Skip to main content
AI-FocusedCyberLive

GIAC Certified Intrusion Analyst (GCIA)

Practitioner Certification
GIAC Certified Intrusion Analyst (GCIA)
Register nowRenew
anab
dod_8140
Jump to:

Demonstrate ability to detect and analyze threats via network and host activity.

The GIAC Intrusion Analyst (GCIA) certification validates a practitioner's knowledge of network and host monitoring, traffic analysis, and intrusion detection. GCIA certification holders have the necessary skills to configure and monitor intrusion detection systems, and have the expertise to read, interpret, and analyze network traffic and related log files.

Areas Covered

  • Fundamentals of Traffic Analysis and Application Protocols
  • Open-Source Intrusion Detection Systems (IDS): Snort and Zeek
  • Network Traffic Forensics and Monitoring

Who is GCIA for?

  • Practitioners responsible for intrusion detection
  • System analysts
  • Security analysts
  • Network engineers and administrators
  • Network Administrators
  • Hands-on security managers

CyberLive: Real labs. Real tools. Real skills.

CyberLive is a hands-on exam format that replaces traditional multiple-choice testing with performance-based challenges in realistic lab environments to validate real-world capability.

Virtual Machines:

Full-scale lab systems that behave like physical computers: install, attack, defend, and run services.

Real Security Tools:

Exact tools used by professionals every day including all the quirks and challenges

Authentic Code:

Real code, real exploits, real impacts

Learn more about CyberLive

Exam Format

  • 1 proctored exam
  • 4 hours
  • Minimum passing score of 67%
  • 150 questions

Note: GIAC periodically reviews and may update certification specifications to ensure fairness, validity, and reliability. Using a psychometric standard-setting study, GIAC has set the passing score for the GCIA exam at 67% for all candidates who receive the exam version released on or after January 21, 2023.

To confirm the exam format and passing score that apply to your specific attempt, please refer to the Certification Information section of your GIAC account: https://exams.giac.org/pages/attempts.

Exam Certification Objectives & Outcome Statements

  • Advanced IDS ConceptsThe candidate will demonstrate an understanding of IDS tuning methods and correlation issues.
  • Application ProtocolsThe candidate will demonstrate knowledge and skill relating to application layer protocol dissection and analysis.
  • Concepts of TCP/IP and the Link LayerThe candidate will demonstrate understanding of the TCP/IP communications model and link layer operations.
  • FragmentationThe candidate will demonstrate understanding of how fragmentation works, and how to identify fragmentation and fragmentation-based attacks in packet captures.
  • IDS Fundamentals and Network ArchitectureThe candidate will demonstrate knowledge of fundamental IDS concepts, such as network architecture options and benefits/weaknesses of common IDS systems.
  • Intrusion Detection System RulesThe candidate will create effective IDS rules to detect varied types of malicious activity.
  • IP HeadersThe candidate will demonstrate the ability to dissect IP packet headers and analyze them for normal and anomalous values that may point to security issues.
  • IPv6The candidate will demonstrate knowledge of IPv6 and how it differs from IPv4.
  • Network Forensics and Traffic AnalysisThe candidate will demonstrate competence in analyzing data from multiple sources (e.g. full packet capture, netflow, log files) to identify normal and malicious behaviors.
  • Packet EngineeringThe candidate will demonstrate knowledge relating to packet crafting and manipulation.
  • SiLK and Other Traffic Analysis ToolsThe candidate will demonstrate an understanding of SiLK and other tools to perform network traffic and flow analysis.
  • TCPThe candidate will demonstrate understanding of the TCP protocol and the ability to discern between typical and anomalous behavior.
  • Tcpdump FiltersThe candidate will demonstrate ability to craft tcpdump filters that match on given criteria.
  • UDP and ICMPThe candidate will demonstrate understanding of the UDP and ICMP protocols and the ability to discern between typical and anomalous behavior.
  • Wireshark FundamentalsThe candidate will demonstrate ability to use Wireshark to analyze typical and malicious network traffic.

Practice Tests

  • Practice exams are a simulation of the real exam, allowing you to become familiar with the test engine and style of questions
  • Practice exams can serve as a gauge to determine if your preparation methods are sufficient
  • The bank of practice questions is limited, so you may encounter the same question on multiple practice tests
  • Practice exams never include actual exam questions
  • Purchase a GCIA practice test here

How To Prepare

Other Resources

  • Training is available  in a variety of modalities including live training and OnDemand
  • Practical work experience can help ensure that you have mastered the skills necessary for certification
  • College level courses or self-paced study through other programs or materials may meet the needs for mastery
  • Understand the procedure to  contest exam results
  • Use this justification letter to share key details of this certification opportunity with your boss

Find Affiliate Training

Explore affiliate training options to prepare for your GIAC certification exam.

Find Training Now

Subscribe to GIAC’s Monthly Newsletter

Receive expert insights, priority access to certifications, essential updates on regulatory changes and industry developments.