FREE GIAC Intrusion Analyst Questions and Answers

Question 1

In his line of work, Nate is an ethical hacker. He wants to view all of his computer's open TCP/IP and UDP ports. Nathan tries to map open ports to the running process with PID, process name, and path using the netstat command, but he is still unsuccessful.

What command will Nate use to complete the task from the list below?

Accepted Answer

fport

Answer

Nate can use the "fport" command to complete the task of mapping open ports to the active process with PID, process name, and path. In comparison to the default "netstat" command, the third-party program "fport" offers more capability.
Nate can inspect open TCP/IP and UDP ports on his computer and map them to the associated processes with the "fport" command. It gives details on each open port, including the process ID (PID), process name, and route.

Question 2

Which of the following attacks targets a single target while using numerous compromised systems?

Accepted Answer

DDoS attack

Answer

Multiple compromised systems, often known as a botnet or a network of zombies, are used in a DDoS (Distributed Denial of Service) attack to execute a coordinated attack against a single target.
In a DDoS attack, the attacker often seizes control of a sizable number of devices by infecting them with malware or taking advantage of vulnerabilities, including PCs, servers, or Internet of Things (IoT) devices. The target is then bombarded with an enormous volume of traffic or requests from these hacked systems, taxing its resources and resulting in a denial of service.

Question 3

Which of the following IP packet components handles authentication when IPSec is being used?

Accepted Answer

Authentication Header (AH)

Answer

One of the two primary protocols used by IPSec (Internet Protocol Security) to enable secure communication across IP networks is the Authentication Header (AH). For IPSec packets, AH is in charge of delivering authentication and integrity services.
When using AH, the IP packet is added with an authentication header that contains a cryptographic checksum of the packet's contents. The contents of the packet and a shared secret key are used to calculate this checksum, referred to as the Integrity Check Value (ICV). By recalculating the ICV and comparing it to the received value, the receiving end can confirm the integrity of the packet. It assures that the packet has not been altered in transit if the ICV matches.

Question 4

What MQC tool command matches IPv4 and IPv6 packets when the IP parameter is missing?

Accepted Answer

Match IP precedence

Answer

You can use the "match" command in the MQC tool to configure a policy to match both IPv4 and IPv6 packets without specifying the IP parameter. The match statement can now be applied to both IPv4 and IPv6 packets as a result.

Question 5

Which type of firewall guarantees that the packets are a part of the established session, out of the following?

Accepted Answer

Stateful inspection firewall

Answer

A firewall type that confirms that packets are part of an established session is known as a stateful inspection firewall. It examines incoming and outgoing packets to see if they are part of an active session or connection, and it keeps track of the state of network connections.
official inspection Using a state table or stateful packet inspection (SPI) table, firewalls keep track of the context and state of network connections. When a packet enters the firewall, it is compared to the data in the status table to see if it is part of a session or connection that is already in use. According to the specified security policies, the packet is permitted to travel through if it belongs to an existing session. The packet is often deleted or given a closer look if it doesn't match any known sessions or breaches security regulations.

GIAC Certification Practice Test

GIAC Certification Practice Test

FREE GIAC Intrusion Analyst Questions and Answers