GIAC GPPA GIAC Certified Perimeter Protection Analyst Exam Practice Test

Jain works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.abc.com.

He has successfully completed the following steps of the preattack phase:

>> Information gathering

>> Determining network range

>> Identifying active machines

>> Finding open ports and applications

>> OS fingerprinting

>> Fingerprinting services

Now Jain wants to perform network mapping of the ABC network.

Which of the following tools can he use to accomplish his task?

Each correct answer represents a complete solution. (Choose all that apply.)

Which of the following has a set of system-independent functions for packet capture and network analysis?

Which of the following fields are specified when rules are created for the Network Honeypot rulebase?

Each correct answer represents a complete solution. (Choose all that apply.)

You run the tcpdump command line utility and get a report produced by tcpdump.

What information does this report include?

Each correct answer represents a complete solution. (Choose three.)

When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known as __________.

Which of the following proxy servers is placed anonymously between the client and remote server and handles all of the traffic from the client?

Which of the following protocols does IPsec use to perform various security functions in the network?

Each correct answer represents a complete solution. (Choose all that apply.)

Which of the following IPv6 address types is a single address that can be assigned to multiple interfaces?

Which of the following modules registers DNAT-based and SNAT-based transformations?

Which of the following can provide security against man-in-the-middle attack?

Which of the following ports cannot be used to access the router from a computer?

Which of the following are open-source vulnerability scanners? (Choose three.)

Which of the following is used as a default port by the TELNET utility?

The general form of the Cisco IOS is a.b.c.de.

Which of the following indicates the major version number of the Cisco IOS?

You work as a Network Administrator for ABC Inc. The company has a TCP/IP-based network. A Cisco switch is configured on the network. You change the original host name of the switch through the hostname command. The prompt displays the changed host name. After some time, power of the switch went off due to some reason. When power restored, you find that the prompt is displaying the old host name.

What is the most likely cause?

Which of the following hexadecimal values in the boot field in the configuration register loads the first IOS file found in Flash memory?

Which of the following is a Windows-based tool used for packet analysis?

Which of the following devices is used to identify out-of-date software versions, applicable patches, system upgrades, etc?

On which of the following interfaces of the router is the clock rate command used?

In which of the following steps of firewall log analysis process is aggregation for nodes defined?

Which of the following types of IP actions are supported by an IDP rulebase? (Choose three.)

Which of the following tools can be used for OS fingerprinting?

Which of the following wireless security policies helps to prevent the wireless enabled laptops from peer-to-peer attacks when the laptops are used in public access network? (Choose two.)

Andrew works as a Forensic Investigator for PassGuide Inc. The company has a Windows-based environment. The company's employees use Microsoft Outlook Express as their e-mail client program. E-mails of some employees have been deleted due to a virus attack on the network. Andrew is therefore assigned the task to recover the deleted mails.

Which of the following tools can Andrew use to accomplish the task?

Each correct answer represents a complete solution. (Choose two.)

You are a professional Computer Hacking forensic investigator. You have been called to collect the evidences of Buffer Overflows or Cookie snooping attack.

Which of the following logs will you review to accomplish the task?

Each correct answer represents a complete solution. (Choose all that apply.)

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint.

Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?

Which of the following is a Cisco IOS management term described in the statement below?

"It is the fourth digit in the configuration register and contains a hexadecimal value. The bootstrap program uses its value to choose which operating system to load into RAM".

Which of the following parts of IP header is used to specify the correct place of the fragment in the original un-fragmented datagram?

Fill in the blank with the appropriate utility.

________ is a table-based system or structure that defines the rulesets needed to transform or filter network packets.

You work as a Network Administrator for ABC Inc. The company has a wireless LAN infrastructure. The management wants to prevent unauthorized network access to local area networks and other information assets by the wireless devices.

What will you do?

You work as a Network Administrator for NetTech Inc. You want to prevent your network from Ping flood attacks.

Which of the following protocols will you block to accomplish this task?

Jain works as a contract Ethical Hacker. He has recently got a project to do security checking for www.abc.com. He wants to find out the operating system of the ABC server in the information gathering step.

Which of the following commands will he use to accomplish the task?

Each correct answer represents a complete solution. (Choose two.)

Which of the following steps are generally followed in computer forensic examinations?

Each correct answer represents a complete solution. (Choose three.)

Which of the following firewalls filters the traffic based on the header of the datagram?

You work as a Network Administrator for ABC Inc. The company has a corporate intranet setup. A router is configured on your network to connect outside hosts to the internetworking. For security, you want to prevent outside hosts from pinging to the hosts on the internetwork.

Which of the following steps will you take to accomplish the task?

You work as a Network Architect for ABC Inc. The company has a TCP/IP based network. You have established a remote-access VPN network between mobile users and the company's network. You want to implement the following features in the remote-access VPN network:

>> Provide security for the web traffic.

>> Browser clients can support the VPN connection to a host.

Which of the following will you configure to implement the given features in the network?

Which of the following tools is used to detect spam email without checking the content?

You are the Network Administrator and your company has recently implemented encryption for all emails. You want to check to make sure that the email packages are being encrypted.

What tool would you use to accomplish this?

You work as a Network Administrator for NetTech Inc. Your manager needs to access a particular server on the network from outside the company network. You have a registered IP address assigned to a router on the company network.

Which of the following will be useful for accessing the server from outside the network?

Sam works as a Security Manager for ABC Inc. The company has a Windows-based network. Sam wants to prevent specific traffic from IDP processing in order to reduce false positives.

Which of the following rulebases will he use to accomplish the task?

Which of the following is an attack with IP fragments that cannot be reassembled?

Which of the following TShark options is used to set capture buffer size in MB?