GIAC GPPA GIAC Certified Perimeter Protection Analyst Online Training

Which of the following tools is an open source protocol analyzer that can capture traffic in real time?

Reveal Solution Hide Solution

You are implementing a host based intrusion detection system on your web server. You feel that the best way to monitor the web server is to find your baseline of activity (connections, traffic, etc.) and to monitor for conditions above that baseline.

This type of IDS is called __________.

Reveal Solution Hide Solution

Which of the following are open-source vulnerability scanners? (Choose three.)

Reveal Solution Hide Solution

Suppose you are working as a Security Administrator at ABC Inc. The company has a switched network. You have configured tcpdump in the network which can only see traffic addressed to itself and broadcast traffic.

What will you do when you are required to see all traffic of the network?

Reveal Solution Hide Solution

Which of the following techniques is used to identify attacks originating from a botnet?

Reveal Solution Hide Solution

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.abc.com. You have searched all open ports of the ABC server. Now, you want to perform the next information-gathering step, i.e., passive OS fingerprinting.

Which of the following tools can you use to accomplish the task?

Reveal Solution Hide Solution

Which of the following protocols is used by TFTP as a file transfer protocol?

Reveal Solution Hide Solution

Which of the following steps are generally followed in computer forensic examinations? Each correct answer represents a complete solution. (Choose three.)

Reveal Solution Hide Solution

Which of the following monitors program activities and modifies malicious activities on a system?

Reveal Solution Hide Solution

Which of the following wireless security features provides the best wireless security mechanism?

Reveal Solution Hide Solution

David works as the Security Manager for ABC Inc. He has been assigned a project to detect the attacks over multiple connections and sessions and to count the number of scanned ports in a defined time period.

Which of the following rulebases will he use to accomplish the task?

Reveal Solution Hide Solution

Which of the following terms is used to represent IPv6 addresses?

Reveal Solution Hide Solution

You work as a Security Administrator for ABC Inc. You have implemented and configured a web application security scanner in the company’s network. It helps in the automated review of the web applications with the defined purpose of discovering security vulnerabilities. In order to perform this task, the web application security scanner examines a number of vulnerabilities.

What are these vulnerabilities? Each correct answer represents a complete solution. (Choose three.)

Reveal Solution Hide Solution

Which of the following information must the fragments carry for the destination host to reassemble them back to the original unfragmented state? Each correct answer represents a complete solution. (Choose all that apply.)

Reveal Solution Hide Solution

Which of the following types of IP actions are supported by an IDP rulebase? (Choose three.)

Reveal Solution Hide Solution

You work as a Network Administrator for ABC Inc. You want to configure Snort as an IDS for your company’s wireless network, but you are concerned that Snort does not support all types of traffic.

What traffic does Snort support? Each correct answer represents a complete solution. (Choose all that apply.)

Reveal Solution Hide Solution

Which of the following parts of IP header is used to specify the correct place of the fragment in the original un-fragmented datagram?

Reveal Solution Hide Solution

An attacker changes the address of a sub-routine in such a manner that it begins to point to the address of the malicious code. As a result, when the function has been exited, the application can be forced to shift to the malicious code.

The image given below explains this phenomenon:

Which of the following tools can be used as a countermeasure to such an attack?

Reveal Solution Hide Solution

Which of the following forms on NAT maps multiple unregistered IP addresses to a single registered IP address by using different ports?

Reveal Solution Hide Solution

Which of the following tools is used to detect wireless LANs using the 802.11b, 802.11a, and 802.11g WLAN standards on the Windows platform?

Reveal Solution Hide Solution

Which of the following applications cannot proactively detect anomalies related to a computer?

Reveal Solution Hide Solution

You work as a Network Administrator for ABC Inc. The company has a TCP/IP-based routed network. Two routers have been configured on the network. A router receives a packet.

Which of the following actions will the router take to route the incoming packet? Each correct answer represents a part of the solution. (Choose two.)

Reveal Solution Hide Solution

Which of the following techniques allows probing firewall rule-sets and finding entry points into the targeted system or network?

Reveal Solution Hide Solution

Which of the following honeypots is a low-interaction honeypot and is used by companies or corporations for capturing limited information about malicious hackers?

Reveal Solution Hide Solution

The simplest form of a firewall is a packet filtering firewall. Typically, a router works as a packet-filtering firewall and has the capability to filter on some of the contents of packets.

On which of the following layers of the Open System Interconnection (OSI) reference model do these routers filter information? Each correct answer represents a complete solution. (Choose all that apply.)

Reveal Solution Hide Solution

Which of the following utilities provides an efficient way to give specific users permission to use specific system commands at the root level of a Linux operating system?

Reveal Solution Hide Solution

Which of the following firewalls operates at three layers – Layer3, Layer4, and Layer5?

Reveal Solution Hide Solution

Which of the following hexadecimal values in the boot field in the configuration register loads the first IOS file found in Flash memory?

Reveal Solution Hide Solution

Jain works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.abc.com.

He has successfully completed the following steps of the preattack phase:

>> Information gathering

>> Determining network range

>> Identifying active machines

>> Finding open ports and applications

>> OS fingerprinting

>> Fingerprinting services

Now Jain wants to perform network mapping of the ABC network.

Which of the following tools can he use to accomplish his task?

Each correct answer represents a complete solution. (Choose all that apply.)

Reveal Solution Hide Solution

Which of the following tools allows an attacker to intentionally craft the packets to gain unauthorized access? Each correct answer represents a complete solution. (Choose two.)

Reveal Solution Hide Solution

Which of the following is a version of netcat with integrated transport encryption capabilities?

Reveal Solution Hide Solution

Which of the following are packet filtering tools for the Linux operating system? Each correct answer represents a complete solution. (Choose all that apply.)

Reveal Solution Hide Solution

You work as a Network Administrator for ABC Inc. The company has a corporate intranet setup. A router is configured on your network to connect outside hosts to the internetworking. For security, you want to prevent outside hosts from pinging to the hosts on the internetwork.

Which of the following steps will you take to accomplish the task?

Reveal Solution Hide Solution

You have just taken over as the Network Administrator for a medium sized company. You want to check to see what services are exposed to the outside world.

What tool would you use to accomplish this?

Reveal Solution Hide Solution

You work as a Network Administrator for ABC Inc. The company has a Windows Server 2008- based network. You have created a test domain for testing IPv6 addressing.

Which of the following types of addresses are supported by IPv6? Each correct answer represents a complete solution. (Choose all that apply.)

Reveal Solution Hide Solution

Which of the following is used for debugging the network setup itself by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem?

Reveal Solution Hide Solution

You work as a Network Administrator for ABC Inc. The company has a wireless LAN infrastructure. The management wants to prevent unauthorized network access to local area networks and other information assets by the wireless devices.

What will you do?

Reveal Solution Hide Solution

You work as a Network Administrator for ABC Inc. The company has a TCP/IP network. You have been assigned a task to configure a stateful packet filtering firewall to secure the network of the company. You are encountering some problems while configuring the stateful packet filtering firewall.

Which of the following can be the reasons for your problems? Each correct answer represents a complete solution. (Choose all that apply.)

Reveal Solution Hide Solution

John works as a Security Manager for Gentech Inc. He uses an IDP engine to detect the type of interactive traffic produced during an attack in which the attacker wants to install the mechanism on a host system that facilitates the unauthorized access and breaks the system confidentiality.

Which of the following rulebases will he use to accomplish the task?

Reveal Solution Hide Solution

Which of the following attacking methods allows the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer by changing the Media Access Control address?

Reveal Solution Hide Solution

What are the advantages of stateless autoconfiguration in IPv6?

Each correct answer represents a part of the solution. (Choose three.)

Reveal Solution Hide Solution

Jain works as a professional Ethical Hacker.

He has been assigned the project of testing the security of www.abc.com. In order to do so, he performs the following steps of the preattack phase successfully:

• Information gathering

• Determination of network range

• Identification of active systems

• Location of open ports and applications

Now, which of the following tasks should he perform next?

Reveal Solution Hide Solution

You work as a technician for ABC Inc. You are troubleshooting a connectivity issue on a network. You are using the ping command to verify the connectivity between two hosts. You want ping to send larger sized packets than the usual 32-byte ones.

Which of the following commands will you use?

Reveal Solution Hide Solution

Sam works as a Security Manager for ABC Inc. He has been assigned a project to detect reconnoitering activities. For this purpose, he has deployed a system in the network that attracts the attention of an attacker.

Which of the following rulebases will he use to accomplish the task?

Reveal Solution Hide Solution

Which of the following is a valid IPv6 address?

Reveal Solution Hide Solution

Which of the following well-known ports is used by BOOTP?

Reveal Solution Hide Solution

Which of the following well-known ports is used by BOOTP?

Reveal Solution Hide Solution

Which of the following well-known ports is used by BOOTP?

Reveal Solution Hide Solution

10.0.0/24

Which of the following sets of commands will you use to accomplish the task?

Reveal Solution Hide Solution

Which of the following tools is used to analyze the files produced by several popular packetcapture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

Reveal Solution Hide Solution

Which of the following actions can be taken as the countermeasures against the ARP spoofing attack? Each correct answer represents a complete solution. (Choose all that apply.)

Reveal Solution Hide Solution

You work as a Network Troubleshooter for ABC Inc. You want to tunnel the IPv6 traffic across an IPv4 supporting portion of the company’s network.

You are using the interface configuration mode for the tunnel.

Which of the following IP addresses will you enter after the tunnel source command?

Reveal Solution Hide Solution

An organization has more than a couple of external business, and exchanges dynamic routing information with the external business partners. The organization wants to terminate all routing from a partner at an edge router, preferably receiving only summary routes from the partner.

Which of the following will be used to change all partner addresses on traffic into a range of locally assigned addresses?

Reveal Solution Hide Solution

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.abc.com. He is using a tool to crack the wireless encryption keys.

The description of the tool is as follows:

It is a Unix-based WLAN WEP cracking tool that recovers encryption keys. It operates by passively monitoring transmissions. It uses Chipertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys.

Which of the following tools is John using to crack the wireless encryption keys?

Reveal Solution Hide Solution

Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform a user must install a packet capture library.

What is the name of this library?

Reveal Solution Hide Solution

Jain works as a contract Ethical Hacker. He has recently got a project to do security checking for www.abc.com. He wants to find out the operating system of the ABC server in the information gathering step.

Which of the following commands will he use to accomplish the task? Each correct answer represents a complete solution. (Choose two.)

Reveal Solution Hide Solution

Which of the following protocols is used by voice over IP (VoIP) applications?

Reveal Solution Hide Solution

You work as a Network Administrator for ABC Inc. The company has a TCP/IP-based network. A Cisco switch is configured on the network. You change the original host name of the switch through the hostname command. The prompt displays the changed host name. After some time, power of the switch went off due to some reason. When power restored, you find that the prompt is displaying the old host name.

What is the most likely cause?

Reveal Solution Hide Solution

At which of the following layers of the Open System Interconnection (OSI) model the Internet Control Message Protocol (ICMP) and the Internet Group Management Protocol (IGMP) work?

Reveal Solution Hide Solution

Which of the following vulnerability scanners is used to test Web servers for dangerous files/CGIs, outdated server software, and other problems?

Reveal Solution Hide Solution

An IDS is a group of processes working together in a network. These processes work on different computers and devices across the network.

Which of the following processes does an IDS perform? Each correct answer represents a complete solution. (Choose all that apply.)

Reveal Solution Hide Solution

Which of the following is a chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event?

Reveal Solution Hide Solution