Global Certified Intrusion Analyst
Global Certified Intrusion Analyst
![Global Certified Intrusion Analyst Global Certified Intrusion Analyst](https://certref.com/cdn/cache/1170x780/image/2019/06/06/6a2d8dc27472841c0c5aad2b3aa27325.png)
Exam Info
Target
Individuals responsible for network and host monitoring, traffic analysis, and intrusion detection
The topic areas for each exam part follow:
- Advanced Analysis and Network Forensics: The candidate will demonstrate competence in analyzing data from multiple sources (e.g. full packet capture, netflow, log files) as part of a forensic investigation.
- Advanced IDS Concepts: The candidate will demonstrate an understanding of IDS tuning methods and correlation issues.
- Application Protocols: The candidate will demonstrate knowledge and skill relating to application layer protocol dissection and analysis.
- Concepts of TCP/IP and the Link Layer: The candidate will demonstrate understanding of the TCP/IP communications model and link layer operations.
- DNS: The candidate will demonstrate an understanding of how DNS works for both legitimate and malicious purposes.
- Fragmentation: The candidate will demonstrate understanding of how fragmentation works, and how to identify fragmentation and fragmentation-based attacks in packet captures.
- IDS Fundamentals and Network Architecture: The candidate will demonstrate knowledge of fundamental IDS concepts, such as network architecture options and benefits/weaknesses of common IDS systems.
- IDS Rules: The candidate will create effective IDS rules to detect varied types of malicious activity.
- IP Headers: The candidate will demonstrate the ability to dissect IP packet headers and analyze them for normal and anomalous values that may point to security issues.
- IPv6: The candidate will demonstrate knowledge of IPv6 and how it differs from IPv4.
- Network Traffic Analysis: The candidate will demonstrate the ability to analyze network and application traffic to identify both normal and malicious behaviors.
- Packet Engineering: The candidate will demonstrate knowledge relating to packet crafting and manipulation.
- SiLK and Other Traffic Analysis Tools: The candidate will demonstrate an understanding of SiLK and other tools to perform network traffic and flow analysis.
- TCP: The candidate will demonstrate understanding of the TCP protocol and the ability to discern between typical and anomalous behavior.
- Tcpdump Filters: The candidate will demonstrate ability to craft tcpdump filters that match on given criteria.
- UDP and ICMP: The candidate will demonstrate understanding of the UDP and ICMP protocols and the ability to discern between typical and anomalous behavior.
- Wireshark Fundamentals: The candidate will demonstrate skill associated with traffic analysis using Wireshark with an intermediate degree of proficiency.
Exam Skills
Certification Exam: Global Certified Intrusion Analyst
Exam Type | Certification |
---|---|
Exam Code | GCIA |
Duration | 4 hours |
Number Of Question | 150 |
Success Score | 67% |
Price | 200$ |
Evaluation Exam: Global Certified Intrusion Analyst
Exam Type | Evaluation |
---|---|
Exam Code | GCIA-eval |
Duration | 1 hour |
Number Of Question | 35 |
Success Score | 67% |
Price | 40$ |