- Protocol Analysis
- Network Analysis
- Intrusion Analysis
Who is GX-IA for?
- Intrusion detection and analysis expert
- Excel at complex networking challenges
- Strong desire to demonstrate superior hands-on capabilities compared to one's peers
- Expand your portfolio
- Demonstrate your next level skills
- Continue your journey to becoming an expert
- 1 proctored exam
- Open book, open notes
- Time limit 4 hour
- 25 CyberLive - hands-on, real-world practical testing. CyberLive testing creates a lab environment where cyber practitioners prove their knowledge, understanding, and skill using:
- Actual programs
- Actual code
- Virtual machines
Find out more about CyberLive here.
NOTE: GIAC reserves the right to change the specifications for each certification without notice.To verify the format read the Certification Information found in your account at https://exams.giac.org/pages/attempts.
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
Exam Certification Objectives & Outcome Statements
- Advanced Analysis Techniques The candidate will demonstrate proficiency with core tools and programs e.g. decrypting TLS traffic with Wireshark, building and sending a packet with Scapy.
- Application Traffic Analysis The candidate will inspect common Application Layer protocols to demonstrate skill in analysis and correct conclusions.
- IDS Application and Analysis The candidate will use common IDS-related tools to analyze artifacts.
- Malicious Traffic Analysis The candidate will analyze malicious or suspicious network traffic using a variety of tools and approaches.
- Network Forensics The candidate will analyze artifacts and show skill in determining what took place within a certain incident or time-frame.
- Network Traffic Analysis The candidate will analyze typical and abnormal stimulus and response network traffic using a variety of tools and approaches.
- Protocol Analysis The candidate will evaluate network capture files to show proficiency in detail analysis with a focus on topics such as protocols, connections, ports, and sessions.
- Affiliate Training - SEC503 (Primary fit course*), FOR572, SEC530, SEC450, SEC511 , SEC573
- Practical work experience can help ensure that you have mastered the skills necessary for certification.
- Get information about the procedure to contest exam results.
*Courses that include a "primary fit course" designation have the most closely aligned content but do not include all of the content, tools, and platforms that could included in testing on the Applied Knowledge exam.
- These questions allow a candidate to experience the exam style and complexity in the environment used during the certification exam.
- Demo questions are never included in the actual certification exam.
- The demo questions include 3 questions, and the student has 45 minutes to complete. Note that the average time per question is not as fast paced as the actual exam attempt.
- Limited demo questions per exam are available so you will receive repetitive questions if multiple Demo Questions are purchased.
- Demo questions are nontransferable.
- GIAC recommends leveraging additional study methods for test preparation.