● Exam Code: GCIA

● Exam Price: $1999 (USD)

● Duration: 240 mins

● Number of Questions: 100-150

● Passing Score: 68%

● Schedule Exam: Pearson VUE

● Sample Questions: GIAC GCIA Sample Questions

● Recommended Practice: GIAC GCIA Certification Practice Exam

Exam Syllabus: GCIA GIAC Certified Intrusion Analyst (GCIA)

1. Advanced Analysis and Network Forensics

- The candidate will demonstrate competence in analyzing various data points (e.g. full packet capture, netflow, logs) and associated artifacts and demonstrate ability to conclude cause or effect.

2. Advanced IDS Concepts

- Demonstrate an understanding of IDS tuning methods and correlation issues (e.g., snort, bro)

3. Application Protocols

- The candidate will demonstrate knowledge, skill, and ability relating to application layer protocol dissection and analysis including HTTP, SMTP, and various Microsoft protocols.

4. Concepts of TCP/IP and the Link Layer

- The candidate will understand the the TCP/IP communications model and link layer operations.

5. DNS

- The candidate will demonstrate a thorough understanding of how DNS works for both legitimate and malicious purposes.

6. Fragmentation

- The candidate will demonstrate comprehension of how fragmentation works through theory and packet capture examples, as well as the concepts behind fragmentation-based attacks.

7. IDS Fundamentals and Network Architecture

- Understand fundamental IDS concepts, such as network architecture options and benefits/weaknesses of common IDS systems.

8. IDS Rules

- Create effective IDS (e.g., snort, bro) rules to detect varied types of malicious activity.

9. IP Headers

- The candidate will demonstrate the ability to dissect IP packet headers and analyze them for normal and anomalous values that may point to security issues.

10. IPv6

- The candidate will demonstrate knowledge, skill and ability relating to the analysis of IPv6 as well as issues involving IP6 over IPv4.

11. Network Traffic Analysis

- The candidate will demonstrate the ability to analyze real traffic and associated artifacts: malicious, normal and application traffic; and demonstrate the ability to discern malicious traffic from false positives.

12. Packet Engineering

- The candidate will demonstrate knowledge, skill, and ability relating to packet engineering and manipulation including packet crafting, and IDS Evasion/Insertion.

13. Silk and Other Traffic Analysis Tools

- The candidate will demonstrate the ability to use Silk and other tools to perform network traffic and flow analysis

14. TCP

- The candidate will understand TCP communications as well as expected responses to given stimuli at this layer.

15. Tcpdump Filters

The candidate will demonstrate the skill and ability to craft tcpdump filters that match on given criteria.

16. UDP and ICMP

The candidate will demonstrate the ability to analyze both UDP and ICMP packets and recognize common issues.

17. Wireshark Fundamentals

- The candidate will demonstrate the knowledge, skills, and abilities associated with traffic analysis using wireshark from an intermediate to high degree of proficiency.

GIAC GCIA Certification Sample Questions and Answers

To make you familiar with GIAC Intrusion Analyst (GCIA) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for Cyber Defense GCIA Certification to test your understanding of GIAC GCIAprocess with real GIAC certification exam environment.

GCIA GIAC Intrusion Analyst Sample Questions:-

01. What are the advantages of stateless autoconfigration in IPv6?

a) Ease of use.

b) It provides basic authentication to determine which systems can receive configuration data

c) No server is needed for stateless autoconfigration.

d) No host configuration is necessary.

02. Which of the following techniques allows probing firewall rule-sets and finding entry points into the targeted system or network?

a) Network enumerating

b) Packet collision

c) Distributed Checksum Clearinghouse

d) Packet crafting

03. Which of the following tools can be used to check whether the network interface is in promiscuous mode or not?

a) IPTraf

b) MRTG

c) Chkrootkit

d) Ntop

04. Which of the following files in LILO booting process of Linux operating system stores the location of Kernel on the hard drive?

a) /boot/boot.b

b) /boot/map

c) /sbin/lilo

d) /etc/lilo.conf

05. Which of the following is the correct order of loading system files into the main memory of the system, when the computer is running on Microsoft's Windows XP operating system?

a) NTLDR, BOOT.ini, HAL.dll, NTDETECT.com, NTOSKRNL.exe

b) BOOT.ini, HAL.dll, NTDETECT.com, NTLDR, NTOSKRNL.exe

c) NTLDR, BOOT.ini, HAL.dll, NTDETECT.com, NTOSKRNL.exe

d) NTLDR, BOOT.ini, NTDETECT.com, HAL.dll, NTOSKRNL.exe

06. Which of the following types of firewall ensures that the packets are part of the established session?

a) Switch-level firewall

b) Application-level firewall

c) Stateful inspection firewall

d) Circuit-level firewall

07. Which of the following statements are true about snort?

a) It develops a new signature to find vulnerabilities.

b) It detects and alerts a computer user when it finds threats such as buffer overflows, stealth port scans, CGI attacks, SMB probes and NetBIOS queries, NMAP and other port scanners, wellknown backdoors and system vulnerabilities, and DDoS clients.

c) It encrypts the log file using the 256 bit AES encryption scheme algorithm.

d) It is used as a passive trap to record the presence of traffic that should not be found on a network, such as NFS or Napster connections.

08. Which of the following work as traffic monitoring tools in the Linux operating system?

a) MRTG

b) John the Ripper

c) IPTraf

d) Ntop

09. Which of the following commands in MQC tool matches IPv4 and IPv6 packets when IP parameter is missing?

a) Match access-group

b) Match fr-dlci

c) Match IP precedence

d) Match cos

10. At which layers of the OSI and TCP/IP models does IP addressing function?

a) OSI Layer 5 and TCP/IP Transport Layer

b) OSI Layer 2 and TCP/IP Network Layer

c) OSI Layer 4 and TCP/IP Application Layer

d) OSI Layer 3 and TCP/IP Internet Layer

Answers:-

Answer 1:- a, c, d

Answer 2:- d

Answer 3:- c

Answer 4:- b

Answer 5:- d

Answer 6:- c

Answer 7:- a, b, d

Answer 8:- a, c, d

Answer 9:- c

Answer 10:- d

IT Certs

Start Your Online Practice Exam Now

Introduction to GIAC Certified Intrusion Analyst (GCIA) Exam

GCIA GIAC Intrusion Analyst Exam Summary

Exam Syllabus: GCIA GIAC Certified Intrusion Analyst (GCIA)

GIAC GCIA Certification Sample Questions and Answers

Recent Posts