nerdexam
GIAC

GCED · Question #25

GCED Question #25: Real Exam Question with Answer & Explanation

The correct answer is D. It didn't look deeply enough into the packet. Routers, layer 3 switches, some firewalls, and other gateways are packet filtering devices that use access control lists (ACLs) and perform packet inspection. This type of device uses a small subset of the packet to make filtering decisions, such as source and destination IP addr

Question

Although the packet listed below contained malware, it freely passed through a layer 3 switch. Why didn't the switch detect the malware in this packet?

Exhibit

GCED question #25 exhibit

Options

  • AThe packet was part of a fragmentation attack
  • BThe data portion of the packet was encrypted
  • CThe entire packet was corrupted by the malware
  • DIt didn't look deeply enough into the packet

Explanation

Routers, layer 3 switches, some firewalls, and other gateways are packet filtering devices that use access control lists (ACLs) and perform packet inspection. This type of device uses a small subset of the packet to make filtering decisions, such as source and destination IP address and protocol. These devices will then allow or deny protocols based on their associated ports. This type of packet inspection and access control is still highly susceptible to malicious attacks, because payloads and other areas of the packet are not being inspected. For example, application level attacks that are tunneled over open ports such as HTTP (port 80) and HTTPS

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCED Practice