New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

GIAC Certification GCFW Updated Exam

Page: 11 / 15
Total 391 questions

GIAC Certified Firewall Analyst Questions and Answers

Question 41

Which of the following protocols is used with a tunneling protocol to provide security?

Options:

A.

EAP

B.

FTP

C.

IPX/SPX

D.

IPSec

Question 42

Which of the following tools is described below?

It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.

Options:

A.

Cain

B.

Libnids

C.

Dsniff

D.

LIDS

Question 43

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

Options:

A.

Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system

B.

Volatile data, file slack, registry, memory dumps, file system, system state backup, interne t traces

C.

Volatile data, file slack, file system, registry, memory dumps, system state backup, interne t traces

D.

Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps

Question 44

Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP spoofing may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether. The principle of ARP spoofing is to send fake ARP messages to an Ethernet LAN.

What steps can be used as a countermeasure of ARP spoofing?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Using ARP Guard utility

B.

Using smash guard utility

C.

Using static ARP entries on servers, workstation and routers

D.

Using ARP watch utility

E.

Using IDS Sensors to check continually for large amount of ARP traffic on local subnets

Page: 11 / 15
Total 391 questions