GIAC Certified Firewall Analyst - GCFW Exam Questions [2026]

QUESTION NO: 1
Which of the following techniques allows probing firewall rule-sets and finding entry points into the targeted system or network?

A. Packet collision B. Distributed Checksum Clearinghouse C. Network enumerating D. Packet crafting

Correct Answer: D

QUESTION NO: 2
In which of the following steps of firewall log analysis process is aggregation for nodes defined?

A. Assess available data B. Process information C. Visual transformation D. View transformation

Correct Answer: D

QUESTION NO: 3
Which of the following features does the Nmap utility have?
Each correct answer represents a complete solution. Choose all that apply.

A. It uses operating system fingerprinting technology to identify the operating system running on a target system. B. It is a location where an organization can easily view the event of a disaster, such as fire, flood, terrorist threat, or other disruptive events. C. It identifies services running on systems in a specified range of IP addresses using scanning and sweeping feature. D. It has a stealth approach to scanning and sweeping.

Correct Answer: A,C,D

QUESTION NO: 4
Which of the following devices works as a transparent bridge between the wireless clients and the wired network?

A. Access point B. Switch C. Wireless router D. Hub

Correct Answer: A

QUESTION NO: 5
Which of the following actions can be taken as the countermeasures against the ARP spoofing attack?
Each correct answer represents a complete solution. Choose all that apply.

A. Using 8 digit passwords for authentication B. Looking for large amount of ARP traffic on local subnets C. Using Private VLANs D. Placing static ARP entries on servers and routers

Correct Answer: B,C,D

QUESTION NO: 6
Which of the following tools is used to detect wireless LANs using the 802.11b, 802.11a, and 802.11g WLAN standards on the Windows platform?

A. AiroPeek B. Cain C. NetStumbler D. Snort

Correct Answer: C

QUESTION NO: 7
Distributed Checksum Clearinghouse (DCC) is a hash sharing method of spam email detection.
Which of the following protocols does the DCC use?

A. ICMP B. TELNET C. UDP D. TCP

Correct Answer: C

QUESTION NO: 8
Which of the following applications cannot proactively detect anomalies related to a computer?

A. HIDS B. NIDS C. Firewall installed on the computer D. Anti-virus scanner

Correct Answer: B