Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
GIAC exams GIAC
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
ISEB exams ISEB
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

GIAC GCFW Exam - Cheat-Test.com

Free GCFW Sample Questions:

Q: 1
You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP network. You have been assigned a task to configure a stateful packet filtering firewall to secure the network of the company. You are encountering some problems while configuring the stateful packet filtering firewall. Which of the following can be the reasons for your problems?
Each correct answer represents a complete solution. Choose all that apply.
A. It has limited logging capabilities.
B. It has to open up a large range of ports to allow communication.
C. It is complex to configure.
D. It contains additional overhead of maintaining a state table.
Answer: C, D

Q: 2
At which of the following layers of the Open System Interconnection (OSI) model the Internet Control Message Protocol (ICMP) and the Internet Group Management Protocol (IGMP) work?
A. The Physical layer
B. The Presentation layer
C. The Network layer
D. The Data-Link layer
Answer: C

Q: 3
Which of the following tools can be used as a Linux vulnerability scanner that is capable of identifying operating systems and network services?
Each correct answer represents a complete solution. Choose all that apply.
A. Cheops-ng
B. Fport
C. Cheops
D. Elsave
Answer: A, C

Q: 4
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. You have searched all open ports of the we-are-secure server. Now, you want to perform the next information-gathering step, i.e., passive OS fingerprinting. Which of the following tools can you use to accomplish the task?
A. Nmap
B. NBTscan
C. P0f
D. Superscan
Answer: C

Q: 5
Which of the following forms on NAT maps multiple unregistered IP addresses to a single registered IP address by using different ports?
A. Overloading
B. Dynamic NAT
C. Overclocking
D. Static NAT
Answer: A

Q: 6
Which of the following well-known ports is used by BOOTP?
A. UDP 69
B. TCP 161
C. TCP 21
D. UDP 67
Answer: D

Q: 7
You have just taken over as the Network Administrator for a medium sized company. You want to check to see what services are exposed to the outside world. What tool would you use to accomplish this?
A. Protocol analyzer
B. Network mapper
C. Packet sniffer
D. A port scanner
Answer: D

Q: 8
You work as a Network Administrator for Tech Perfect Inc. The office network is configured as an IPv6 network. You have to configure a computer with the IPv6 address, which is equivalent to an IPv4 publicly routable address. Which of the following types of addresses will you choose?
A. Local-link
B. Global unicast
C. Site-local
D. Loopback
Answer: B

Q: 9
Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer and logs activities of the network that is matched with the predefined signatures?
A. KisMAC
B. Dsniff
C. Snort
D. Kismet
Answer: C, D

Q: 10
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint. Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?
A. nmap -O -p
B. nmap -sT
C. nmap -sU -p
D. nmap -sS
Answer: A

Q: 11
Which of the following firewalls operates at three layers- Layer3, Layer4, and Layer5?
A. Application layer firewall
B. Proxy firewall
C. Dynamic packet-filtering firewall
D. Circuit-level firewall
Answer: C

Q: 12
Which of the following protocols is used by TFTP as a file transfer protocol?
A. TCP
B. SNMP
C. UDP
D. SMTP
Answer: C

Q: 13
Which of the following techniques is used to identify attacks originating from a botnet?
A. BPF-based filter
B. Recipient filtering
C. IFilter
D. Passive OS fingerprinting
Answer: D

Q: 14
You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008- based network. You have created a test domain for testing IPv6 addressing. Which of the following types of addresses are supported by IPv6?
Each correct answer represents a complete solution. Choose all that apply.
A. Multicast
B. Anycast
C. Broadcast
D. Unicast
Answer: A, B, D

Q: 15
You work as a Security Administrator for Tech Perfect Inc. You have implemented and configured a web application security scanner in the company's network. It helps in the automated review of the web applications with the defined purpose of discovering security vulnerabilities. In order to perform this task, the web application security scanner examines a number of vulnerabilities. What are these vulnerabilities?
Each correct answer represents a complete solution. Choose three.
A. Server configuration mistakes/errors/version
B. Specific application problems
C. Input/Output validation
D. Denials of service against the TCP/IP stack
Answer: A, B, C

Q: 16
The simplest form of a firewall is a packet filtering firewall. Typically a router works as a packet-filtering firewall and has the capability to filter on some of the contents of packets. On which of the following layers of the OSI reference model do these routers filter information?
Each correct answer represents a complete solution. Choose all that apply.
A. Data Link layer
B. Transport layer
C. Network layer
D. Physical layer
Answer: B, C

Q: 17
Which of the following are open-source vulnerability scanners?
A. NetRecon
B. Hackbot
C. Nessus
D. Nikto
Answer: B, C, D

Q: 18
You have to ensure that your Cisco Router is only accessible via telnet and ssh from the following hosts and subnets:
10.10.2.103
10.10.0.0/24
Which of the following sets of commands will you use to accomplish the task?
A. access-list 10 permit host 10.10.2.103
access-list 10 permit 10.10.0.0 0.0.0.255
access-list 10 deny any
line vty 0 4
access-class 10 in
B. access-list 10 permit 10.10.2.103
access-list 10 permit 10.10.0.0 0.0.0.255
access-list 10 deny any
line vty 0 4
access-group 10 in
C. access-list 10 permit host 10.10.2.103
access-list 10 permit 10.10.0.0 0.0.0.255
access-list 10 deny any
line vty 0 4
access-class 10 out
D. access-list 10 permit host 10.10.2.103
access-list 11 permit host 10.10.0.0 255.255.255.0
access-list 12 deny any
line vty 0 4
access-group 10, 11, 12 in
Answer: A

Q: 19
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully completed the following steps of the preattack phase:
l Information gathering
l Determining network range
l Identifying active machines
l Finding open ports and applications
l OS fingerprinting
l Fingerprinting services
Now John wants to perform network mapping of the We-are-secure network. Which of the following tools can he use to accomplish his task?
Each correct answer represents a complete solution. Choose all that apply.
A. Ettercap
B. Traceroute
C. NeoTrace
D. Cheops
Answer: B, C, D

Q: 20
Which of the following is a valid IPv6 address?
A. 45CF. 6D53: 12CD. AFC7: E654: BB32: 54AT: FACE
B. 45CF. 6D53: 12KP: AFC7: E654: BB32: 543C. FACE
C. 123.111.243.123
D. 45CF. 6D53: 12CD. AFC7: E654: BB32: 543C. FACE
Answer: D

Q: 21
Which of the following is a chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event?
A. Security audit
B. Corrective controls
C. Audit trail
D. Detective controls
Answer: C

Q: 22
Which of the following terms is used to represent IPv6 addresses?
A. Colon-dot
B. Hexadecimal-dot notation
C. Colon-hexadecimal
D. Dot notation
Answer: C

Q: 23
Which of the following techniques allows probing firewall rule-sets and finding entry points into the targeted system or network?
A. Packet collision
B. Network enumerating
C. Packet crafting
D. Distributed Checksum Clearinghouse
Answer: C

Q: 24
What are the advantages of stateless autoconfigration in IPv6?
Each correct answer represents a part of the solution. Choose three.
A. No server is needed for stateless autoconfigration.
B. No host configuration is necessary.
C. It provides basic authentication to determine which systems can receive configuration data .
D. Ease of use.
Answer: A, B, D

Q: 25
John works as a contract Ethical Hacker. He has recently got a project to do security checking for www.we-are-secure.com. He wants to find out the operating system of the we-are-secure server in the information gathering step. Which of the following commands will he use to accomplish the task?
Each correct answer represents a complete solution. Choose two.
A. nc -v -n 208.100.2.25 80
B. nmap -v -O 208.100.2.25
C. nmap -v -O www.we-are-secure.com
D. nc 208.100.2.25 23
Answer: B, C

Q: 26
Adam works as a Security administrator for Umbrella Inc. He runs the following traceroute and notices that hops 19 and 20 both show the same IP address.
1 172.16.1.254 (172.16.1.254) 0.724 ms 3.285 ms 0.613 ms 2 ip68-98-176-
1.nv.nv.cox.net (68.98.176.1) 12.169 ms 14.958 ms 13.416 ms 3 ip68-98-176-
1.nv.nv.cox.net (68.98.176.1) 13.948 ms ip68-100-0-1.nv.nv. cox.net (68.100.0.1)
16.743 ms 16.207 ms 4 ip68-100-0-137.nv.nv.cox.net (68.100.0.137) 17.324 ms 13.933
ms 20.938 ms 5 68.1.1.4 (68.1.1.4) 12.439 ms 220.166 ms 204.170 ms
6 so-6-0-0.gar2.wdc1.Level3.net (67.29.170.1) 16.177 ms 25.943 ms 14.104 ms 7
unknown.Level3.net (209.247.9.173) 14.227 ms 17.553 ms 15.415 ms "XXYYinc" -
8 so-0-1-0.bbr1.NewYork1.level3.net (64.159.1.41) 17.063 ms 20.960 ms 19.512 ms 9
so-7-0-0.gar1. NewYork1.Level3.net (64.159.1.182) 20.334 ms 19.440 ms 17.938 ms
10 so-4-0-0.edge1.NewYork1.Level3.
net (209.244.17.74) 27.526 ms 18.317 ms 21.202 ms 11 uunet-level3-
oc48.NewYork1.Level3.net
(209.244.160.12) 21.411 ms 19.133 ms 18.830 ms 12 0.so-6-0-0.XL1.NYC4.ALTER.NET
(152.63.21.78)
21.203 ms 22.670 ms 20.111 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153)
30.929 ms 24.858 ms
23.108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 37.894 ms 33.244 ms
33.910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms
49.466 ms 16 0.so-3-0-0.XR1.MIA4.ALTER.
NET (152.63.101.41) 50.937 ms 49.005 ms 51.055 ms 17 117.ATM6-
0.GW5.MIA1.ALTER.NET (152.63.82.73) 51.897 ms 50.280 ms 53.647 ms 18 XXYYincgw1.
customer.alter.net (65.195.239.14) 51.921 ms 51.571 ms 56.855 ms 19
www.XXYYinc.com (65.195.239.22) 52.191 ms 52.571 ms 56.855 ms 20
www.XXYYinc.com (65.195.239.22) 53.561 ms 54.121 ms 58.333 ms
Which of the following is the most like cause of this issue?
A. A stateful inspection firewall
B. An application firewall
C. Network Intrusion system
D. Intrusion Detection System
Answer: A

Q: 27
You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based routed network. Two routers have been configured on the network. A router receives a packet. Which of the following actions will the router take to route the incoming packet?
Each correct answer represents a part of the solution. Choose two.
A. Use the routing table to determine the best path to the destination network address.
B. Read the destination IP address.
C. Add the path covered by the packet to the routing table.
D. Read the source IP address.
E. Use the routing table to determine the best path to the source network address.
Answer: A, B

Q: 28
Which of the following types of firewall functions at the Session layer of OSI model?
A. Switch-level firewall
B. Circuit-level firewall
C. Packet filtering firewall
D. Application-level firewall
Answer: B

Q: 29
Which of the following proxy servers is also referred to as transparent proxies or forced proxies?
A. Reverse proxy server
B. Intercepting proxy server
C. Anonymous proxy server
D. Tunneling proxy server
Answer: B


© 2014 Cheat-Test.com, All Rights Reserved