← Back to exam page

GCFW GIAC Certified Firewall Analyst

Loading demo links...

Showing 4–6 of 15 questions

Question 4 (Volume A)

Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP spoofing may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether. The principle of ARP spoofing is to send fake ARP messages to an Ethernet LAN.

What steps can be used as a countermeasure of ARP spoofing?

Each correct answer represents a complete solution. Choose all that apply.

Select all that apply, then click Submit answer.

  • Using ARP Guard utility

  • Using smash guard utility

  • Using static ARP entries on servers, workstation and routers

  • Using ARP watch utility

  • Using IDS Sensors to check continually for large amount of ARP traffic on local subnets


Question 5 (Volume B)

Rick works as the Security Manager for TechPerfect Inc. He wants to continue the evaluation of rules according to the ordered list to identify matches even if a match is found. Which of the following rulebases will he use to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

Select all that apply, then click Submit answer.

  • IDP rulebase

  • Backdoor rulebase

  • Terminal rulebase

  • Nonterminal rulebase


Question 6 (Volume B)

The simplest form of a firewall is a packet filtering firewall. A packet filtering firewall filters packets at the Network layer and Transport layer. What are the types of information that are filtered at the Network layer of the OSI reference model?

Each correct answer represents a complete solution. Choose all that apply.

Select all that apply, then click Submit answer.

  • TCP/IP protocols

  • TCP control flags

  • IP addresses

  • TCP and UDP port numbers