Certification:

GCIA
 

GIAC Certified Intrusion Analyst

GCIA

View Professionals »

Description

GIAC Certified Intrusion Analysts (GCIAs) have the knowledge, skills, and abilities to configure and monitor intrusion detection systems, and to read, interpret, and analyze network traffic and related log files.

Target

Individuals responsible for network and host monitoring, traffic analysis, and intrusion detection

Course

SEC503: Intrusion Detection In-Depth

*No Specific training is required for any GIAC certification. If candidates need help in mastering the objectives for this certification, there are many sources of information available. Practical experience is one option; there are also numerous books on the market covering Computer Information Security. Another option is SANS training, or any relevant courses from other training providers.*

Requirements

  • 1 proctored exam
  • 150 questions
  • Time limit of 4 hours
  • Minimum Passing Score of 67.3% (101 out of 150 questions)

NOTE:

GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the passing point for the GCIA exam has been determined to be 67.3% for all candidates receiving access to their certification attempts on or after 06/25/2009. To verify the format of your current certification attempt, please read the Certification Information found in your portal account at https://exams.giac.org/pages/attempts.

Renew

Every 4 years

Delivery

NOTE: GIAC exams are NOT given the day after the conference ends.

Exams are delivered online through a standard web browser. For exams purchased with SANS training, access to the exam will be available 7-10 days following the end of the conference. Standalone challenge exams are issued within 24 hours upon receipt of payment. You will receive an email from GIAC when your exam has been issued to your portal account. You have 120 days to complete the exam from the time we send notice that it is available. The exams are proctored and should be scheduled using our proctored exam procedure.

Links


Bulletin (Part 2 of Candidate Handbook)

The topic areas for each exam part follow:
Exam Certification Objectives Certification Objective Outcome Statement
Advanced Snort Concepts The candidate will demonstrate a fundamental understanding of advanced Snort concepts such as rule ordering and reduction of false negatives and positives.
Analyst Toolkit The candidate will demonstrate an understanding of the different tools that are available when analyzing intrusions as well as typical uses for them.
Domain Name System (DNS) The candidate will demonstrate a thorough understanding of how DNS works for both legitimate and malicious purposes.
Examining Packet Crafting The candidate will demonstrate familiarity with how packets are crafted using different tools.
Examining Packet Header Fields The candidate will demonstrate a thorough understanding of what constitutes normal and abnormal values in IP, TCP, UDP, and ICMP header fields.
Fragmentation The candidate will demonstrate an understanding of how fragmentation works through theory and packet capture examples, as well as the concepts behind fragmentation-based attacks.
ICMP Theory The candidate will demonstrate an understanding of the ICMP protocol, how ICMP can be used for mapping, and the concepts behind ICMP based attacks.
IDS Interoperability The candidate will demonstrate a fundamental understanding of the different types of interoperability models.
IDS Patterns The candidate will demonstrate the ability to recognize and analyze real IDS detects including DoS attacks, network mapping, and coordinated attacks.
IDS/IPS Management and Architecture Issues The candidate will demonstrate a thorough understanding of the management and architecture issues with regard to deploying IDS/IPS systems.
Indications & Warnings and Traffic Correlation The candidate will demonstrate knowledge of fundamental Indications and Warnings Analysis as well as techniques used to correlate traffic.
IPv6 The candidate will demonstrate an understanding of IPv6 headers, the key differences between IPv4 and IPv6, and methods for implementing IPv6 over IPv4 networks.
Microsoft Protocols The candidate will demonstrate an understanding of Microsoft's SMB/CIFS, RPC, and Active Directory protocols.
Network Traffic Analysis The candidate will demonstrate the ability to analyze real traffic: malicious, normal and application traffic; and demonstrate the ability to discern malicious traffic from false positives.
NIDS Evasion, Instertion, and Checksums The candidate will demonstrate a fundamental understanding of the evasion and insertion techniques hackers utilize to confuse NID systems and how checksums function.
Snort Fundamentals and Configuration The candidate will demonstrate a fundamental understanding of the installation of Snort, its modes of operation, and how to configure it.
Snort GUIs & Sensor Management The candidate will demonstrate familiarity with GUI tools that are available to manage a Snort implementation.
Snort Performance, Active Response & Tagging The candidate will demonstrate a fundamental understanding of Snort performance options, active response techniques, and tagging.
Snort Rules The candidate will demonstrate familiarity with how to effectively configure Snort rules.
Stimulus Response The candidate will demonstrate a fundamental understanding of how hosts respond to both normal and abnormal traffic.
Tcpdump Fundamentals The candidate will demonstrate a thorough understanding of how to analyze packet headers using tcpdump.
TCPIP Fundamentals The candidate will demonstrate familiarity with tcpdump/windump, and demonstrate a thorough understanding of TCP/IP.
Wireshark Fundamentals The candidate will demonstrate the ability to analyze traffic with Wireshark.
Writing Tcpdump Filters The candidate will demonstrate familiarity with the techniques that are involved when writing tcpdump filters.

Where to Get Help

Training is available from a variety of resources including on line, course attendance at a live conference, and self study.

Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.

Finally, college level courses or study through another program may meet the needs for mastery.

The procedure to contest exam results can be found at http://www.giac.org/about/procedures/grievance.

SANS 2012 - Orlando

Latest Papers

Defense in Depth: An Impractical Strategy for a Cyber World
By Prescott Small | GSEC | 11396

A Preamble Into Aligning Systems Engineering and Information Security Risk
By Craig Wright | GCPM | 128

The Jester Dynamic: A Lesson in Asymmetric Unmanaged Cyber Warfare
By Terrence OConnor | GCPM | 298

Quick and Effective Windows System Baselining and Comparative Analysis for Troubleshooting and Incident Response
By Kevin Fuller | GCIH | 7309

View More Papers »

Latest Tweets

@GIAC_Certs: This week's featured question is from our Forens [...]
December 27, 2011 - 6:18 PM

@GIAC_Certs: Have a background in web app pen testing? Please [...]
December 21, 2011 - 11:20 PM

@GIAC_Certs: If you have a background or experience in web ap [...]
December 21, 2011 - 11:12 PM

@GIAC_Certs: This week's question is from our Firewall Analys [...]
December 09, 2011 - 9:01 PM

View More »

Latest Professionals

Muhammad Anis Rizal ... | GPEN | 7508

Miguel Tejeda | GREM | 3255

Nadeem Douba | GWAPT | 3409

View More Professionals »

 

Contact Us

Phone: 301-654-7267
Mon-Fri 9am-8pm EST/EDT
Questions: info@giac.org
More »

(ISC)2 and CISSP are registered marks of the International Information Systems Security Certification Consortium, Inc.