SANS GISCP AND GIAC EXAM 2025 WITH 100% ACCURATE
SOLUTIONS
Ack Piggybacking - ✅✅✅CORRECT -The Practice of sending an ACK inside another packet going to
the same destination
Address resolution protocol - ✅✅✅CORRECT -Protocol for mapping an IP address to a physical
machine address that is recognized on the local network.
A table, usually called the ARP cache, is used to maintain a correlation between each MAC and its
corresponding IP address
What are the five threat vectors? - ✅✅✅CORRECT -Outside attack from network
Outsider attack from telephone
Insider attack from local network
insider attack from local system
attack from malicious code
What are some external threat concerns? - ✅✅✅CORRECT --Malicious code might execute
destructive overwrite to hard disks
-Malicious mas mailing code might expose sensitive information to the internet
- web server compromise might expose organization to ridicule
- Web server compromise might expose customer private data
What are some ways to bypass firewall protections? - ✅✅✅CORRECT -- Worms and Wireless
- modems
- tunnel anything through HTTP
- social engineering
What is social engineering? - ✅✅✅CORRECT -- attempt to manipulate or trick a person into
providing information or access
,- bypass network security by exploiting humans
- vector is often outside attack by telephone or visitor inside
What is Hping? - ✅✅✅CORRECT -- a TCP version of ping
- sends custom TCP packets to a host and listens for replies
- enables port scanning and spoofing simultaneously
What is a group? - ✅✅✅CORRECT -A group means multiple iterations won't matter. If you encrypt
with a key, then re-encrypt, it's the same as using one key.
What is a port scan? - ✅✅✅CORRECT -- common backdoor to open a port
- port scan scans for open ports on remote host
- scans 0 - 65,535 twice. TCP and UDP
What is nmap? - ✅✅✅CORRECT -Network scanner.
What are nmap scanning techniques? - ✅✅✅CORRECT -- Full open
- half open (stealth scan)
- UDP
- Ping
What is network stumbler? - ✅✅✅CORRECT -- free windows based wireless scanner for 802.1b
- detects access point settings
- supports GSP integration
- identifies networks as encrypted or unencrypted
What is Kismet? - ✅✅✅CORRECT -- Free linux WLAN analysis tool
- completely passive, cannot be detected
- supports advanced GPS integration and mapping features
,- used for wardriving, WLAN vulerability assessment
What is Wardriving? - ✅✅✅CORRECT -Going around with equipment to detect wireless networks
What is War Dialing? - ✅✅✅CORRECT -- trying to ID modems in a telephone exchange that may be
susceptible to compromise
What are some Pen Test techniques? - ✅✅✅CORRECT -- War dialing
- war driving
- Sniffing
- eavesdropping
- dumpster diving
- social engineering
What is IDS? - ✅✅✅CORRECT -- intrusion detection system
- it reports attacks against monitored systems/networks
What is IDS not? - ✅✅✅CORRECT -- not a replacement for firewalls, hardening, strong policies, or
other DiD methods
- low maintenance
- inexpensive
What are the four types of events reported by IDS? - ✅✅✅CORRECT -- true positive
- false positive
- true negative
- false negative
How does IDS signature analysis work? - ✅✅✅CORRECT -- rules indicate criteria in packets that
represent events of interest
- rules are applied to packets as they are received
, - alerts are created when matches are found
How does anomaly analysis work? - ✅✅✅CORRECT -- flags anomalous conditions in traffic on the
network
- requires understanding on what is normal
- bases good traffic as a baseline
What is deep packet inspection? - ✅✅✅CORRECT -- slow, requires stateful data tracking
- inspects all fields, including variable-length fields
What is shallow packet inspection? - ✅✅✅CORRECT -- fast, with little fidelity
- examines header information and limited payload data
What is Honeyd? - ✅✅✅CORRECT -- low interaction production honeypot
- network daemon that can simulate other hosts
- each host can appear as a different OS
What is a netcat listener? - ✅✅✅CORRECT -- simplest form of a research honeypot
- useful in identifying nature of TCP scans, allows attacker to complete 3-way handshake
- listens on a defined port, logs incoming requests for analysis
What are some disadvantages of honeypots? - ✅✅✅CORRECT -- improper deployment can increase
attack risk - if production systems aren't sufficiently protected, they can be vulnerable from a honeypot
- legal liability
What are some honeypot advantages? - ✅✅✅CORRECT -- provides insight into the tactics, motives,
and attacker tools
What is a honeypot? - ✅✅✅CORRECT -- a system resource that has no legitimate purpose or reason
for someone to connect to it
SOLUTIONS
Ack Piggybacking - ✅✅✅CORRECT -The Practice of sending an ACK inside another packet going to
the same destination
Address resolution protocol - ✅✅✅CORRECT -Protocol for mapping an IP address to a physical
machine address that is recognized on the local network.
A table, usually called the ARP cache, is used to maintain a correlation between each MAC and its
corresponding IP address
What are the five threat vectors? - ✅✅✅CORRECT -Outside attack from network
Outsider attack from telephone
Insider attack from local network
insider attack from local system
attack from malicious code
What are some external threat concerns? - ✅✅✅CORRECT --Malicious code might execute
destructive overwrite to hard disks
-Malicious mas mailing code might expose sensitive information to the internet
- web server compromise might expose organization to ridicule
- Web server compromise might expose customer private data
What are some ways to bypass firewall protections? - ✅✅✅CORRECT -- Worms and Wireless
- modems
- tunnel anything through HTTP
- social engineering
What is social engineering? - ✅✅✅CORRECT -- attempt to manipulate or trick a person into
providing information or access
,- bypass network security by exploiting humans
- vector is often outside attack by telephone or visitor inside
What is Hping? - ✅✅✅CORRECT -- a TCP version of ping
- sends custom TCP packets to a host and listens for replies
- enables port scanning and spoofing simultaneously
What is a group? - ✅✅✅CORRECT -A group means multiple iterations won't matter. If you encrypt
with a key, then re-encrypt, it's the same as using one key.
What is a port scan? - ✅✅✅CORRECT -- common backdoor to open a port
- port scan scans for open ports on remote host
- scans 0 - 65,535 twice. TCP and UDP
What is nmap? - ✅✅✅CORRECT -Network scanner.
What are nmap scanning techniques? - ✅✅✅CORRECT -- Full open
- half open (stealth scan)
- UDP
- Ping
What is network stumbler? - ✅✅✅CORRECT -- free windows based wireless scanner for 802.1b
- detects access point settings
- supports GSP integration
- identifies networks as encrypted or unencrypted
What is Kismet? - ✅✅✅CORRECT -- Free linux WLAN analysis tool
- completely passive, cannot be detected
- supports advanced GPS integration and mapping features
,- used for wardriving, WLAN vulerability assessment
What is Wardriving? - ✅✅✅CORRECT -Going around with equipment to detect wireless networks
What is War Dialing? - ✅✅✅CORRECT -- trying to ID modems in a telephone exchange that may be
susceptible to compromise
What are some Pen Test techniques? - ✅✅✅CORRECT -- War dialing
- war driving
- Sniffing
- eavesdropping
- dumpster diving
- social engineering
What is IDS? - ✅✅✅CORRECT -- intrusion detection system
- it reports attacks against monitored systems/networks
What is IDS not? - ✅✅✅CORRECT -- not a replacement for firewalls, hardening, strong policies, or
other DiD methods
- low maintenance
- inexpensive
What are the four types of events reported by IDS? - ✅✅✅CORRECT -- true positive
- false positive
- true negative
- false negative
How does IDS signature analysis work? - ✅✅✅CORRECT -- rules indicate criteria in packets that
represent events of interest
- rules are applied to packets as they are received
, - alerts are created when matches are found
How does anomaly analysis work? - ✅✅✅CORRECT -- flags anomalous conditions in traffic on the
network
- requires understanding on what is normal
- bases good traffic as a baseline
What is deep packet inspection? - ✅✅✅CORRECT -- slow, requires stateful data tracking
- inspects all fields, including variable-length fields
What is shallow packet inspection? - ✅✅✅CORRECT -- fast, with little fidelity
- examines header information and limited payload data
What is Honeyd? - ✅✅✅CORRECT -- low interaction production honeypot
- network daemon that can simulate other hosts
- each host can appear as a different OS
What is a netcat listener? - ✅✅✅CORRECT -- simplest form of a research honeypot
- useful in identifying nature of TCP scans, allows attacker to complete 3-way handshake
- listens on a defined port, logs incoming requests for analysis
What are some disadvantages of honeypots? - ✅✅✅CORRECT -- improper deployment can increase
attack risk - if production systems aren't sufficiently protected, they can be vulnerable from a honeypot
- legal liability
What are some honeypot advantages? - ✅✅✅CORRECT -- provides insight into the tactics, motives,
and attacker tools
What is a honeypot? - ✅✅✅CORRECT -- a system resource that has no legitimate purpose or reason
for someone to connect to it
