GIAC Certified Firewall Analyst
Last Update May 18, 2024
Total Questions : 391
We are offering FREE GCFW GIAC exam questions. All you do is to just go and sign up. Give your details, prepare GCFW free exam questions and then go for complete pool of GIAC Certified Firewall Analyst test questions that will help you more.
Which of the following vulnerability scanners is used to test Web servers for dangerous files/CGIs, outdated server software, and other problems?
Which of the following components are usually found in an Intrusion detection system (IDS)?
Each correct answer represents a complete solution. Choose two.
In which of the following IDS evasion techniques does an attacker deliver data in multiple small sized packets, which makes it very difficult for an IDS to detect the attack signatures of such attacks?
Which of the following algorithms is used as a default algorithm for ESP extension header in IPv6?
John, a malicious hacker, forces a router to stop forwarding packets by flooding it with many open connections simultaneously so that all hosts behind it are effectively disabled. Which of the following attacks is John performing?
Which of the following firewalls filters the traffic based on the header of the datagram?
Which of the following firewalls operates at three layers- Layer3, Layer4, and Layer5?
In which of the following situations does legal and authorized traffic cause an intrusion detection system (IDS) to generate an alert and slow down performance?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following ICMPv6 neighbor discovery messages is sent by hosts to request an immediate router advertisement, instead of waiting for the next scheduled advertisement?
You work as a Network Architect for Tech Perfect Inc. The company has a corporate LAN network. You will have to perform the following tasks:
l Limit events that occur from security threats such as viruses, worms, and spyware.
l Restrict access to the network based on identity or security posture.
Which of the following services will you deploy in the network to accomplish the tasks?
You work as a Network Administrator for Tech Perfect Inc. You are required to verify security policies configured in the company's networks. Which of the following applications will you use to accomplish the task?
Which of the following programs can be used to detect stealth port scans performed by a malicious hacker?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following tools detects certain types of packet filters and NAT setups?
Fill in the blank with appropriate address translation type.
A______ performs translation of one IP address to a different one automatically. It requires manually defining two sets of addresses on the address translation device (probably a router). One set defines which inside addresses are allowed to be translated, and the other defines what these addresses are to be translated to.
What netsh command should be run to enable IPv6 routing?
Each correct answer represents a part of the solution. Choose two.
Which of the following can be configured so that when an alarm is activated, all doors lock and the suspect or intruder is caught between the doors in the dead-space?
Which of the following is like a malicious cache poisoning where fake data is placed in the cache of the name servers?
You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 Active Directory-based single forest multiple domain IPv4 network. All the DNS servers on the network run Windows Server 2008. The users in the network use NetBIOS name to connect network application on the network. You have migrated the network to IPv6-enabled network. Now you want to enable DNS Server to perform lookups in GlobalNames Zone. Which of the following commands will you use to accomplish the task?
John works as the Security Manager for PassGuide Inc. He wants to create the Profiler database that stores information about the network activity at Layer 3, Layer 4, and Layer 7. Which of the following will he use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Network Adminstrator at PassGuide Inc. You want to implement a solution that will automatically disallow connections if an attack is suspected. Which of the following technologies will you choose to accomplish the task?
Which of the following is a version of netcat with integrated transport encryption capabilities?
Which of the following attacks are prevented from a mutual authentication solution?
Each correct answer represents a complete solution. Choose all that apply.
In which of the following steps of firewall log analysis process is aggregation for nodes defined?
Audit trail or audit log is a chronological sequence of audit records, each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Under which of the following controls does audit control come?
Which of the following devices works as a transparent bridge between the wireless clients and the wired network?
Which of the following is a version of netcat with integrated transport encryption capabilities?
An organization has a TCP/IP based network. It uses IPv6 addressing in its network. IPv6 tackles addressing and routing-table problems, and improves the protocol as well. Which of the following statements is true about IPv6?
The simplest form of a firewall is a packet filtering firewall. Typically a router works as a packet-filtering firewall and has the capability to filter on some of the contents of packets. On which of the following layers of the OSI reference model do these routers filter information?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following responsibilities does not come under the audit process?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. John notices that the We-are-secure network is vulnerable to a man-inthe- middle attack since the key exchange process of the cryptographic algorithm it is using does not authenticate participants. Which of the following cryptographic algorithms is being used by the Weare- secure server?
Adam works as a Network Administrator for PassGuide Inc. He wants to prevent the network from DOS attacks. Which of the following is most useful against DOS attacks?
Which of the following can be configured so that when an alarm is activated, all doors lock and the suspect or intruder is caught between the doors in the dead-space?
Which of the following methods will allow data to be sent on the Internet in a secure format?
John works as a Network Administrator for Web Perfect Inc. The company has a wireless LAN network. John has configured shared key authentication on a client. The client and the AP start exchanging the frames to enable authentication. Which of the following vulnerabilities may occur while the client and the AP exchange the challenge text over the wireless link?
Which of the following types of Intrusion Detection Systems consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state?
You work as a Network Adminstrator at PassGuide Inc. You want to implement a solution that will automatically disallow connections if an attack is suspected. Which of the following technologies will you choose to accomplish the task?
Which of the following can be monitored by using the host intrusion detection system (HIDS)?
Each correct answer represents a complete solution. Choose two.
Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform a user must install a packet capture library.
What is the name of this library?
Which of the following statements about the traceroute utility are true?
Each correct answer represents a complete solution. Choose all that apply.
Sam works as a Network Administrator for Gentech Inc. He has been assigned a project to develop the rules that define the IDP policy in the rulebase. Which of the following will he define as the components of the IDP policy rule?
Each correct answer represents a complete solution. Choose all that apply.
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully completed the following steps of the preattack phase:
l Information gathering
l Determining network range
l Identifying active machines
l Finding open ports and applications
l OS fingerprinting
l Fingerprinting services
Now John wants to perform network mapping of the We-are-secure network. Which of the following tools can he use to accomplish his task?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is a chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event?
John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?
Adam works as a professional Computer Hacking Forensic Investigator, a project has been assigned to him to investigate and examine files present on suspect's computer. Adam uses a tool with the help of which he can examine recovered deleted files, fragmented files, and other corrupted data. He can also examine the data, which was captured from the network, and access the physical RAM, and any processes running in virtual memory with the help of this tool. Which of the following tools is Adam using?
Which of the following proxy servers is placed anonymously between the client and remote server and handles all of the traffic from the client?
Which of the following are the countermeasures against a man-in-the-middle attack?
Each correct answer represents a complete solution. Choose all that apply.
Choose the best explanation for the resulting error when entering the command below.
Which of the following ports cannot be used to access the router from a computer?
Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer and logs activities of the network that is matched with the predefined signatures?
Distributed Checksum Clearinghouse (DCC) is a hash sharing method of spam email detection.
Which of the following protocols does the DCC use?
Which of the following forms on NAT maps multiple unregistered IP addresses to a single registered IP address by using different ports?
You are implementing passive OS fingerprinting in a network. Which of the following aspects are required to be configured there?
Each correct answer represents a part of the solution. Choose all that apply.
You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP network. You have been assigned a task to configure security mechanisms for the network of the company. You have decided to configure a packet filtering firewall. Which of the following may be the reasons that made you choose a packet filtering firewall as a security mechanism?
Each correct answer represents a complete solution. Choose all that apply.
This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of these tools are as follows:
l It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.
l It is commonly used for the following purposes:
a. War driving
b. Detecting unauthorized access points
c. Detecting causes of interference on a WLAN
d. WEP ICV error tracking
e. Making Graphs and Alarms on 802.11 Data, including Signal Strength
This tool is known as __________.
You work as a Security Administrator for Tech Perfect Inc. The company has a switched network. You have configured tcpdump in the network which can only see traffic addressed to itself and broadcast traffic. What will you do when you are required to see all traffic of the network?