GCFW GIAC Certified Firewall Analyst Questions and Answers

Which of the following is a Cisco IOS management term described in the statement below?

"It is the fourth digit in the configuration register and contains a hexadecimal value. The bootstrap program uses its value to choose which operating system to load into RAM."

Which of the following can be applied as countermeasures against DDoS attacks?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following are the types of intrusion detection systems?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following protocols does IPsec use to perform various security functions in the network?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following IDs is used to reassemble the fragments of a datagram at the destination point?

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. You have searched all open ports of the we-are-secure server. Now, you want to perform the next information-gathering step, i.e., passive OS fingerprinting. Which of the following tools can you use to accomplish the task?

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based routed network. Two routers have been configured on the network. A router receives a packet. Which of the following actions will the router take to route the incoming packet?

Each correct answer represents a part of the solution. Choose two.

Which of the following tools can be used as a Linux vulnerability scanner that is capable of identifying operating systems and network services?

Each correct answer represents a complete solution. Choose all that apply.

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to send malicious data packets in such a manner that one packet fragment overlaps data from a previous fragment so that he can perform IDS evasion on the We-are-secure server and execute malicious data. Which of the following tools can he use to accomplish the task?

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

Which of the following forms on NAT maps multiple unregistered IP addresses to a single registered IP address by using different ports?

Which of the following techniques allows probing firewall rule-sets and finding entry points into the targeted system or network?

You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008- based network. You have created a test domain for testing IPv6 addressing. Which of the following types of addresses are supported by IPv6?

Each correct answer represents a complete solution. Choose all that apply.

In which of the following IDS evasion techniques does an attacker deliver data in multiple small sized packets, which makes it very difficult for an IDS to detect the attack signatures of such attacks?

Which of the following is a chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event?

Which of the following attacking methods allows the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer by changing the Media Access Control address?

An organization has more than a couple of external business, and exchanges dynamic routing information with the external business partners. The organization wants to terminate all routing from a partner at an edge router, preferably receiving only summary routes from the partner. Which of the following will be used to change all partner addresses on traffic into a range of locally assigned addresses?

Which of the following TShark options is used to set capture buffer size in MB?

You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 Active Directory-based single forest multiple domain IPv4 network. All the DNS servers on the network run Windows Server 2008. The users in the network use NetBIOS name to connect network application on the network. You have migrated the network to IPv6-enabled network. Now you want to enable DNS Server to perform lookups in GlobalNames Zone. Which of the following commands will you use to accomplish the task?

You send and receive messages on Internet. A man-in-the-middle attack can be performed to capture and read your message. Which of the following Information assurance pillars ensures the security of your message or data against this type of attack?

Which of the following well-known ports is used by BOOTP?

Which of the following is used for debugging the network setup itself by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem?

SSH is a network protocol that allows data to be exchanged between two networks using a secure channel. Which of the following encryption algorithms can be used by the SSH protocol?

Each correct answer represents a complete solution. Choose all that apply.

You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008- based network. You have created a test domain for testing IPv6 addressing. Which of the following types of addresses are supported by IPv6?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following is used to implement a procedure to control inbound and outbound traffic on a network?

Which of the following can be used in an extended access list to filter traffic?

Each correct answer represents a part of the solution. Choose all that apply.

Fill in the blank with the appropriate tool name.

______________ is a network protocol analyzer tool that is used to capture packet data from an existing network or examine packet data from a pre-saved file.

You work as a Forensic Investigator. Which of the following rules will you follow while working on a case?

Each correct answer represents a part of the solution. Choose all that apply.

What is the easiest way to verify that name resolution is functioning properly on a TCP/IP network?

Your customer is concerned about security. He wants to make certain no one in the outside world can see the IP addresses inside his network. What feature of a router would accomplish this?

Which of the following vulnerability scanners detects vulnerabilities by actually performing attacks?

Which of the following terms is used to represent IPv6 addresses?

Which of the following files is a Cisco IOS configuration files that resides in RAM?

The simplest form of a firewall is a packet filtering firewall. A packet filtering firewall filters packets at the Network layer and Transport layer. What are the types of information that are filtered at the Network layer of the OSI reference model?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following tools is an open source protocol analyzer that can capture traffic in real time?

Sam works as a Network Administrator for Gentech Inc. He has been assigned a project to develop the rules that define the IDP policy in the rulebase. Which of the following will he define as the components of the IDP policy rule?

Each correct answer represents a complete solution. Choose all that apply.

John works as a Network Administrator for Web Perfect Inc. The company has a wireless LAN network. John has configured shared key authentication on a client. The client and the AP start exchanging the frames to enable authentication. Which of the following vulnerabilities may occur while the client and the AP exchange the challenge text over the wireless link?

Which of the following fields are specified when rules are created for the Network Honeypot

rulebase?

Each correct answer represents a complete solution. Choose all that apply.

You work as a Forensic Investigator. Which of the following rules will you follow while working on a case?

Each correct answer represents a part of the solution. Choose all that apply.

Which of the following types of audit constructs a risk profile for existing and new projects?

Which of the following attacks sends false ICMP packets in an attempt to cripple a system using random fake Internet source addresses?

Which of the following program loads IOS image into RAM?

In which of the following attacks does an attacker change the MAC address on the sniffer to one that is the same in another system on the local subnet?

You are the Administrator for a corporate network. You are concerned about denial of service attacks.

Which of the following would be most helpful against Denial of Service (DOS) attacks?

Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through the filter?

You work as a Firewall Analyst in the Tech Perfect Inc. The company has a Linux-based environment. You have installed and configured netfilter/iptables on all computer systems. What are the main features of netfilter/iptables?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following protocols is used by voice over IP (VoIP) applications?

Which of the following are packet filtering tools for the Linux operating system?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer and logs activities of the network that is matched with the predefined signatures?

Which of the following methods will allow data to be sent on the Internet in a secure format?

Which of the following commands configures a router to encrypt all passwords entered after the command has been executed, as well as all passwords already on the running configuration?

Which of the following can provide security against man-in-the-middle attack?

You work as a technician for Tech Perfect Inc. You are troubleshooting an Internet name resolution issue. You ping your ISP's DNS server address and find that the server is down. You want to continuously ping the DNS address until you have stopped the command. Which of the following commands will you use?

Which of the following are the countermeasures against a man-in-the-middle attack?

Each correct answer represents a complete solution. Choose all that apply.

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.

A firewall has been configured on the network. You configure a filter on the router. You verify that SMTP operations have stopped after the recent configuration. Which of the following ports will you have to open on the router to resolve the issue?