giac gcia practice test

Adam works as a professional Computer Hacking Forensic Investigator. He wants to investigate a
suspicious email that is sent using a Microsoft Exchange server. Which of the following files will he
review to accomplish the task?
Each correct answer represents a part of the solution. Choose all that apply.

• A. Checkpoint files
• B. EDB and STM database files
• C. Temporary files
• D. cookie files

This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a,
802.11b, and 802.11g standards. The main features of these tools are as follows:
It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.
It is commonly used for the following purposes:

• A. War driving
• B. Detecting unauthorized access points
• C. Detecting causes of interference on a WLAN
• D. WEP ICV error tracking
• E. Making Graphs and Alarms on 802.11 Data, including Signal Strength

SSH is a network protocol that allows data to be exchanged between two networks using a secure
channel. Which of the following encryption algorithms can be used by the SSH protocol?
Each correct answer represents a complete solution. Choose all that apply.

• A. Blowfish
• B. IDEA
• C. DES
• D. RC4

Adam works as a Security Analyst for Umbrella Inc. He is performing real-time traffic analysis on IP
networks using Snort. Adam is facing problems in analyzing intrusion dat
a. Which of the following software combined with Snort can Adam use to get a visual representation
of intrusion data?
Each correct answer represents a complete solution. Choose all that apply.

• A. Basic Analysis and Security Engine (BASE)
• B. sguil
• C. KFSensor
• D. OSSIM

Mark works as a Network Security Administrator for BlueWells Inc. The company has a
Windowsbased network. Mark is giving a presentation on Network security threats to the newly
recruited employees of the company. His presentation is about the External threats that the
company recently faced in the past. Which of the following statements are true about external
threats?
Each correct answer represents a complete solution. Choose three.

• A. These are the threats that originate from outside an organization in which the attacker attempts to gain unauthorized access.
• B. These are the threats that originate from within the organization.
• C. These are the threats intended to flood a network with large volumes of access requests.
• D. These threats can be countered by implementing security controls on the perimeters of the network, such as firewalls, which limit user access to the Internet.

Which of the following file systems is designed by Sun Microsystems?

• A. NTFS
• B. CIFS
• C. ZFS
• D. ext2

You work as a Network Administrator for Tech Perfect Inc. The office network is configured as an IPv6
network. You have to configure a computer with the IPv6 address, which is equivalent to an IPv4
publicly routable address. Which of the following types of addresses will you choose?

• A. Site-local
• B. Global unicast
• C. Local-link
• D. Loopback

Which of the following is the default port for Simple Network Management Protocol (SNMP)?

• A. TCP port 110
• B. TCP port 25
• C. TCP port 80
• D. UDP port 161

Which of the following statements are true about snort?
Each correct answer represents a complete solution. Choose all that apply.

• A. It develops a new signature to find vulnerabilities.
• B. It detects and alerts a computer user when it finds threats such as buffer overflows, stealth port scans, CGI attacks, SMB probes and NetBIOS queries, NMAP and other port scanners, well-known backdoors and system vulnerabilities, and DDoS clients.
• C. It encrypts the log file using the 256 bit AES encryption scheme algorithm.
• D. It is used as a passive trap to record the presence of traffic that should not be found on a network, such as NFS or Napster connections.

Allen works as a professional Computer Hacking Forensic Investigator. A project has been assigned to
him to investigate a computer, which is used by the suspect to sexually harass the victim using
instant messenger program. Suspect's computer runs on Windows operating system. Allen wants to
recover password from instant messenger program, which suspect is using, to collect the evidence of
the crime. Allen is using Helix Live for this purpose. Which of the following utilities of Helix will he
use to accomplish the task?

• A. Asterisk Logger
• B. Access PassView
• C. Mail Pass View
• D. MessenPass