A Review Of High Value GCIA Preparation Labs

NEW QUESTION 1
Which of the following tools is described below?
It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.

• A. LIDS
• B. Dsniff
• C. Cain
• D. Libnids

Answer: B

NEW QUESTION 2
Which of the following ports is used for DNS services?

• A. Port 7
• B. Port 53
• C. Port 80
• D. Port 23

Answer: B

NEW QUESTION 3
Which of the following is an asymmetric encryption algorithm?

• A. Blowfish
• B. RC5
• C. Diffie-Hellman
• D. RC4

Answer: C

NEW QUESTION 4
You are concerned about outside attackers penetrating your network via your company Web server. You wish to place your Web server between two firewalls. One firewall between the Web server and the outside world. The other between the Web server and your network. What is this called?

• A. DMZ
• B. SPI firewall
• C. IDS
• D. Application Gateway firewall

Answer: A

NEW QUESTION 5
Adam works as a professional Computer Hacking Forensic Investigator. He has been called by the FBI to examine data of the hard disk, which is seized from the house of a suspected terrorist.
Adam decided to acquire an image of the suspected hard drive. He uses a forensic hardware tool, which is capable of capturing data from IDE, Serial ATA, SCSI devices, and flash cards. This tool can also produce MD5 and CRC32 hash while capturing the data. Which of the following tools is Adam using?

• A. ImageMASSter Solo-3
• B. ImageMASSter 4002i
• C. FireWire DriveDock
• D. Wipe MASSter

Answer: A

NEW QUESTION 6
Sasha wants to add an entry to your DNS database for your mail server. Which of the following types of resource records will she use to accomplish this?

• A. ANAME
• B. SOA
• C. MX
• D. CNAME

Answer: C

NEW QUESTION 7
Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform acts like account hijacking, history theft etc. Which of the following types of Cross-Site Scripting attack Ryan intends to do?

• A. Non persistent
• B. SAX
• C. Persistent
• D. Document Object Model (DOM)

Answer: C

NEW QUESTION 8
Routers work at which layer of the OSI reference model?

• A. Transport
• B. Physical
• C. Presentation
• D. Network

Answer: D

NEW QUESTION 9
Which of the following UDP ports are used by the Simple Network Management Protocol (SNMP)? Each correct answer represents a complete solution. Choose two.

• A. UDP port 69
• B. UDP port 161
• C. UDP port 137
• D. UDP port 162

Answer: BD

NEW QUESTION 10
Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

• A. Volatile data, file slack, registry, memory dumps, file system, system state backup, interne t traces
• B. Volatile data, file slack, file system, registry, memory dumps, system state backup, interne t traces
• C. Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
• D. Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps

Answer: B

NEW QUESTION 11
John works as a Network Security Administrator for NetPerfect Inc. The manager of the company has told John that the company's phone bill has increased drastically. John suspects that the company's phone system has been cracked by a malicious hacker. Which attack is used by malicious hackers to crack the phone system?

• A. Sequence++ attack
• B. Phreaking
• C. Man-in-the-middle attack
• D. War dialing

Answer: B

NEW QUESTION 12
John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?

• A. Insertion attack
• B. Session splicing attack
• C. Evasion attack
• D. Polymorphic shell code attack

Answer: D

NEW QUESTION 13
John works as a Security Administrator for NetPerfect Inc. The company uses Windows-based systems. A project has been assigned to John to track malicious hackers and to strengthen the company's security system. John configures a computer system to trick malicious hackers into thinking that it is the company's main server, which in fact is a decoy system to track hackers.
Which system is John using to track the malicious hackers?

• A. Honeypot
• B. Honeytokens
• C. Intrusion Detection System (IDS)
• D. Bastion host

Answer: A

NEW QUESTION 14
Which of the following forensic tool suite is developed for Linux operating system?

• A. Wetstone
• B. MForensicsLab
• C. ProDiscover
• D. S.M.A.R.

Answer: D

NEW QUESTION 15
Which of the following is the purpose of creating a Demilitarized zone (DMZ) in an enterprise network?

• A. Performing Isolation
• B. Creating Autonomous Systems
• C. Intrusion Detection
• D. Military usage

Answer: A

NEW QUESTION 16
The promiscuous mode is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just packets addressed to it. Which of the following tools works by placing the host system network card into the promiscuous mode?

• A. NetStumbler
• B. Snort
• C. THC-Scan
• D. Sniffer

Answer: D

NEW QUESTION 17
John works as a Network Administrator for DigiNet Inc. He wants to investigate failed logon attempts to a network. He uses Log Parser to detail out the failed logons over a specific time frame. He uses the following commands and query to list all failed logons on a specific date:
logparser.exe file:FailedLogons.sql -i:EVT -o:datagrid
SELECT
timegenerated AS LogonTime,
extract_token(strings, 0, '|') AS UserName
FROM Security
WHERE EventID IN (529;
530;
531;
532;
533;
534;
535;
537;
539)
AND to_string(timegenerated,'yyyy-MM-dd HH:mm:ss') like '2004-09%'
After investigation, John concludes that two logon attempts were made by using an expired account. Which of the following EventID refers to this failed logon?

• A. 532
• B. 531
• C. 534
• D. 529

Answer: A

NEW QUESTION 18
This tool is known as __________.

• A. Kismet
• B. Absinthe
• C. NetStumbler
• D. THC-Scan

Answer: C

NEW QUESTION 19
Which of the following is an example of a social engineering attack?

• A. Phishing
• B. Man-in-the-middle attack
• C. Browser Sniffing
• D. E-mail bombing

Answer: A

NEW QUESTION 20
You are implementing a host based intrusion detection system on your web server. You feel that the best way to monitor the web server is to find your baseline of activity (connections, traffic, etc.) and to monitor for conditions above that baseline. This type of IDS is called __________.

• A. Anomaly Based
• B. Reactive IDS
• C. Passive IDS
• D. Signature Based

Answer: A

NEW QUESTION 21
......