nerdexam
ExamsGCIHQuestions#556
GIAC

GCIH · Question #556

GCIH Question #556: Real Exam Question with Answer & Explanation

The correct answer is A: A firewall that does not monitor the connection state of an inbound packet. An ACK scan is particularly useful in getting through simple router-based firewalls. If a router allows established connections in (and is not using any stateful inspection), an attacker can use ACK scans to send packets into the network. A border device (firewall, advanced route

Question

Which of the following devices would return information about internal targets during an ACK scan?

Options

  • AA firewall that does not monitor the connection state of an inbound packet
  • BA web-proxy that allows only outbound connections over tcp/8080
  • CAn IDS connected to a mirror port of the border router
  • DA border device that drops inbound connections that use a flag other than SYN

Explanation

An ACK scan is particularly useful in getting through simple router-based firewalls. If a router allows established connections in (and is not using any stateful inspection), an attacker can use ACK scans to send packets into the network. A border device (firewall, advanced router, etc.) that requires state for inbound connections will be definition drop inbound packets with the ACK flag, negating the effectiveness of an ACK scan. A web-proxy that only allows outbound connections will ignore an ACK scan. An IDS connected to a mirror port does not have an IP address to target with an ACK scan nor is there anything behind the IDS to map.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice