[Free] 2017(Sep) EnsurePass Testinsides GIAC GCFW Dumps with VCE and PDF 11-20

Ensurepass.com : Ensure you pass the IT Exams
2017 Sep GIAC Official New Released GCFW
100% Free Download! 100% Pass Guaranteed!

GIAC Certified Firewall Analyst

Question No: 11 – (Topic 1)

You work as a Security Manger for Tech Perfect Inc. The company has a Windows-based network.

You want to scroll real-time network traffic to a command console in a readable format. Which of the following command line utilities will you use to accomplish the task?

  1. WinPcap

  2. WinDump

  3. iptables

  4. libpcap

Answer: B

Question No: 12 – (Topic 1)

Which of the following is the default port for POP3?

  1. 25

  2. 21

  3. 80

D. 110

Answer: D

Question No: 13 – (Topic 1)

A scenario involves a pool of users with private IP addresses who need to access the Internet; however, the company has a limited number of IP addresses and needs to ensure users occupy only one public IP address.

Which technology is used to allow a pool of users to share one global IP address for Internet access?

  1. Port Address Translation

  2. Per-user Address Translation

  3. Pool Address Translation

  4. Private Address Translation

Answer: A

Question No: 14 – (Topic 1)

Which of the following protocols does IPsec use to perform various security functions in the network?

Each correct answer represents a complete solution. Choose all that apply.

  1. Skinny Client Control Protocol

  2. Authentication Header

  3. Encapsulating Security Payload

  4. Internet Key Exchange

Answer: B,C,D

Question No: 15 – (Topic 1)

Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP spoofing may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether. The principle of ARP spoofing is to send fake ARP messages to an Ethernet LAN.

What steps can be used as a countermeasure of ARP spoofing?

Each correct answer represents a complete solution. Choose all that apply.

  1. Using ARP Guard utility

  2. Using smash guard utility

  3. Using static ARP entries on servers, workstation and routers

  4. Using ARP watch utility

  5. Using IDS Sensors to check continually for large amount of ARP traffic on local subnets

Answer: A,C,D,E

Question No: 16 – (Topic 1)

Which of the following IDs is used to reassemble the fragments of a datagram at the destination point?

  1. IP identification number

  2. SSID

  3. MAK ID

  4. IP address

Answer: A

Question No: 17 – (Topic 1)

You work as a Network Architect for Tech Perfect Inc. The company has a corporate LAN network. You will have to perform the following tasks:

l Limit events that occur from security threats such as viruses, worms, and spyware. l Restrict access to the network based on identity or security posture.

Which of the following services will you deploy in the network to accomplish the tasks?

  1. NetFlow

  2. Protocol-Independent Multicast

  3. Network Admission Control

  4. Firewall Service Module

Answer: C

Question No: 18 – (Topic 1)

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect#39;s computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

  1. Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system

  2. Volatile data, file slack, registry, memory dumps, file system, system state backup, interne t traces

  3. Volatile data, file slack, file system, registry, memory dumps, system state backup, interne t traces

  4. Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps

Answer: C

Question No: 19 – (Topic 1)

Which of the following statements are true about an IDP rule base notification?

  1. It can be defined as reusable logical entities that the user can apply to the rules.

  2. When an action is performed, a notification defines how to log information.

  3. It is used to specify the type of network traffic that has to be monitored for attacks.

  4. It directs an IDP to drop or close the connection.

Answer: B

Question No: 20 – (Topic 1)

John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?

  1. Session splicing attack

  2. Evasion attack

  3. Polymorphic shell code attack

  4. Insertion attack

Answer: C

100% Ensurepass Free Download!
Download Free Demo:GCFW Demo PDF
100% Ensurepass Free Guaranteed!
Download 2017 EnsurePass GCFW Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.