Cyber Monday Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

GCFW GIAC Certified Firewall Analyst Free Practice Exam Questions (2025 Updated)

Prepare effectively for your GIAC GCFW GIAC Certified Firewall Analyst certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

GIAC GCFW Premium Access     Download Demo    
Page: 3 / 6
Total 391 questions

In which of the following situations does legal and authorized traffic cause an intrusion detection system (IDS) to generate an alert and slow down performance?

Each correct answer represents a complete solution. Choose all that apply.

A.

False alert

B.

False illusion

C.

False generation

D.

False positives

Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer and logs activities of the network that is matched with the predefined signatures?

A.

KisMAC

B.

Dsniff

C.

Snort

D.

Kismet

Which of the following is a valid IPv6 address?

A.

45CF. 6D53: 12CD. AFC7: E654: BB32: 54AT: FACE

B.

45CF. 6D53: 12KP: AFC7: E654: BB32: 543C. FACE

C.

123.111.243.123

D.

45CF. 6D53: 12CD. AFC7: E654: BB32: 543C. FACE

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based routed network. Two routers have been configured on the network. A router receives a packet. Which of the following actions will the router take to route the incoming packet?

Each correct answer represents a part of the solution. Choose two.

A.

Use the routing table to determine the best path to the destination network address.

B.

Read the destination IP address.

C.

Add the path covered by the packet to the routing table.

D.

Read the source IP address.

E.

Use the routing table to determine the best path to the source network address.

Which of the following are the types of intrusion detection systems?

Each correct answer represents a complete solution. Choose all that apply.

A.

Client-based intrusion detection system (CIDS)

B.

Network intrusion detection system (NIDS)

C.

Server-based intrusion detection system (SIDS)

D.

Host-based intrusion detection system (HIDS)

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.

A firewall has been configured on the network. You configure a filter on the router. You verify that SMTP operations have stopped after the recent configuration. Which of the following ports will you have to open on the router to resolve the issue?

A.

25

B.

80

C.

20

D.

21

WinDump, tcpdump, and Wireshark specify which fields of information libpcap should record.

Which of the following filters do they use in order to accomplish the task?

A.

Berkeley Packet Filter

B.

IM filter

C.

Web filter

D.

FIR filter

You work as a Network Architect for Tech Perfect Inc. The company has a corporate LAN network. You will have to perform the following tasks:

l Limit events that occur from security threats such as viruses, worms, and spyware.

l Restrict access to the network based on identity or security posture.

Which of the following services will you deploy in the network to accomplish the tasks?

A.

NetFlow

B.

Protocol-Independent Multicast

C.

Network Admission Control

D.

Firewall Service Module

Which of the following attacks sends false ICMP packets in an attempt to cripple a system using random fake Internet source addresses?

A.

Land attack

B.

SYN attack

C.

Replay attack

D.

Twinge attack

You are implementing a host based intrusion detection system on your web server. You feel that the best way to monitor the web server is to find your baseline of activity (connections, traffic, etc.) and to monitor for conditions above that baseline. This type of IDS is called __________.

A.

Reactive IDS

B.

Signature Based

C.

Passive IDS

D.

Anomaly Based

You work as a Network Administrator for NetTech Inc. You want to prevent your network from Ping flood attacks. Which of the following protocols will you block to accomplish this task?

A.

IP

B.

PPP

C.

ICMP

D.

FTP

Which of the following IDs is used to reassemble the fragments of a datagram at the destination point?

A.

IP identification number

B.

SSID

C.

MAK ID

D.

IP address

Which of the following actions can be taken as the countermeasures against the ARP spoofing attack?

Each correct answer represents a complete solution. Choose all that apply.

A.

Using Private VLANs

B.

Looking for large amount of ARP traffic on local subnets

C.

Placing static ARP entries on servers and routers

D.

Using 8 digit passwords for authentication

What are the advantages of stateless autoconfigration in IPv6?

Each correct answer represents a part of the solution. Choose three.

A.

No server is needed for stateless autoconfiguration.

B.

No host configuration is necessary.

C.

It provides basic authentication to determine which systems can receive configuration data

D.

Ease of use.

You work as a Network Administrator for Tech Perfect Inc. You are required to verify security policies configured in the company's networks. Which of the following applications will you use to accomplish the task?

A.

Network enumerator

B.

Web application security scanner

C.

Computer worm

D.

Port scanner

Which of the following ICMPv6 neighbor discovery messages is sent by hosts to request an immediate router advertisement, instead of waiting for the next scheduled advertisement?

A.

Router Advertisement

B.

Neighbor Advertisement

C.

Router Solicitation

D.

Neighbor Solicitation

You are configuring a public access wireless connection. Which of the following is the best way to secure this connection?

A.

Not broadcasting SSID

B.

Using WPA encryption

C.

Implementing anti virus

D.

Using MAC filtering

In which of the following conditions is the SYN Protector rule base activated in passive mode?

A.

When the number of SYN packets per second is equal to 13,425 (default)

B.

Only when the number of SYN packets per second is equal to the sum of the lower SYNs-persecond threshold and the upper SYNs-per-second threshold

C.

When the number of SYN packets per second is smaller than the sum of the lower SYNs-persecond threshold and the upper SYNs-per-second threshold

D.

When the number of SYN packets per second is greater than the sum of the lower SYNs-persecond threshold and the upper SYNs-per-second threshold

The simplest form of a firewall is a packet filtering firewall. Typically a router works as a packet-filtering firewall and has the capability to filter on some of the contents of packets. On which of the following layers of the OSI reference model do these routers filter information?

Each correct answer represents a complete solution. Choose all that apply.

A.

Data Link layer

B.

Transport layer

C.

Network layer

D.

Physical layer

Which of the following tools is used to detect wireless LANs using the 802.11b, 802.11a, and 802.11g WLAN standards on the Windows platform?

A.

Snort

B.

Cain

C.

NetStumbler

D.

AiroPeek

GIAC GCFW Premium Access     Download Demo    
Page: 3 / 6
Total 391 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved