Summer Sale Coupon - 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sbfdisc

GCFW PDF

$44

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

GCFW PDF + Testing Engine

$70.4

$175.99

3 Months Free Update

  • Exam Name: GIAC Certified Firewall Analyst
  • Last Update: Apr 17, 2024
  • Questions and Answers: 391
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

GCFW Engine

$52.8

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

GCFW Practice Exam Questions with Answers GIAC Certified Firewall Analyst Certification

Question # 6

Which of the following attacks can be mitigated by providing proper training to the employees in an organization?

A.

Social engineering

B.

Smurf

C.

Man-in-the-middle

D.

Denial-of-Service

Full Access
Question # 7

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate computer of an unfaithful employee of SecureEnet Inc. Suspect's computer runs on Windows operating system. Which of the following sources will Adam investigate on a Windows host to collect the electronic evidences?

Each correct answer represents a complete solution. Choose all that apply.

A.

Allocated cluster

B.

Swap files

C.

Unused and hidden partition

D.

Slack spaces

Full Access
Question # 8

The promiscuous mode is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just packets addressed to it. Which of the following tools works by placing the host system network card into the promiscuous mode?

A.

Snort

B.

THC-Scan

C.

Sniffer

D.

NetStumbler

Full Access
Question # 9

Which of the following Linux file systems is a journaled file system?

A.

ext3

B.

ext2

C.

ext

D.

ext4

Full Access
Question # 10

Which of the following statements about Access control list (ACL) is true?

Each correct answer represents a complete solution. Choose three.

A.

Extended IP Access Control List permits or denies packets only from a specific source IP addresses.

B.

Standard IP Access Control List permits or denies packets only from specific source IP addr esses.

C.

Standard IP Access Control List can be used to permit or deny traffic from a specific source IP addresses or for a specific destination IP address, and port.

D.

Extended IP Access Control List permits or denies traffic from a specific source IP addresses or for a specific destination IP address, and port.

E.

Access control list filters packets or network traffic by controlling whether routed packets are forwarded or blocked at the router's interfaces.

Full Access
Question # 11

Which of the following are open-source vulnerability scanners?

A.

Nikto

B.

Hackbot

C.

NetRecon

D.

Nessus

Full Access
Question # 12

Which of the following is a version of netcat with integrated transport encryption capabilities?

A.

Nikto

B.

Encat

C.

Cryptcat

D.

Socat

Full Access
Question # 13

Which of the following responsibilities does not come under the audit process?

Each correct answer represents a complete solution. Choose all that apply.

A.

Reporting all facts and circumstances of the irregular and illegal acts.

B.

Reviewing the results of the audit procedures.

C.

Planning the IT audit engagement based on the assessed level of risk.

D.

Applying security policies.

Full Access
Question # 14

Which of the following tools is used to detect spam email without checking the content?

A.

Sniffer

B.

DCC

C.

EtherApe

D.

Kismet

Full Access
Question # 15

Which of the following devices are used to implement Network Address Translation (NAT)?

A.

Routers and firewalls

B.

Firewalls and file servers

C.

Switches and firewalls

D.

Routers and switches

Full Access
Question # 16

What is the function of baseline audit?

A.

Packet sniffing

B.

Data capturing

C.

Packet filtering

D.

ARP spoofing

Full Access
Question # 17

You work as a Network Security Administrator for NetPerfect Inc. The company has a Windowsbased network. You are incharge of the data and network security of the company. While performing a threat log analysis, you observe that one of the database administrators is pilfering confidential data. What type of threat is this?

A.

Zombie

B.

Internal threat

C.

External threat

D.

Malware

Full Access
Question # 18

Which of the following is used for debugging the network setup itself by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem?

A.

iptables

B.

WinPcap

C.

tcpdump

D.

Netfilter

Full Access
Question # 19

Which of the following tools detects certain types of packet filters and NAT setups?

A.

TShark

B.

Vulnerability scanner

C.

Wireshark

D.

Passive OS fingerprinting

Full Access
Question # 20

When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known as __________.

A.

True negative

B.

False negative

C.

False positive

D.

True positive

Full Access
Question # 21

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to send malicious data packets in such a manner that one packet fragment overlaps data from a previous fragment so that he can perform IDS evasion on the We-are-secure server and execute malicious data. Which of the following tools can he use to accomplish the task?

A.

Hunt

B.

Mendax

C.

Alchemy Remote Executor

D.

Ettercap

Full Access
Question # 22

Which of the following configuration schemes in IPv6 allows a client to automatically configure its own IP address with or without IPv6 routers?

A.

Stateless configuration

B.

Stateful configuration

C.

Stateful autoconfiguration

D.

Stateless autoconfiguration

Full Access
Question # 23

Sam works as a Security Manager for GenTech Inc. He has been assigned a project to detect reconnoitering activities. For this purpose, he has deployed a system in the network that attracts the attention of an attacker. Which of the following rulebases will he use to accomplish the task?

A.

Backdoor rulebase

B.

Exempt rulebase

C.

Network Honeypot rulebase

D.

SYN Protector rulebase

Full Access
Question # 24

Which of the following programs can be used to detect stealth port scans performed by a malicious hacker?

Each correct answer represents a complete solution. Choose all that apply.

A.

portsentry

B.

nmap

C.

libnids

D.

scanlogd

Full Access
Question # 25

Which of the following devices works as a transparent bridge between the wireless clients and the wired network?

A.

Access point

B.

Hub

C.

Switch

D.

Wireless router

Full Access
Question # 26

Which of the following is a hardware/software platform that is designed to analyze, detect and report on security related events. NIPS is designed to inspect traffic and based on its configuration or security policy, it can drop the malicious traffic?

A.

NIPS

B.

HIPS

C.

NIDS

D.

HIDS

Full Access
Question # 27

You work as a Network Administrator for Tech Perfect Inc. You are required to verify security policies configured in the company's networks. Which of the following applications will you use to accomplish the task?

A.

Network enumerator

B.

Web application security scanner

C.

Computer worm

D.

Port scanner

Full Access
Question # 28

Which of the following applications cannot proactively detect anomalies related to a computer?

A.

NIDS

B.

Anti-virus scanner

C.

Firewall installed on the computer

D.

HIDS

Full Access
Question # 29

As a professional hacker, you want to crack the security of secureserver.com. For this, in the information gathering step, you performed scanning with the help of nmap utility to retrieve as many different protocols as possible being used by the secureserver.com so that you could get the accurate knowledge about what services were being used by the secure server.com. Which of the following nmap switches have you used to accomplish the task?

A.

nmap -sT

B.

nmap -vO

C.

nmap -sS

D.

nmap –sO

Full Access
Question # 30

Which of the following statements about a host-based intrusion prevention system (HIPS) are true?

Each correct answer represents a complete solution. Choose two.

A.

It can handle encrypted and unencrypted traffic equally.

B.

It cannot detect events scattered over the network.

C.

It can detect events scattered over the network.

D.

It is a technique that allows multiple computers to share one or more IP addresses.

Full Access
Question # 31

Which of the following terms is used to represent IPv6 addresses?

A.

Colon-dot

B.

Hexadecimal-dot notation

C.

Colon-hexadecimal

D.

Dot notation

Full Access
Question # 32

Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment within the work place. Peter started with the definition and types of sexual harassment. He then wants to convey that it is important that records of the sexual harassment incidents should be maintained, which helps in further legal prosecution. Which of the following data should be recorded in this documentation?

Each correct answer represents a complete solution. Choose all that apply.

A.

Names of the victims

B.

Location of each incident

C.

Date and time of incident

D.

Nature of harassment

Full Access
Question # 33

Which of the following attacks sends false ICMP packets in an attempt to cripple a system using random fake Internet source addresses?

A.

Land attack

B.

SYN attack

C.

Replay attack

D.

Twinge attack

Full Access
Question # 34

You work as a Security Manger for Tech Perfect Inc. The company has a Windows-based network.

You want to scroll real-time network traffic to a command console in a readable format. Which of the following command line utilities will you use to accomplish the task?

A.

WinPcap

B.

WinDump

C.

iptables

D.

libpcap

Full Access
Question # 35

Which of the following Intrusion Detection Systems (IDS) is used to monitor rogue access points and the use of wireless attack tools?

A.

LogIDS 1.0

B.

WIDS

C.

Snort 2.1.0

D.

NFR security

Full Access
Question # 36

Which of the following is a maintenance protocol that permits routers and host computers to swap basic control information when data is sent from one computer to another?

A.

ICMP

B.

SNMP

C.

IGMP

D.

BGP

Full Access
Question # 37

Which of the following can be monitored by using the host intrusion detection system (HIDS)?

Each correct answer represents a complete solution. Choose two.

A.

Computer performance

B.

File system integrity

C.

Storage space on computers

D.

System files

Full Access
Question # 38

When client data is encapsulated into an LWAPP header, the wireless LAN controller improves the coverage areas. Which information does the wireless LAN controller check?

Each correct answer represents a part of the solution. Choose two.

A.

CCA

B.

SNR

C.

WCS

D.

RSSI

Full Access
Question # 39

Which of the following parts of IP header is used to specify the correct place of the fragment in the original un-fragmented datagram?

A.

Fragment offset

B.

Source address

C.

TTL

D.

Fragment ID

Full Access
Question # 40

A scenario involves a pool of users with private IP addresses who need to access the Internet; however, the company has a limited number of IP addresses and needs to ensure users occupy only one public IP address.

Which technology is used to allow a pool of users to share one global IP address for Internet access?

A.

Port Address Translation

B.

Per-user Address Translation

C.

Pool Address Translation

D.

Private Address Translation

Full Access
Question # 41

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based routed network. Two routers have been configured on the network. A router receives a packet. Which of the following actions will the router take to route the incoming packet?

Each correct answer represents a part of the solution. Choose two.

A.

Use the routing table to determine the best path to the destination network address.

B.

Read the destination IP address.

C.

Add the path covered by the packet to the routing table.

D.

Read the source IP address.

E.

Use the routing table to determine the best path to the source network address.

Full Access
Question # 42

Which of the following tools performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs?

A.

Nikto

B.

Sniffer

C.

Snort

D.

Dsniff

Full Access
Question # 43

Choose the best explanation for the resulting error when entering the command below.

GCFW question answer

A.

The command is attempting to create a standard access list with extended access list param eters.

B.

The ACL commands should be entered from the (config-router) configuration mode.

C.

The wildcard mask is not provided for the source and destination addresses.

D.

The port number given does not correspond with the proper transport protocol.

Full Access
Question # 44

Which of the following are the reasons that network administrators use Access Control Lists?

Each correct answer represents a complete solution. Choose two.

A.

Encrypting data to be routed

B.

Removing weak user password

C.

Controlling VTY access into a router

D.

Filtering traffic as it passes through a router

Full Access
Question # 45

You work as a Network Administrator for BlueTech Inc. You want to configure Snort as an IDS for your company's wireless network, but you are concerned that Snort does not support all types of traffic. What traffic does Snort support?

Each correct answer represents a complete solution. Choose all that apply.

A.

UDP

B.

TCP

C.

IP

D.

ICMP

Full Access
Question # 46

Sam works as a Network Administrator for Gentech Inc. He has been assigned a project to develop the rules that define the IDP policy in the rulebase. Which of the following will he define as the components of the IDP policy rule?

Each correct answer represents a complete solution. Choose all that apply.

A.

IDP Profiler

B.

IDP rule IP actions

C.

IDP appliance deployment mode

D.

IDP rule notifications

Full Access
Question # 47

You are implementing passive OS fingerprinting in a network. Which of the following aspects are required to be configured there?

Each correct answer represents a part of the solution. Choose all that apply.

A.

Edit signature vulnerable OS lists.

B.

Limit the attack relevance rating calculation to a specific IP address range.

C.

Define event action rules filters using the OS relevancy value of the target.

D.

Enable passive analysis.

E.

Define and import OS mappings.

Full Access
Question # 48

You are configuring a public access wireless connection. Which of the following is the best way to secure this connection?

A.

Not broadcasting SSID

B.

Using WPA encryption

C.

Implementing anti virus

D.

Using MAC filtering

Full Access
Question # 49

Which of the following algorithms is used as a default algorithm for ESP extension header in IPv6?

A.

Electronic Codebook (ECB) Mode

B.

Cipher Block Chaining (CBC) Mode

C.

Propagating Cipher Block Chaining (PCBC) Mode

D.

Cipher Feedback (CFB) Mode

Full Access
Question # 50

Which of the following commands configures a router to encrypt all passwords entered after the command has been executed, as well as all passwords already on the running configuration?

A.

no service password-encryption

B.

enable password-encryption

C.

no enable password-encryption

D.

service password-encryption

Full Access
Question # 51

You work as a technician for Net Perfect Inc. You are troubleshooting a connectivity issue on a network. You are using the ping command to verify the connectivity between two hosts. You want ping to send larger sized packets than the usual 32-byte ones. Which of the following commands will you use?

A.

ping -l

B.

ping -t

C.

ping -a

D.

ping -4

Full Access
Question # 52

Which of the following statements about the traceroute utility are true?

Each correct answer represents a complete solution. Choose all that apply.

A.

It generates a buffer overflow exploit by transforming an attack shell code so that the new attack shell code cannot be recognized by any Intrusion Detection Systems.

B.

It uses ICMP echo packets to display the Fully Qualified Domain Name (FQDN) and the IP address of each gateway along the route to the remote host.

C.

It records the time taken for a round trip for each packet at each router.

D.

It is an online tool that performs polymorphic shell code attacks.

Full Access
Question # 53

Which of the following types of Intrusion Detection Systems consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state?

A.

HIDS

B.

NIDS

C.

APIDS

D.

PIDS

Full Access
Question # 54

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.

A firewall has been configured on the network. You configure a filter on the router. You verify that SMTP operations have stopped after the recent configuration. Which of the following ports will you have to open on the router to resolve the issue?

A.

25

B.

80

C.

20

D.

21

Full Access
Question # 55

Which of the following are open-source vulnerability scanners?

A.

NetRecon

B.

Hackbot

C.

Nessus

D.

Nikto

Full Access
Question # 56

John works as the Security Manager for PassGuide Inc. He wants to create the Profiler database that stores information about the network activity at Layer 3, Layer 4, and Layer 7. Which of the following will he use to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

A.

Ignore connection

B.

Session creation

C.

Protocol contexts

D.

Session teardown

Full Access
Question # 57

You have to ensure that your Cisco Router is only accessible via telnet and ssh from the following hosts and subnets:

10.10.2.103

10.10.0.0/24

Which of the following sets of commands will you use to accomplish the task?

A.

access-list 10 permit host 10.10.2.103

access-list 10 permit 10.10.0.0 0.0.0.255

access-list 10 deny any

line vty 0 4

access-class 10 in

B.

access-list 10 permit 10.10.2.103

access-list 10 permit 10.10.0.0 0.0.0.255

access-list 10 deny any

line vty 0 4

access-group 10 in

C.

access-list 10 permit host 10.10.2.103

access-list 10 permit 10.10.0.0 0.0.0.255

access-list 10 deny any

line vty 0 4

access-class 10 out

D.

access-list 10 permit host 10.10.2.103

access-list 11 permit host 10.10.0.0 255.255.255.0

access-list 12 deny any

line vty 0 4

access-group 10, 11, 12 in

Full Access
Question # 58

John works as a Security Manager for Gentech Inc. He uses an IDP engine to detect the type of interactive traffic produced during an attack in which the attacker wants to install the mechanism on a host system that facilitates the unauthorized access and breaks the system confidentiality.

Which of the following rulebases will he use to accomplish the task?

A.

Backdoor rulebase

B.

Traffic Anomalies rulebase

C.

Exempt rulebase

D.

SYN Protector rulebase

Full Access