New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > GIAC > GIAC Certification > GCFW

GCFW GIAC Certified Firewall Analyst Question and Answers

Question # 4

Which of the following wireless security features provides the best wireless security mechanism?

A.

WPA with 802.1X authentication

B.

WPA with Pre Shared Key

C.

WEP

D.

WPA

Full Access
Question # 5

You are the Network Administrator for a college. Wireless access is widely used at the college. You want the most secure wireless connections you can have. Which of the following would you use?

A.

WEP2

B.

WPA

C.

WPA2

D.

WEP

Full Access
Question # 6

WinDump, tcpdump, and Wireshark specify which fields of information libpcap should record.

Which of the following filters do they use in order to accomplish the task?

A.

Berkeley Packet Filter

B.

IM filter

C.

Web filter

D.

FIR filter

Full Access
Question # 7

Which of the following statements about a host-based intrusion prevention system (HIPS) are true?

Each correct answer represents a complete solution. Choose two.

A.

It can handle encrypted and unencrypted traffic equally.

B.

It cannot detect events scattered over the network.

C.

It can detect events scattered over the network.

D.

It is a technique that allows multiple computers to share one or more IP addresses.

Full Access
Question # 8

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. A Cisco switch is configured on the network. You change the original host name of the switch through the hostname command. The prompt displays the changed host name. After some time, power of the switch went off due to some reason. When power restored, you find that the prompt is displaying the old host name. What is the most likely cause?

A.

The changes were saved in running-config file.

B.

The startup-config file got corrupted.

C.

The running-config file got corrupted.

D.

Host name cannot be changed permanently once switch is configured.

Full Access
Question # 9

Which of the following intrusion detection systems (IDS) monitors network traffic and compares it against an established baseline?

A.

Network-based

B.

File-based

C.

Signature-based

D.

Anomaly-based

Full Access
Question # 10

Adam works as a professional Computer Hacking Forensic Investigator, a project has been assigned to him to investigate and examine files present on suspect's computer. Adam uses a tool with the help of which he can examine recovered deleted files, fragmented files, and other corrupted data. He can also examine the data, which was captured from the network, and access the physical RAM, and any processes running in virtual memory with the help of this tool. Which of the following tools is Adam using?

A.

Evidor

B.

WinHex

C.

Vedit

D.

HxD

Full Access
Question # 11

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to send malicious data packets in such a manner that one packet fragment overlaps data from a previous fragment so that he can perform IDS evasion on the We-are-secure server and execute malicious data. Which of the following tools can he use to accomplish the task?

A.

Hunt

B.

Ettercap

C.

Alchemy Remote Executor

D.

Mendax

Full Access
Question # 12

Which of the following well-known ports is used by BOOTP?

A.

UDP 69

B.

TCP 161

C.

TCP 21

D.

UDP 67

Full Access
Question # 13

Which of the following are the countermeasures against a man-in-the-middle attack?

Each correct answer represents a complete solution. Choose all that apply.

A.

Using Secret keys for authentication.

B.

Using public key infrastructure authentication.

C.

Using Off-channel verification.

D.

Using basic authentication.

Full Access
Question # 14

Adam works as a professional Computer Hacking Forensic Investigator. He works with the local police.

A project has been assigned to him to investigate an iPod, which was seized from a student of the high school. It is suspected that the explicit child pornography contents are stored in the iPod. Adam wants to investigate the iPod extensively. Which of the following operating systems will Adam use to carry out his investigations in more extensive and elaborate manner?

A.

Mac OS

B.

Linux

C.

Windows XP

D.

MINIX 3

Full Access
Question # 15

Adam has installed and configured his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Adam notices that when he uses his wireless connection, the speed is sometimes 16 Mbps and sometimes it is only 8 Mbps or less. Adam connects to the management utility wireless router and finds out that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has the same MAC address as his laptop.

Which of the following attacks has been occurred on the wireless network of Adam?

A.

DNS cache poisoning

B.

ARP spoofing

C.

MAC spoofing

D.

NAT spoofing

Full Access
Question # 16

You work as a Firewall Analyst in the Tech Perfect Inc. The company has a Linux-based environment. You have installed and configured netfilter/iptables on all computer systems. What are the main features of netfilter/iptables?

Each correct answer represents a complete solution. Choose all that apply.

A.

It includes many plug-ins or modules in 'patch-o-matic' repository

B.

It includes a number of layers of API's for third party extensions

C.

It offers stateless and stateful packet filtering with both IPv4 and IPv6 addressing schemes

D.

It provides network address and port address translations with both IPv4 and IPv6 addressing schemes

Full Access
Question # 17

Adam works as a Security administrator for Umbrella Inc. He runs the following traceroute and notices that hops 19 and 20 both show the same IP address.

1 172.16.1.254 (172.16.1.254) 0.724 ms 3.285 ms 0.613 ms 2 ip68-98-176-

1.nv.nv.cox.net (68.98.176.1) 12.169 ms 14.958 ms 13.416 ms 3 ip68-98-176-

1.nv.nv.cox.net (68.98.176.1) 13.948 ms ip68-100-0-1.nv.nv. cox.net (68.100.0.1)

16.743 ms 16.207 ms 4 ip68-100-0-137.nv.nv.cox.net (68.100.0.137) 17.324 ms 13.933

ms 20.938 ms 5 68.1.1.4 (68.1.1.4) 12.439 ms 220.166 ms 204.170 ms

6 so-6-0-0.gar2.wdc1.Level3.net (67.29.170.1) 16.177 ms 25.943 ms 14.104 ms 7

unknown.Level3.net (209.247.9.173) 14.227 ms 17.553 ms 15.415 ms "PassGuide" -

8 so-0-1-0.bbr1.NewYork1.level3.net (64.159.1.41) 17.063 ms 20.960 ms 19.512 ms 9

so-7-0-0.gar1. NewYork1.Level3.net (64.159.1.182) 20.334 ms 19.440 ms 17.938 ms

10 so-4-0-0.edge1.NewYork1.Level3.

net (209.244.17.74) 27.526 ms 18.317 ms 21.202 ms 11 uunet-level3-

oc48.NewYork1.Level3.net

(209.244.160.12) 21.411 ms 19.133 ms 18.830 ms 12 0.so-6-0-0.XL1.NYC4.ALTER.NET

(152.63.21.78)

21.203 ms 22.670 ms 20.111 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153)

30.929 ms 24.858 ms

23.108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 37.894 ms 33.244 ms

33.910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms

49.466 ms 16 0.so-3-0-0.XR1.MIA4.ALTER.

NET (152.63.101.41) 50.937 ms 49.005 ms 51.055 ms 17 117.ATM6-

0.GW5.MIA1.ALTER.NET (152.63.82.73) 51.897 ms 50.280 ms 53.647 ms 18 PassGuidegw1.

customer.alter.net (65.195.239.14) 51.921 ms 51.571 ms 56.855 ms 19

www.PassGuide.com (65.195.239.22) 52.191 ms 52.571 ms 56.855 ms 20

www.PassGuide.com (65.195.239.22) 53.561 ms 54.121 ms 58.333 ms

Which of the following is the most like cause of this issue?

A.

A stateful inspection firewall

B.

An application firewall

C.

Network Intrusion system

D.

Intrusion Detection System

Full Access
Question # 18

Which of the following protocols is used with a tunneling protocol to provide security?

A.

EAP

B.

FTP

C.

IPX/SPX

D.

IPSec

Full Access
Question # 19

Sam works as a Network Administrator for Gentech Inc. He has been assigned a project to develop the rules that define the IDP policy in the rulebase. Which of the following will he define as the components of the IDP policy rule?

Each correct answer represents a complete solution. Choose all that apply.

A.

IDP Profiler

B.

IDP rule IP actions

C.

IDP appliance deployment mode

D.

IDP rule notifications

Full Access
Question # 20

In which of the following attacks does an attacker change the MAC address on the sniffer to one that is the same in another system on the local subnet?

A.

ARP spoofing

B.

MAC flooding

C.

IP spoofing

D.

MAC duplicating

Full Access
Question # 21

In which of the following IDS evasion attacks does an attacker send a data packet such that IDS accepts the data packet but the host computer rejects it?

A.

Fragmentation overwrite attack

B.

Insertion attack

C.

Fragmentation overlap attack

D.

Evasion attack

Full Access
Question # 22

Which of the following is used for debugging the network setup itself by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem?

A.

iptables

B.

WinPcap

C.

tcpdump

D.

Netfilter

Full Access
Question # 23

Which of the following is used to implement a procedure to control inbound and outbound traffic on a network?

A.

Cookies

B.

Sam Spade

C.

ACL

D.

NIDS

Full Access
Question # 24

In which of the following steps of firewall log analysis process is aggregation for nodes defined?

A.

View transformation

B.

Assess available data

C.

Visual transformation

D.

Process information

Full Access
Question # 25

In which of the following IDS evasion attacks does an attacker send a data packet such that IDS accepts the data packet but the host computer rejects it?

A.

Fragmentation overwrite attack

B.

Evasion attack

C.

Insertion attack

D.

Fragmentation overlap attack

Full Access
Question # 26

You work as a Network Architect for Tech Perfect Inc. The company has a TCP/IP based network. You have established a remote-access VPN network between mobile users and the company's network. You want to implement the following features in the remote-access VPN network:

l Provide security for the web traffic.

l Browser clients can support the VPN connection to a host.

Which of the following will you configure to implement the given features in the network?

A.

IPsec

B.

SSL

C.

DACL

D.

SSH

Full Access
Question # 27

Which of the following are packet filtering tools for the Linux operating system?

Each correct answer represents a complete solution. Choose all that apply.

A.

Zone Alarm

B.

BlackICE

C.

IPFilter

D.

IPTables

Full Access
Question # 28

Which of the following files is a Cisco IOS configuration files that resides in RAM?

A.

running-config

B.

startup-config

C.

temp-config

D.

ram-config

Full Access
Question # 29

Which of the following libraries does TShark use to capture traffic from the first available network interface?

A.

dcap

B.

scap

C.

bcap

D.

pcap

Full Access
Question # 30

The stateful firewalls combine the significant flows into conversations. Which of the following properties is used to classify a flow?

Each correct answer represents a part of the solution. Choose all that apply.

A.

Destination address

B.

Source port

C.

Protocol

D.

Destination port

E.

Source address

Full Access
Question # 31

Which of the following techniques correlates information found on multiple hard drives?

A.

Cross-drive analysis

B.

Data analysis

C.

Live analysis

D.

Gap analysis

Full Access
Question # 32

The general form of the Cisco IOS is a.b.c.de. Which of the following indicates the major version number of the Cisco IOS?

A.

b

B.

e

C.

d

D.

a

Full Access
Question # 33

Which of the following steps are generally followed in computer forensic examinations?

Each correct answer represents a complete solution. Choose three.

A.

Authenticate

B.

Acquire

C.

Encrypt

D.

Analyze

Full Access
Question # 34

Sam works as a Security Manager for GenTech Inc. He has been assigned a project to detect reconnoitering activities. For this purpose, he has deployed a system in the network that attractsthe attention of an attacker. Which of the following rulebases will he use to accomplish the task?

A.

Network Honeypot rulebase

B.

Exempt rulebase

C.

Backdoor rulebase

D.

SYN Protector rulebase

Full Access
Question # 35

You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP network. You have been assigned a task to configure a stateful packet filtering firewall to secure the network of the company. You are encountering some problems while configuring the stateful packet filtering firewall. Which of the following can be the reasons for your problems?

Each correct answer represents a complete solution. Choose all that apply.

A.

It contains additional overhead of maintaining a state table.

B.

It has to open up a large range of ports to allow communication.

C.

It is complex to configure.

D.

It has limited logging capabilities.

Full Access
Question # 36

You work as a Network Administrator for Tech Perfect Inc. You are required to verify security policies configured in the company's networks. Which of the following applications will you use to accomplish the task?

A.

Network enumerator

B.

Web application security scanner

C.

Computer worm

D.

Port scanner

Full Access
Question # 37

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to send malicious data packets in such a manner that one packet fragment overlaps data from a previous fragment so that he can perform IDS evasion on the We-are-secure server and execute malicious data. Which of the following tools can he use to accomplish the task?

A.

Hunt

B.

Mendax

C.

Alchemy Remote Executor

D.

Ettercap

Full Access
Question # 38

You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to investigate e-mail information of an employee of the company. The suspected employee is using an online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer will you review to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

A.

Cookies folder

B.

Temporary Internet Folder

C.

Download folder

D.

History folder

Full Access
Question # 39

Which of the following command-line utilities is used to show the state of current TCP/IP connections?

A.

PING

B.

NSLOOKUP

C.

NETSTAT

D.

TRACERT

Full Access
Question # 40

When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known as __________.

A.

True positive

B.

False positive

C.

True negative

D.

False negative

Full Access
Question # 41

Which of the following programs can be used to detect stealth port scans performed by a malicious hacker?

Each correct answer represents a complete solution. Choose all that apply.

A.

portsentry

B.

libnids

C.

nmap

D.

scanlogd

Full Access
Question # 42

Which of the following number ranges is used for the IPX Standard ACL?

A.

800-899

B.

1000-1099

C.

900-999

D.

1200-1299

Full Access
Question # 43

Choose the best explanation for the resulting error when entering the command below.

A.

The command is attempting to create a standard access list with extended access list param eters.

B.

The ACL commands should be entered from the (config-router) configuration mode.

C.

The wildcard mask is not provided for the source and destination addresses.

D.

The port number given does not correspond with the proper transport protocol.

Full Access
Question # 44

Which of the following technologies is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet?

A.

Packet filtering

B.

Firewall

C.

Demilitarized zone (DMZ)

D.

Intrusion detection system (IDS)

Full Access
Question # 45

Which of the following is used for debugging the network setup itself by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem?

A.

WinPcap

B.

Netfilter

C.

tcpdump

D.

iptables

Full Access
Question # 46

Which of the following IPv4 fields become obsolete while removing the hop-by-hop segmentation (fragmentation) procedure from the IP header?

Each correct answer represents a part of the solution. Choose three.

A.

Datagram Identification Number field

B.

Fragment Offset field

C.

Datagram Length field

D.

Flags field

Full Access
Question # 47

Which of the following tools allows an attacker to intentionally craft the packets to gain unauthorized access?

Each correct answer represents a complete solution. Choose two.

A.

Tcpdump

B.

Ettercap

C.

Fragroute

D.

Mendax

Full Access
Question # 48

Which of the following can provide security against man-in-the-middle attack?

A.

Firewall

B.

Strong authentication method

C.

Strong data encryption during travel

D.

Anti-virus programs

Full Access
Question # 49

John works as a Security Manager for Gentech Inc. He uses an IDP engine to detect the type of interactive traffic produced during an attack in which the attacker wants to install the mechanism on a host system that facilitates the unauthorized access and breaks the system confidentiality.

Which of the following rulebases will he use to accomplish the task?

A.

Backdoor rulebase

B.

Traffic Anomalies rulebase

C.

Exempt rulebase

D.

SYN Protector rulebase

Full Access
Question # 50

Which of the following is the default port for POP3?

A.

25

B.

21

C.

80

D.

110

Full Access
Question # 51

Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer and logs activities of the network that is matched with the predefined signatures?

A.

KisMAC

B.

Dsniff

C.

Snort

D.

Kismet

Full Access
Question # 52

You are configuring a public access wireless connection. Which of the following is the best way to secure this connection?

A.

Not broadcasting SSID

B.

Using WPA encryption

C.

Implementing anti virus

D.

Using MAC filtering

Full Access
Question # 53

In which of the following IDS evasion techniques does an attacker deliver data in multiple small sized packets, which makes it very difficult for an IDS to detect the attack signatures of such attacks?

A.

Fragmentation overwrite

B.

Fragmentation overlap

C.

Insertion

D.

Session splicing

Full Access
Question # 54

You work as a Network Administrator for NetTech Inc. You want to prevent your network from Ping flood attacks. Which of the following protocols will you block to accomplish this task?

A.

IP

B.

PPP

C.

ICMP

D.

FTP

Full Access
Question # 55

Sandra, a novice computer user, works on Windows environment. She experiences some problem regarding bad sectors formed in a hard disk of her computer. She wants to run CHKDSK command to check the hard disk for bad sectors and to fix the errors, if any, occurred. Which of the following switches will she use with CHKDSK command to accomplish the task?

A.

CHKDSK /R /F

B.

CHKDSK /C /L

C.

CHKDSK /V /X

D.

CHKDSK /I

Full Access
Question # 56

Which of the following vulnerability scanners is used to test Web servers for dangerous files/CGIs, outdated server software, and other problems?

A.

Nikto

B.

Hackbot

C.

Nmap

D.

Nessus

Full Access
Question # 57

Which of the following proxy servers is placed anonymously between the client and remote server and handles all of the traffic from the client?

A.

Web proxy server

B.

Open proxy server

C.

Forced proxy server

D.

Caching proxy server

Full Access
Question # 58

Fill in the blank with appropriate address translation type.

A______ performs translation of one IP address to a different one automatically. It requires manually defining two sets of addresses on the address translation device (probably a router). One set defines which inside addresses are allowed to be translated, and the other defines what these addresses are to be translated to.

Full Access