GIAC GCFW - GIAC Certified Firewall Analyst Exam
Page: 2 / 79
Total 391 questions
Question #6 (Topic: Topic 1)
Which of the following intrusion detection systems (IDS) monitors network traffic and
compares it against an established baseline?
compares it against an established baseline?
A. Network-based
B. File-based
C. Signature-based
D. Anomaly-based
Answer: D
Question #7 (Topic: Topic 1)
You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP
network. You have been assigned a task to configure security mechanisms for the network
of the company. You have decided to configure a packet filtering firewall. Which of the
following may be the reasons that made you choose a packet filtering firewall as a security
mechanism?
Each correct answer represents a complete solution. Choose all that apply.
network. You have been assigned a task to configure security mechanisms for the network
of the company. You have decided to configure a packet filtering firewall. Which of the
following may be the reasons that made you choose a packet filtering firewall as a security
mechanism?
Each correct answer represents a complete solution. Choose all that apply.
A. It makes security transparent to end-users which provide easy use of the client application s.
B. It prevents application-layer attacks.
C. It is easy to install packet filtering firewalls in comparison to the other network security sol utions.
D. It easily matches most of the fields in Layer 3 packets and Layer 4 segment headers, and thus, provides a lot of flexibility in implementing security policies.
Answer: A,C,D
Question #8 (Topic: Topic 1)
Which of the following types of Intrusion Detection Systems consists of an agent on a host
that identifies intrusions by analyzing system calls, application logs, file-system
modifications (binaries, password files, capability/acl databases) and other host activities
and state?
that identifies intrusions by analyzing system calls, application logs, file-system
modifications (binaries, password files, capability/acl databases) and other host activities
and state?
A. HIDS
B. NIDS
C. APIDS
D. PIDS
Answer: A
Question #9 (Topic: Topic 1)
A packet filtering firewall inspects each packet passing through the network and accepts or
rejects it based on user-defined rules. Based on which of the following information are
these rules set to filter the packets?
Each correct answer represents a complete solution. Choose all that apply.
rejects it based on user-defined rules. Based on which of the following information are
these rules set to filter the packets?
Each correct answer represents a complete solution. Choose all that apply.
A. Layer 4 protocol information
B. Actual data in the packet
C. Interface of sent or received traffic
D. Source and destination Layer 3 address
Answer: A,C,D
Question #10 (Topic: Topic 1)
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to
him to secure access to the network of the company from all possible entry points. He
segmented the network into several subnets and installed firewalls all over the network. He
has placed very stringent rules on all the firewalls, blocking everything in and out except
the ports that must be used. He does need to have port 80 open since his company hosts a
website that must be accessed from the Internet. Adam is still worried about the programs
like Hping2 that can get into a network through covert channels.
Which of the following is the most effective way to protect the network of the company from
an attacker using Hping2 to scan his internal network?
him to secure access to the network of the company from all possible entry points. He
segmented the network into several subnets and installed firewalls all over the network. He
has placed very stringent rules on all the firewalls, blocking everything in and out except
the ports that must be used. He does need to have port 80 open since his company hosts a
website that must be accessed from the Internet. Adam is still worried about the programs
like Hping2 that can get into a network through covert channels.
Which of the following is the most effective way to protect the network of the company from
an attacker using Hping2 to scan his internal network?
A. Block ICMP type 13 messages
B. Block ICMP type 3 messages
C. Block all outgoing traffic on port 21
D. Block all outgoing traffic on port 53
Answer: A
