GIAC Network Forensic Analyst (GNFA) (GNFA) Free Practice Test

Question 1

What are the benefits of using NetFlow for threat detection?
(Select two.)
Response:

A. Identifies large-scale data exfiltration

B. Provides detailed packet-level data

C. Captures real-time keystroke logging

D. Helps detect command-and-control (C2) communications

Correct Answer: A,D

Question 2

What is a key advantage of using a proxy-based firewall compared to a packet-filtering firewall?
Response:

A. Proxy-based firewalls inspect entire application-layer data

B. Proxy-based firewalls cannot block specific content types

C. Packet-filtering firewalls work at the application layer

D. Packet-filtering firewalls are more secure

Correct Answer: A

Question 3

A security analyst detects an application sending large volumes of encoded traffic to a remote server over an uncommon port. The analyst suspects data exfiltration. What should be done next?
Response:

A. Immediately block the port on the firewall

B. Investigate the encoding scheme used in the traffic

C. Terminate all active network sessions

D. Assume the traffic is normal and ignore it

Correct Answer: B

Question 4

What is the role of dynamic analysis in network protocol reverse engineering?
Response:

A. It involves executing malware to observe its behavior

B. It analyzes live network traffic to understand protocol behavior

C. It inspects logs for forensic investigations

D. It uses brute force attacks to identify weaknesses

Correct Answer: B

Question 5

An attacker intercepts a legitimate communication session and inserts malicious commands while appearing as a trusted participant. Which protocol is most vulnerable to this attack due to its lack of encryption?
Response:

A. HTTPS

B. FTP

C. SSH

D. SFTP

Correct Answer: B

Question 6

Which of the following encryption algorithms are considered secure for modern cryptographic use?
(Select two.)
Response:

A. DES

B. RC4

C. Blowfish

D. AES-256

Correct Answer: C,D

Question 7

Which technologies are commonly used in network segmentation strategies?
(Select two.)
Response:

A. MPLS

B. IPv6

C. VLANs

D. VPN

Correct Answer: A,C

Question 8

Which encryption algorithm is commonly used to encrypt web traffic in HTTPS?
Response:

A. RSA

B. DES

C. MD5

D. AES

Correct Answer: A

Question 9

Which of the following fields are typically included in a NetFlow record?
(Select two.)
Response:

A. Encrypted session keys

B. Source and destination IP addresses

C. Number of packets exchanged

D. Application payload

Correct Answer: B,C

Question 10

You are analyzing network traffic and find a series of communications using an unknown protocol. The traffic appears structured, but there is no official documentation available. What should be your first step?
Response:

A. Search for open-source documentation

B. Block all traffic using the protocol immediately

C. Attempt brute-force decryption

D. Capture and inspect the packets using Wireshark

Correct Answer: D

Welcome to TestSimulate

GIAC Network Forensic Analyst (GNFA) (GNFA) Free Practice Test