GIAC Certification Study Guide 2026
Everything you need to pass the GIAC Certification exam in one place: the exam format, every topic to study, real practice questions with explanations, flashcards, and full-length practice tests. Free, no sign-up needed.
📋 GIAC Certification Exam Format at a Glance
📚 GIAC Certification Topics to Study (21)
✍️ Sample GIAC Certification Questions & Answers
1. What memory protection marks data memory regions as non-executable to prevent shellcode injection?
Data Execution Prevention (DEP) / No-Execute (NX) marks stack and heap memory as non-executable, preventing injected shellcode from running.
2. In malware terminology, what is the primary function of a 'dropper'?
A dropper is a first-stage malware component whose sole purpose is to install or extract and execute a secondary payload such as a backdoor or RAT on the compromised host.
3. Which obfuscation category describes malware that rewrites its own code between infections while preserving its original functionality?
Polymorphic malware mutates its code body (through encryption, instruction substitution, or reordering) each time it replicates, producing unique binary signatures that defeat static detection.
4. What is the GXPN exam's primary focus area that distinguishes it from the standard GPEN certification?
GXPN focuses on advanced exploit development including shellcode writing, ROP chaining, bypass techniques, and vulnerability research that goes beyond standard penetration testing.
5. What AWS service continuously monitors and records AWS resource configurations and evaluates them against desired compliance rules?
AWS Config continuously records resource configuration changes and evaluates them against compliance rules, providing drift detection and audit history.
6. Which dynamic analysis tool intercepts and logs Windows API calls made by a running malware sample in real time?
API Monitor hooks and records every Windows API function call with its arguments and return values, giving analysts a detailed view of what the malware does at the API level during execution.