The purpose of this Sample Question Set is to provide you with information about the GIAC Linux Incident Responder (GLIR) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the GLIR certification test. To get familiar with real exam environment, we suggest you try our Sample GIAC GLIR Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual GIAC Linux Incident Responder (GLIR) certification exam.
These sample questions are simple and basic questions that represent likeness to the real GIAC Linux Incident Responder exam questions. To assess your readiness and performance with real-time scenario based questions, we suggest you prepare with our Premium GIAC GLIR Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.
GIAC GLIR Sample Questions:
01. Which tools can help in viewing or processing logs from the systemd journal?
(Choose two)
a) journalctl
b) less
c) auditctl
d) rsyslog
02. Which issues can affect the reliability of Linux forensic timelines?
(Choose two)
a) Logging of shell history
b) Use of SSDs with TRIM functionality
c) Log rotation and overwrites
d) Excessive CPU usage
03. Where are boot-related messages typically logged in Linux systems?
a) /var/log/messages
b) /var/log/boot.log
c) /var/log/audit/audit.log
d) /var/log/secure
04. What actions are essential when mounting evidence from a disk image for analysis?
(Choose two)
a) Use a read-write mode for deeper inspection
b) Mount using a loop device
c) Ensure system time is synchronized
d) Record hash values before and after mounting
05. Which command provides a list of active network connections on a Linux system?
a) ss -tuln
b) lsof -nP
c) mount
d) ps -ef
06. What is a typical sign of file-based persistence in a Linux environment?
a) A cron job set to delete temp files hourly
b) A suspicious binary copied to /usr/local/bin
c) A symlink created in /etc/skel
d) A temporary file in /tmp/ directory
07. Where are user-installed libraries typically stored in a Linux system?
a) /usr/lib
b) /lib64
c) /lib
d) /var/lib
08. Why is it important to integrate threat intelligence into incident response playbooks?
a) To eliminate the need for log review
b) To ensure patches are automatically installed
c) To bypass Linux kernel security modules
d) To tailor detection and response steps based on known threat behavior
09. What does the regular expression ^/home/[a-z]+$ match?
a) All files ending with .home
b) Directories under /home with numeric characters
c) Paths under /home ending with lowercase letters only
d) Files in /home with capital letters
10. Which Linux directories are critical for storing kernel modules and drivers?
(Choose two)
a) /lib/modules
b) /usr/src
c) /boot
d) /dev
Answers:
Question: 01
Answer: a, d |
Question: 02
Answer: b, c |
Question: 03
Answer: b |
Question: 04
Answer: b, d |
Question: 05
Answer: a |
Question: 06
Answer: b |
Question: 07
Answer: a |
Question: 08
Answer: d |
Question: 09
Answer: c |
Question: 10
Answer: a, c |
Note: For any error in GIAC Linux Incident Responder (GLIR) certification exam sample questions, please update us by writing an email on feedback@edusum.com.
