Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Certensure Logo
  1. Home
  2. GIAC
  3. GIAC Certification
  4. GCFW - GIAC Certified Firewall Analyst

GIAC GCFW GIAC Certified Firewall Analyst Exam Practice Test

Demo: 58 questions
Total 391 questions
Get GCFW Full Access Download GCFW PDF

GIAC Certified Firewall Analyst Questions and Answers

Question 1

Which of the following tools performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs?

Options:

A.

Nikto

B.

Sniffer

C.

Snort

D.

Dsniff

Question 2

John works as the Security Manager for PassGuide Inc. He wants to create the Profiler database that stores information about the network activity at Layer 3, Layer 4, and Layer 7. Which of the following will he use to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Ignore connection

B.

Session creation

C.

Protocol contexts

D.

Session teardown

Question 3

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

Options:

A.

Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system

B.

Volatile data, file slack, registry, memory dumps, file system, system state backup, interne t traces

C.

Volatile data, file slack, file system, registry, memory dumps, system state backup, interne t traces

D.

Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps

Question 4

A remote-access VPN offers secured and encrypted connections between mobile or remote users and their corporate network across public networks. Which of the following does the remote-access VPN use for offering these types of connections?

Each correct answer represents a complete solution. Choose two.

Options:

A.

SSL

B.

IPsec

C.

TLS

D.

SSH

Question 5

Which of the following attacks sends false ICMP packets in an attempt to cripple a system using random fake Internet source addresses?

Options:

A.

Land attack

B.

SYN attack

C.

Replay attack

D.

Twinge attack

Question 6

You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to investigate e-mail information of an employee of the company. The suspected employee is using an online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer will you review to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Temporary Internet Folder

B.

History folder

C.

Download folder

D.

Cookies folder

Question 7

Adam works as a Security administrator for Umbrella Inc. He runs the following traceroute and notices that hops 19 and 20 both show the same IP address.

1 172.16.1.254 (172.16.1.254) 0.724 ms 3.285 ms 0.613 ms 2 ip68-98-176-

1.nv.nv.cox.net (68.98.176.1) 12.169 ms 14.958 ms 13.416 ms 3 ip68-98-176-

1.nv.nv.cox.net (68.98.176.1) 13.948 ms ip68-100-0-1.nv.nv. cox.net (68.100.0.1)

16.743 ms 16.207 ms 4 ip68-100-0-137.nv.nv.cox.net (68.100.0.137) 17.324 ms 13.933

ms 20.938 ms 5 68.1.1.4 (68.1.1.4) 12.439 ms 220.166 ms 204.170 ms

6 so-6-0-0.gar2.wdc1.Level3.net (67.29.170.1) 16.177 ms 25.943 ms 14.104 ms 7

unknown.Level3.net (209.247.9.173) 14.227 ms 17.553 ms 15.415 ms "PassGuide" -

8 so-0-1-0.bbr1.NewYork1.level3.net (64.159.1.41) 17.063 ms 20.960 ms 19.512 ms 9

so-7-0-0.gar1. NewYork1.Level3.net (64.159.1.182) 20.334 ms 19.440 ms 17.938 ms

10 so-4-0-0.edge1.NewYork1.Level3.

net (209.244.17.74) 27.526 ms 18.317 ms 21.202 ms 11 uunet-level3-

oc48.NewYork1.Level3.net

(209.244.160.12) 21.411 ms 19.133 ms 18.830 ms 12 0.so-6-0-0.XL1.NYC4.ALTER.NET

(152.63.21.78)

21.203 ms 22.670 ms 20.111 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153)

30.929 ms 24.858 ms

23.108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 37.894 ms 33.244 ms

33.910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms

49.466 ms 16 0.so-3-0-0.XR1.MIA4.ALTER.

NET (152.63.101.41) 50.937 ms 49.005 ms 51.055 ms 17 117.ATM6-

0.GW5.MIA1.ALTER.NET (152.63.82.73) 51.897 ms 50.280 ms 53.647 ms 18 PassGuidegw1.

customer.alter.net (65.195.239.14) 51.921 ms 51.571 ms 56.855 ms 19

www.PassGuide.com (65.195.239.22) 52.191 ms 52.571 ms 56.855 ms 20

www.PassGuide.com (65.195.239.22) 53.561 ms 54.121 ms 58.333 ms

Which of the following is the most like cause of this issue?

Options:

A.

A stateful inspection firewall

B.

An application firewall

C.

Network Intrusion system

D.

Intrusion Detection System

Question 8

You are the Network Administrator for a large corporate network. You want to monitor all network traffic on your local network for suspicious activities and receive a notification when a possible attack is in process. Which of the following actions will you take for this?

Options:

A.

Install a DMZ firewall

B.

Enable verbose logging on the firewall

C.

Install a host-based IDS

D.

Install a network-based IDS

Question 9

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. You have searched all open ports of the we-are-secure server. Now, you want to perform the next information-gathering step, i.e., passive OS fingerprinting. Which of the following tools can you use to accomplish the task?

Options:

A.

Nmap

B.

NBTscan

C.

P0f

D.

Superscan

Question 10

Which of the following wireless security features provides the best wireless security mechanism?

Options:

A.

WPA with 802.1X authentication

B.

WPA with Pre Shared Key

C.

WEP

D.

WPA

Question 11

You work as a Network Troubleshooter for PassGuide Inc. You want to tunnel the IPv6 traffic across an IPv4 supporting portion of the company's network. You are using the interface configuration mode for the tunnel. Which of the following IP addresses will you enter after the tunnel source command?

Options:

A.

The IPv4 address assigned to the local interface on which the tunnel is built

B.

The IPv4 address assigned to the remote interface on which the tunnel is built

C.

The IPv6 address assigned to the local tunnel interface

D.

The IPv6 address assigned to the remote tunnel interface

Question 12

Which of the following intrusion detection systems (IDS) monitors network traffic and compares it against an established baseline?

Options:

A.

Network-based

B.

File-based

C.

Signature-based

D.

Anomaly-based

Question 13

Which of the following ports cannot be used to access the router from a computer?

Options:

A.

Aux port

B.

Console port

C.

Serial port

D.

Vty

Question 14

Which of the following tools is used to analyze the files produced by several popular packetcapture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

Options:

A.

Fpipe

B.

tcptrace

C.

tcptraceroute

D.

Sniffer

Question 15

Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer and logs activities of the network that is matched with the predefined signatures?

Options:

A.

KisMAC

B.

Dsniff

C.

Snort

D.

Kismet

Question 16

Which of the following can be monitored by using the host intrusion detection system (HIDS)?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Computer performance

B.

File system integrity

C.

Storage space on computers

D.

System files

Question 17

Which of the following is a Cisco IOS management term described in the statement below?

"It is the fourth digit in the configuration register and contains a hexadecimal value. The bootstrap program uses its value to choose which operating system to load into RAM."

Options:

A.

Boot check

B.

Boot field

C.

Boot value

D.

Boot

Question 18

Which of the following statements are true about an IDP rule base notification?

Options:

A.

It can be defined as reusable logical entities that the user can apply to the rules.

B.

When an action is performed, a notification defines how to log information.

C.

It is used to specify the type of network traffic that has to be monitored for attacks.

D.

It directs an IDP to drop or close the connection.

Question 19

Mark works as a Network Security Administrator for BlueWells Inc. The company has a Windowsbased network. Mark is giving a presentation on Network security threats to the newly recruited employees of the company. His presentation is about the External threats that the company recently faced in the past. Which of the following statements are true about external threats?

Each correct answer represents a complete solution. Choose three.

Options:

A.

These are the threats that originate from within the organization.

B.

These are the threats that originate from outside an organization in which the attacker attempts to gain unauthorized access.

C.

These threats can be countered by implementing security controls on the perimeters of the network, such as firewalls, which limit user access to the Internet.

D.

These are the threats intended to flood a network with large volumes of access requests.

Question 20

You have to ensure that your Cisco Router is only accessible via telnet and ssh from the following hosts and subnets:

10.10.2.103

10.10.0.0/24

Which of the following sets of commands will you use to accomplish the task?

Options:

A.

access-list 10 permit host 10.10.2.103

access-list 10 permit 10.10.0.0 0.0.0.255

access-list 10 deny any

line vty 0 4

access-class 10 in

B.

access-list 10 permit 10.10.2.103

access-list 10 permit 10.10.0.0 0.0.0.255

access-list 10 deny any

line vty 0 4

access-group 10 in

C.

access-list 10 permit host 10.10.2.103

access-list 10 permit 10.10.0.0 0.0.0.255

access-list 10 deny any

line vty 0 4

access-class 10 out

D.

access-list 10 permit host 10.10.2.103

access-list 11 permit host 10.10.0.0 255.255.255.0

access-list 12 deny any

line vty 0 4

access-group 10, 11, 12 in

Question 21

Which of the following is used for debugging the network setup itself by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem?

Options:

A.

iptables

B.

WinPcap

C.

Netfilter

D.

tcpdump

Question 22

Which of the following algorithms is used as a default algorithm for ESP extension header in IPv6?

Options:

A.

Electronic Codebook (ECB) Mode

B.

Cipher Block Chaining (CBC) Mode

C.

Propagating Cipher Block Chaining (PCBC) Mode

D.

Cipher Feedback (CFB) Mode

Question 23

Which of the following tools can be used as a Linux vulnerability scanner that is capable of identifying operating systems and network services?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Cheops-ng

B.

Fport

C.

Cheops

D.

Elsave

Question 24

In which of the following conditions is the SYN Protector rule base activated in passive mode?

Options:

A.

When the number of SYN packets per second is equal to 13,425 (default)

B.

Only when the number of SYN packets per second is equal to the sum of the lower SYNs-persecond threshold and the upper SYNs-per-second threshold

C.

When the number of SYN packets per second is smaller than the sum of the lower SYNs-persecond threshold and the upper SYNs-per-second threshold

D.

When the number of SYN packets per second is greater than the sum of the lower SYNs-persecond threshold and the upper SYNs-per-second threshold

Question 25

Which of the following ICMPv6 neighbor discovery messages is sent by hosts to request an immediate router advertisement, instead of waiting for the next scheduled advertisement?

Options:

A.

Router Advertisement

B.

Neighbor Advertisement

C.

Router Solicitation

D.

Neighbor Solicitation

Question 26

WinDump, tcpdump, and Wireshark specify which fields of information libpcap should record.

Which of the following filters do they use in order to accomplish the task?

Options:

A.

Berkeley Packet Filter

B.

IM filter

C.

Web filter

D.

FIR filter

Question 27

Which of the following components are usually found in an Intrusion detection system (IDS)?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Firewall

B.

Console

C.

Gateway

D.

Modem

E.

Sensor

Question 28

What is the easiest way to verify that name resolution is functioning properly on a TCP/IP network?

Options:

A.

Use the TRACERT command with the /pingname parameter.

B.

Ping the source host with its computer name.

C.

Ping the source host with its IP address.

D.

Check the IP statistics on the file server.

Question 29

You have just taken over as the Network Administrator for a medium sized company. You want to check to see what services are exposed to the outside world. What tool would you use to accomplish this?

Options:

A.

Protocol analyzer

B.

Network mapper

C.

Packet sniffer

D.

A port scanner

Question 30

Which of the following commands will you use with the tcpdump command to capture the traffic from a filter stored in a file?

Options:

A.

tcpdump -F file_name

B.

tcpdump -A file_name

C.

tcpdump -D file_name

D.

tcpdump -X file_name

Question 31

You work as a Network Administrator for NetTech Inc. Your manager needs to access a particular server on the network from outside the company network. You have a registered IP address assigned to a router on the company network. Which of the following will be useful for accessing the server from outside the network?

Options:

A.

Dynamic VLAN

B.

Overloading

C.

Switch

D.

Static NAT

Question 32

Which of the following libraries does TShark use to capture traffic from the first available network interface?

Options:

A.

dcap

B.

scap

C.

bcap

D.

pcap

Question 33

Secure Shell (SSH) is a network protocol that allows data to be exchanged using a secure channel between two networked devices. Which of the following features are supported by Secure Shell?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

SSH can transfer files using the associated HTTP or FTP protocols.

B.

SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections.

C.

SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.

D.

SSH uses the client-server model.

Question 34

You work as a Network Administrator for BlueTech Inc. You want to configure Snort as an IDS for your company's wireless network, but you are concerned that Snort does not support all types of traffic. What traffic does Snort support?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

TCP

B.

IP

C.

UDP

D.

ICMP

Question 35

Which of the following tools uses PDA and barcode technologies in order to enable effective identification, control, and reporting of items in a site?

Options:

A.

Smart card

B.

Vulnerability scanner

C.

Baseline audit

D.

Biometric device

Question 36

Which of the following techniques correlates information found on multiple hard drives?

Options:

A.

Cross-drive analysis

B.

Data analysis

C.

Live analysis

D.

Gap analysis

Question 37

Which of the following attacks can be mitigated by providing proper training to the employees in an organization?

Options:

A.

Social engineering

B.

Smurf

C.

Man-in-the-middle

D.

Denial-of-Service

Question 38

Which of the following attacks are prevented from a mutual authentication solution?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Man-in-the-middle attack

B.

Eavesdropping attack

C.

Hijacking

D.

Phishing

Question 39

Which of the following statements about Access control list (ACL) is true?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Extended IP Access Control List permits or denies packets only from a specific source IP addresses.

B.

Standard IP Access Control List permits or denies packets only from specific source IP addr esses.

C.

Standard IP Access Control List can be used to permit or deny traffic from a specific source IP addresses or for a specific destination IP address, and port.

D.

Extended IP Access Control List permits or denies traffic from a specific source IP addresses or for a specific destination IP address, and port.

E.

Access control list filters packets or network traffic by controlling whether routed packets are forwarded or blocked at the router's interfaces.

Question 40

Which of the following wireless security policies helps to prevent the wireless enabled laptops from peer-topeer attacks when the laptops are used in public access network?

Options:

A.

Use protocol analyzer

B.

Use Port Address Translation

C.

Use security protocols

D.

Use firewall

Question 41

Which of the following tools can be used as a Linux vulnerability scanner that is capable of identifying operating systems and network services?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Cheops-ng

B.

Fport

C.

Elsave

D.

Cheops

Question 42

The general form of the Cisco IOS is a.b.c.de. Which of the following indicates the major version number of the Cisco IOS?

Options:

A.

b

B.

e

C.

d

D.

a

Question 43

You work as a Network Administrator for Tech Perfect Inc. The company has a wireless LAN infrastructure. The management wants to prevent unauthorized network access to local area networks and other information assets by the wireless devices. What will you do?

Options:

A.

Implement an ACL.

B.

Implement a firewall.

C.

Implement a dynamic NAT.

D.

Implement a WIPS.

Question 44

Which of the following statements about segmentation of a network using router is true?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Filtering can be done based on layer 3 information.

B.

Segmenting of a network using router will increase latency.

C.

Number of broadcast domains will be decreased.

D.

Broadcast will not be forwarded to other segment through the router.

Question 45

Adam works as a Network Administrator for PassGuide Inc. He wants to prevent the network from DOS attacks. Which of the following is most useful against DOS attacks?

Options:

A.

Distributive firewall

B.

Honey Pot

C.

SPI

D.

Internet bot

Question 46

Which of the following information must the fragments carry for the destination host to reassemble them back to the original unfragmented state?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

MF flag

B.

Length of the data

C.

IP address

D.

Offset field

E.

MAC address

F.

IP identification number

Question 47

In which of the following steps of firewall log analysis process is aggregation for nodes defined?

Options:

A.

View transformation

B.

Assess available data

C.

Visual transformation

D.

Process information

Question 48

An attacker makes an attempt against a Web server. The result is that the attack takes the form of URLs. These URLs search for a certain string that identifies an attack against the Web server.

Which IDS/IPS detection method do the URLs use to detect and prevent an attack?

Options:

A.

Anamoly-based detection

B.

Signature-based detection

C.

Policy-based detection

D.

Honey pot detection

Question 49

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to send malicious data packets in such a manner that one packet fragment overlaps data from a previous fragment so that he can perform IDS evasion on the We-are-secure server and execute malicious data. Which of the following tools can he use to accomplish the task?

Options:

A.

Hunt

B.

Mendax

C.

Alchemy Remote Executor

D.

Ettercap

Question 50

When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known as __________.

Options:

A.

True negative

B.

False negative

C.

False positive

D.

True positive

Question 51

Which of the following tools can be used as a Linux vulnerability scanner that is capable of identifying operating systems and network services?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Cheops-ng

B.

Fport

C.

Elsave

D.

Cheops

Question 52

Which of the following can provide security against man-in-the-middle attack?

Options:

A.

Anti-virus programs

B.

Strong data encryption during travel

C.

Strong authentication method

D.

Firewall

Question 53

You work as a Network Administrator for Tech Perfect Inc. The company has a wireless LAN infrastructure. The management wants to prevent unauthorized network access to local area networks and other information assets by the wireless devices. What will you do?

Options:

A.

Implement a dynamic NAT.

B.

Implement a firewall.

C.

Implement an ACL.

D.

Implement a WIPS.

Question 54

Which of the following programs can be used to detect stealth port scans performed by a malicious hacker?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

portsentry

B.

nmap

C.

libnids

D.

scanlogd

Question 55

Which of the following vulnerability scanners detects vulnerabilities by actually performing attacks?

Options:

A.

Network enumerator

B.

Computer worm

C.

Port scanner

D.

Web application security scanner

Question 56

Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through the filter?

Options:

A.

Stateful packet filter firewall

B.

Stateless packet filter firewall

C.

Virtual firewall

D.

PIX firewall

Question 57

Distributed Checksum Clearinghouse (DCC) is a hash sharing method of spam email detection.

Which of the following protocols does the DCC use?

Options:

A.

ICMP

B.

TELNET

C.

UDP

D.

TCP

Question 58

Which of the following can be configured so that when an alarm is activated, all doors lock and the suspect or intruder is caught between the doors in the dead-space?

Options:

A.

Biometric device

B.

Man trap

C.

Host Intrusion Detection System (HIDS)

D.

Network Intrusion Detection System (NIDS)

Load More GCFW Questions
Demo: 58 questions
Total 391 questions
Get GCFW Full Access Download GCFW PDF