GNFA by GIAC Actual Free Exam Q&As

Question 1

What is the primary purpose of a network security proxy?
Response:

A. To replace the need for firewalls B. To encrypt all internal network traffic C. To block all outbound connections from an organization D. To act as an intermediary between clients and servers, filtering and monitoring traffic

Discussion 0

Correct Answer: D Vote an answer

Question 2

Which of the following are key benefits of centralizing security event logs?
(Select two.)
Response:

A. Reduced need for manual log review B. Faster network speeds C. Improved detection of correlated security events D. Immediate compliance with all security regulations

Discussion 0

Correct Answer: A,C Vote an answer

Question 3

What is the primary purpose of security event logging?
Response:

A. To store all network activity indefinitely B. To prevent all cyberattacks before they occur C. To detect, investigate, and respond to security incidents D. To replace the need for intrusion detection systems

Discussion 0

Correct Answer: C Vote an answer

Question 4

What methods are used to identify the structure of an unknown network protocol?
(Select two.)
Response:

A. Static code analysis B. Watching video tutorials C. Packet inspection D. Reverse engineering binaries

Discussion 0

Correct Answer: C,D Vote an answer

Question 5

Which of the following best describes asymmetric encryption?
Response:

A. Uses the same key for encryption and decryption B. Uses a predefined lookup table for encoding data C. Uses different keys for encryption and decryption D. Converts plaintext into a hash that cannot be reversed

Discussion 0

Correct Answer: C Vote an answer

Question 6

Which field in a NetFlow record can help determine if lateral movement is occurring within a network?
Response:

A. Source and Destination Port B. Destination IP Address and Source and Destination Port C. Destination IP Address D. Protocol Type

Discussion 0

Correct Answer: B Vote an answer

Question 7

Which tools can be used to capture and analyze wireless network traffic?
(Select two.)
Response:

A. Nmap B. Aircrack-ng C. Kismet D. Netcat

Discussion 0

Correct Answer: B,C Vote an answer

Question 8

Which log format is commonly used in UNIX/Linux environments?
Response:

A. Windows Event Log B. NetFlow C. Syslog D. JSON

Discussion 0

Correct Answer: C Vote an answer

Question 9

What is the primary purpose of ICMP (Internet Control Message Protocol)?
Response:

A. Performing network diagnostics and reporting errors B. Managing TCP handshakes C. Routing data between networks D. Encrypting communication between endpoints

Discussion 0

Correct Answer: A Vote an answer

Question 10

An administrator notices unusual traffic patterns where a single workstation is attempting to connect to multiple internal servers within minutes. What should be the first step in investigating this activity?
Response:

A. Disable the workstation immediately B. Block all outbound connections from the workstation C. Analyze the NetFlow records and IDS alerts D. Review network segmentation policies

Discussion 0

Correct Answer: C Vote an answer

GIAC Network Forensic Analyst (GNFA) - GNFA Exam Practice Test