New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

GCFW GIAC Certified Firewall Analyst Questions and Answers

Questions 4

Which of the following is a Cisco IOS management term described in the statement below?

"It is the fourth digit in the configuration register and contains a hexadecimal value. The bootstrap program uses its value to choose which operating system to load into RAM."

Options:

A.

Boot check

B.

Boot field

C.

Boot value

D.

Boot

Buy Now
Questions 5

Which of the following can be applied as countermeasures against DDoS attacks?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Using the network-ingress filtering

B.

Limiting the amount of network bandwidth

C.

Blocking IP address

D.

Using Intrusion detection systems

E.

Using LM hashes for passwords

Buy Now
Questions 6

Which of the following are the types of intrusion detection systems?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Client-based intrusion detection system (CIDS)

B.

Network intrusion detection system (NIDS)

C.

Server-based intrusion detection system (SIDS)

D.

Host-based intrusion detection system (HIDS)

Buy Now
Questions 7

Which of the following protocols does IPsec use to perform various security functions in the network?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Skinny Client Control Protocol

B.

Authentication Header

C.

Encapsulating Security Payload

D.

Internet Key Exchange

Buy Now
Questions 8

Which of the following IDs is used to reassemble the fragments of a datagram at the destination point?

Options:

A.

IP identification number

B.

SSID

C.

MAK ID

D.

IP address

Buy Now
Questions 9

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. You have searched all open ports of the we-are-secure server. Now, you want to perform the next information-gathering step, i.e., passive OS fingerprinting. Which of the following tools can you use to accomplish the task?

Options:

A.

NBTscan

B.

Nmap

C.

P0f

D.

Superscan

Buy Now
Questions 10

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based routed network. Two routers have been configured on the network. A router receives a packet. Which of the following actions will the router take to route the incoming packet?

Each correct answer represents a part of the solution. Choose two.

Options:

A.

Use the routing table to determine the best path to the destination network address.

B.

Read the destination IP address.

C.

Add the path covered by the packet to the routing table.

D.

Read the source IP address.

E.

Use the routing table to determine the best path to the source network address.

Buy Now
Questions 11

Which of the following tools can be used as a Linux vulnerability scanner that is capable of identifying operating systems and network services?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Cheops-ng

B.

Fport

C.

Cheops

D.

Elsave

Buy Now
Questions 12

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to send malicious data packets in such a manner that one packet fragment overlaps data from a previous fragment so that he can perform IDS evasion on the We-are-secure server and execute malicious data. Which of the following tools can he use to accomplish the task?

Options:

A.

Hunt

B.

Ettercap

C.

Alchemy Remote Executor

D.

Mendax

Buy Now
Questions 13

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

Options:

A.

Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system

B.

Volatile data, file slack, registry, memory dumps, file system, system state backup, interne t traces

C.

Volatile data, file slack, file system, registry, memory dumps, system state backup, interne t traces

D.

Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps

Buy Now
Questions 14

Which of the following forms on NAT maps multiple unregistered IP addresses to a single registered IP address by using different ports?

Options:

A.

Overloading

B.

Dynamic NAT

C.

Overclocking

D.

Static NAT

Buy Now
Questions 15

Which of the following techniques allows probing firewall rule-sets and finding entry points into the targeted system or network?

Options:

A.

Packet collision

B.

Network enumerating

C.

Packet crafting

D.

Distributed Checksum Clearinghouse

Buy Now
Questions 16

You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008- based network. You have created a test domain for testing IPv6 addressing. Which of the following types of addresses are supported by IPv6?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Multicast

B.

Anycast

C.

Broadcast

D.

Unicast

Buy Now
Questions 17

In which of the following IDS evasion techniques does an attacker deliver data in multiple small sized packets, which makes it very difficult for an IDS to detect the attack signatures of such attacks?

Options:

A.

Fragmentation overwrite

B.

Fragmentation overlap

C.

Insertion

D.

Session splicing

Buy Now
Questions 18

Which of the following is a chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event?

Options:

A.

Security audit

B.

Corrective controls

C.

Audit trail

D.

Detective controls

Buy Now
Questions 19

Which of the following attacking methods allows the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer by changing the Media Access Control address?

Options:

A.

IP address spoofing

B.

ARP spoofing

C.

MAC spoofing

D.

VLAN hoping

Buy Now
Questions 20

An organization has more than a couple of external business, and exchanges dynamic routing information with the external business partners. The organization wants to terminate all routing from a partner at an edge router, preferably receiving only summary routes from the partner. Which of the following will be used to change all partner addresses on traffic into a range of locally assigned addresses?

Options:

A.

ACL

B.

IPsec

C.

Firewall

D.

NAT

Buy Now
Questions 21

Which of the following TShark options is used to set capture buffer size in MB?

Options:

A.

-F

B.

-G

C.

-C

D.

-B

Buy Now
Questions 22

You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 Active Directory-based single forest multiple domain IPv4 network. All the DNS servers on the network run Windows Server 2008. The users in the network use NetBIOS name to connect network application on the network. You have migrated the network to IPv6-enabled network. Now you want to enable DNS Server to perform lookups in GlobalNames Zone. Which of the following commands will you use to accomplish the task?

Options:

A.

Dnscmd /config /enableglobalnamessupport 1

B.

Dnscmd /config /globalnamesqueryorder 0

C.

Dnscmd /config /enableglobalnames 1

D.

Dnscmd /config /enableglobalnamessupport 0

Buy Now
Questions 23

You send and receive messages on Internet. A man-in-the-middle attack can be performed to capture and read your message. Which of the following Information assurance pillars ensures the security of your message or data against this type of attack?

Options:

A.

Confidentiality

B.

Non-repudiation

C.

Data availability

D.

Authentication

Buy Now
Questions 24

Which of the following well-known ports is used by BOOTP?

Options:

A.

UDP 69

B.

TCP 161

C.

TCP 21

D.

UDP 67

Buy Now
Questions 25

Which of the following is used for debugging the network setup itself by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem?

Options:

A.

WinPcap

B.

Netfilter

C.

tcpdump

D.

iptables

Buy Now
Questions 26

SSH is a network protocol that allows data to be exchanged between two networks using a secure channel. Which of the following encryption algorithms can be used by the SSH protocol?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

DES

B.

IDEA

C.

Blowfish

D.

RC4

Buy Now
Questions 27

You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008- based network. You have created a test domain for testing IPv6 addressing. Which of the following types of addresses are supported by IPv6?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Multicast

B.

Anycast

C.

Broadcast

D.

Unicast

Buy Now
Questions 28

Which of the following is used to implement a procedure to control inbound and outbound traffic on a network?

Options:

A.

Cookies

B.

Sam Spade

C.

ACL

D.

NIDS

Buy Now
Questions 29

Which of the following can be used in an extended access list to filter traffic?

Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Source IP address

B.

Destination IP address

C.

Destination MAC address

D.

Protocol

E.

TCP or UDP port number

Buy Now
Questions 30

Fill in the blank with the appropriate tool name.

______________ is a network protocol analyzer tool that is used to capture packet data from an existing network or examine packet data from a pre-saved file.

Options:

Buy Now
Questions 31

You work as a Forensic Investigator. Which of the following rules will you follow while working on a case?

Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Follow the rules of evidence and never temper with the evidence.

B.

Examine original evidence and never rely on the duplicate evidence.

C.

Never exceed the knowledge base of the forensic investigation.

D.

Prepare a chain of custody and handle the evidence carefully.

Buy Now
Questions 32

What is the easiest way to verify that name resolution is functioning properly on a TCP/IP network?

Options:

A.

Use the TRACERT command with the /pingname parameter.

B.

Ping the source host with its computer name.

C.

Ping the source host with its IP address.

D.

Check the IP statistics on the file server.

Buy Now
Questions 33

Your customer is concerned about security. He wants to make certain no one in the outside world can see the IP addresses inside his network. What feature of a router would accomplish this?

Options:

A.

NAT

B.

Firewall

C.

Port forwarding

D.

MAC filtering

Buy Now
Questions 34

Which of the following vulnerability scanners detects vulnerabilities by actually performing attacks?

Options:

A.

Network enumerator

B.

Computer worm

C.

Port scanner

D.

Web application security scanner

Buy Now
Questions 35

Which of the following terms is used to represent IPv6 addresses?

Options:

A.

Hexadecimal-dot notation

B.

Colon-hexadecimal

C.

Colon-dot

D.

Dot notation

Buy Now
Questions 36

Which of the following files is a Cisco IOS configuration files that resides in RAM?

Options:

A.

running-config

B.

startup-config

C.

temp-config

D.

ram-config

Buy Now
Questions 37

The simplest form of a firewall is a packet filtering firewall. A packet filtering firewall filters packets at the Network layer and Transport layer. What are the types of information that are filtered at the Network layer of the OSI reference model?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

TCP/IP protocols

B.

IP addresses

C.

TCP and UDP port numbers

D.

TCP control flags

Buy Now
Questions 38

Which of the following tools is an open source protocol analyzer that can capture traffic in real time?

Options:

A.

Netresident

B.

Snort

C.

Wireshark

D.

NetWitness

Buy Now
Questions 39

Sam works as a Network Administrator for Gentech Inc. He has been assigned a project to develop the rules that define the IDP policy in the rulebase. Which of the following will he define as the components of the IDP policy rule?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

IDP Profiler

B.

IDP rule IP actions

C.

IDP appliance deployment mode

D.

IDP rule notifications

Buy Now
Questions 40

John works as a Network Administrator for Web Perfect Inc. The company has a wireless LAN network. John has configured shared key authentication on a client. The client and the AP start exchanging the frames to enable authentication. Which of the following vulnerabilities may occur while the client and the AP exchange the challenge text over the wireless link?

Options:

A.

Man-in-the-middle attack

B.

Land attack

C.

Vulnerability attack

D.

DoS attack

Buy Now
Questions 41

Which of the following fields are specified when rules are created for the Network Honeypot

rulebase?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

A destination/service match condition

B.

Detection settings

C.

Operation mode

D.

Response options

Buy Now
Questions 42

You work as a Forensic Investigator. Which of the following rules will you follow while working on a case?

Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Prepare a chain of custody and handle the evidence carefully.

B.

Follow the rules of evidence and never temper with the evidence.

C.

Never exceed the knowledge base of the forensic investigation.

D.

Examine original evidence and never rely on the duplicate evidence.

Buy Now
Questions 43

Which of the following types of audit constructs a risk profile for existing and new projects?

Options:

A.

Innovative comparison audit

B.

Client/Server, Telecommunications, Intranets, and Extranets audits

C.

Technological position audit

D.

Technological innovation process audit

Buy Now
Questions 44

Which of the following attacks sends false ICMP packets in an attempt to cripple a system using random fake Internet source addresses?

Options:

A.

Twinge attack

B.

Replay attack

C.

Land attack

D.

SYN attack

Buy Now
Questions 45

Which of the following program loads IOS image into RAM?

Options:

A.

Bootstrap

B.

POST

C.

TFTP

D.

NVRAM

Buy Now
Questions 46

In which of the following attacks does an attacker change the MAC address on the sniffer to one that is the same in another system on the local subnet?

Options:

A.

ARP spoofing

B.

MAC flooding

C.

IP spoofing

D.

MAC duplicating

Buy Now
Questions 47

You are the Administrator for a corporate network. You are concerned about denial of service attacks.

Which of the following would be most helpful against Denial of Service (DOS) attacks?

Options:

A.

Stateful Packet Inspection (SPI) firewall

B.

Packet filtering firewall

C.

Honey pot

D.

Network surveys.

Buy Now
Questions 48

Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through the filter?

Options:

A.

Stateful packet filter firewall

B.

Stateless packet filter firewall

C.

Virtual firewall

D.

PIX firewall

Buy Now
Questions 49

You work as a Firewall Analyst in the Tech Perfect Inc. The company has a Linux-based environment. You have installed and configured netfilter/iptables on all computer systems. What are the main features of netfilter/iptables?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It includes many plug-ins or modules in 'patch-o-matic' repository.

B.

It includes a number of layers of API's for third party extensions.

C.

It offers stateless and stateful packet filtering with both IPv4 and IPv6 addressing schemes

D.

It provides network address and port address translations with both IPv4 and IPv6 addressing schemes.

Buy Now
Questions 50

Which of the following protocols is used by voice over IP (VoIP) applications?

Options:

A.

ICMP

B.

IPv6

C.

UDP

D.

TCP

Buy Now
Questions 51

Which of the following are packet filtering tools for the Linux operating system?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Zone Alarm

B.

BlackICE

C.

IPFilter

D.

IPTables

Buy Now
Questions 52

Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer and logs activities of the network that is matched with the predefined signatures?

Options:

A.

KisMAC

B.

Dsniff

C.

Snort

D.

Kismet

Buy Now
Questions 53

Which of the following methods will allow data to be sent on the Internet in a secure format?

Options:

A.

Browsing

B.

Virtual Private Networks

C.

Serial Line Interface Protocol

D.

Point-to-Point Protocol

Buy Now
Questions 54

Which of the following commands configures a router to encrypt all passwords entered after the command has been executed, as well as all passwords already on the running configuration?

Options:

A.

no service password-encryption

B.

enable password-encryption

C.

no enable password-encryption

D.

service password-encryption

Buy Now
Questions 55

Which of the following can provide security against man-in-the-middle attack?

Options:

A.

Anti-virus programs

B.

Strong data encryption during travel

C.

Strong authentication method

D.

Firewall

Buy Now
Questions 56

You work as a technician for Tech Perfect Inc. You are troubleshooting an Internet name resolution issue. You ping your ISP's DNS server address and find that the server is down. You want to continuously ping the DNS address until you have stopped the command. Which of the following commands will you use?

Options:

A.

ping -a

B.

ping -l

C.

ping -n

D.

ping –t

Buy Now
Questions 57

Which of the following are the countermeasures against a man-in-the-middle attack?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Using Secret keys for authentication.

B.

Using public key infrastructure authentication.

C.

Using Off-channel verification.

D.

Using basic authentication.

Buy Now
Questions 58

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.

A firewall has been configured on the network. You configure a filter on the router. You verify that SMTP operations have stopped after the recent configuration. Which of the following ports will you have to open on the router to resolve the issue?

Options:

A.

25

B.

80

C.

20

D.

21

Buy Now
Exam Code: GCFW
Exam Name: GIAC Certified Firewall Analyst
Last Update: Dec 27, 2024
Questions: 391
GCFW pdf

GCFW PDF

$25.5  $84.99
GCFW Engine

GCFW Testing Engine

$30  $99.99
GCFW PDF + Engine

GCFW PDF + Testing Engine

$40.5  $134.99