Here you have the best GIAC GSEC practice exam questions
Which of the following are advantages of Network Intrusion Detection Systems (NIDS)?
Network Intrusion Detection Systems (NIDS) offer several advantages. They provide insight into network traffic, allowing for the monitoring of data as it traverses the network, which aids in identifying unusual patterns or suspicious activities (B). They also help in detecting network operations issues, as they can identify performance-related problems and potential vulnerabilities (D). Finally, NIDS systems can be relatively inexpensive to manage compared to other extensive security measures, making them a cost-effective solution for network security (E). Therefore, the correct answers are B, D, and E.
Which of the following protocols is used by a host that knows its own MAC (Media Access Control) address to query a server for its own IP address?
The protocol used by a host that knows its own MAC (Media Access Control) address to query a server for its own IP address is RARP (Reverse Address Resolution Protocol). RARP is specifically designed for this purpose, where the host sends a RARP request to a RARP server, which then responds with the host's IP address. ARP (Address Resolution Protocol) works the other way around, translating an IP address into a MAC address. DNS (Domain Name System) translates domain names into IP addresses, and RDNS (Reverse Domain Name System) translates IP addresses into domain names. Therefore, RARP is the only protocol that matches the given scenario.
What is the motivation behind SYN/FIN scanning?
The crafted SYN/FIN packet sometimes gets past firewalls and filtering routers. SYN/FIN scanning tries to exploit the fact that some firewalls and routers may not properly filter packets with both SYN and FIN flags set, thereby allowing attackers to map out the network and identify open ports.
There is not universal agreement on the names of the layers in the TCP/IP networking model. Which of the following is one of the functions of the bottom layer which is sometimes called the Network Access or Link Layer?
The bottom layer of the TCP/IP networking model, often called the Network Access or Link Layer, defines the procedures for interfacing with physical network hardware such as Ethernet devices. Its primary function is to manage the direct connections between different network nodes and handle how data is physically transmitted over the network.
Which of the following is a private, RFC 1918 compliant IP address that would be assigned to a DHCP scope on a private LAN?
10.254.1.50 is a private IP address according to the RFC 1918 standards. The RFC 1918 address space includes the following networks: 10.0.0.0 – 10.255.255.255, 172.16.0.0 – 172.31.255.255, and 192.168.0.0 – 192.168.255.255. IP addresses within these ranges are designated for private use and are commonly assigned in private LANs through DHCP. 127.0.0.100 falls within the loopback range, 169.254.1.50 is a link-local address not used for private networks, and 172.35.1.100 falls outside the private range designated for the 172.16.0.0 – 172.31.255.255 network.