GCIA Exam Certification Objectives

DNS
The candidate will demonstrate a thorough understanding of how DN wor!s for both legitimate and
malicious "ur"oses#
Tcpdump Filters
The candidate will demonstrate the s!ill and abilit$ to craft tc"dum" filters that match on given criteria#
IPv6
The candidate will demonstrate !nowledge% s!ill and abilit$ relating to the anal$sis of I&v' as well as
issues involving I&' over I&v(#
Fragmentation
The candidate will demonstrate com"rehension of how fragmentation wor!s through theor$ and "ac!et
ca"ture exam"les% as well as the conce"ts behind fragmentation)based attac!s#
Wireshark Fundamentals
The candidate will demonstrate the !nowledge% s!ills% and abilities associated with traffic anal$sis
using wireshar! from an intermediate to high degree of "roficienc$#
Network Traffic Analsis and Forensics
The candidate will demonstrate the abilit$ to anal$*e real traffic and associated artifacts+ malicious%
normal and a""lication traffic, and demonstrate the abilit$ to discern malicious traffic from false
"ositives#
!oncepts of T!P"IP and the #ink #aer
The candidate will understand the the TC&-I& communications model and lin! la$er o"erations
IP $eaders
The candidate will demonstrate the abilit$ to dissect I& "ac!et headers and anal$*e them for normal
and anomalous values that ma$ "oint to securit$ issues
T!P
The candidate will understand TC& communications as well as ex"ected res"onses to given stimuli at
this la$er
%DP and I!&P
The candidate will demonstrated the abilit$ to anal$*e both .D& and IC/& "ac!ets and recogni*e
common issues
Application Protocols
The candidate will demonstrate !nowledge% s!ill% and abilit$ relating to a""lication la$er "rotocol
dissection and anal$sis including 0TT&% /T&% and various /icrosoft "rotocols
Packet 'ngineering
The candidate will demonstrate !nowledge% s!ill% and abilit$ relating to "ac!et engineering and
mani"ulation including "ac!et crafting% O finger"rinting% and ID Evasion-Insertion
Silk and (ther Traffic Analsis Tools
The candidate will demonstrate the abilit$ to use il! and other tools to "erform networ! traffic and
flow anal$sis
Network Architecture and 'vent !orrelation
The candidate will demonstrate com"etence with issues relating to ID-I& management% networ!
architecture as it "ertains to intrusion detection% and event correlation and management
IDS )ules *e+g+, snort, -ro.
Create effective ID 1e#g#% snort% bro2 rules to detect varied t$"es of malicious activit$
Advanced IDS !oncepts
Demonstrate an understanding of ID tuning methods and correlation issues 1e#g#% snort% bro2
IDS Fundamentals and Initial Deploment *e+g+, snort, -ro.
.nderstand architecture% benefits-wea!nesses% and configuration o"tions of common ID s$stems#
Demonstrate abilit$ to configure and de"lo$ ID 1e#g#% snort% bro2