nerdexam
GIAC

GSEC · Question #112

GSEC Question #112: Real Exam Question with Answer & Explanation

The correct answer is B. B and C. Ingress filtering is a border security technique where routers/firewalls drop inbound packets whose source IP addresses are logically impossible or suspicious. If a packet arrives from the Internet claiming to originate from an internal (private) IP address, there are two plausib

Question

When considering ingress filtering, why should all inbound packets be dropped if they contain a source address from within the protected network address space? (A) The packets are probably corrupted. (B) The packets may have been accidentally routed onto the Internet. (C) The packets may be deliberately spoofed by an attacker. (D) The packets are a sign of excess fragmentation.

Options

  • AA and B
  • BB and C
  • CB and D
  • DA and D

Explanation

Ingress filtering is a border security technique where routers/firewalls drop inbound packets whose source IP addresses are logically impossible or suspicious. If a packet arrives from the Internet claiming to originate from an internal (private) IP address, there are two plausible explanations: (B) The packets may have been accidentally routed onto the Internet - internal traffic that leaked out and looped back; or (C) The packets may be deliberately spoofed by an attacker - a common technique in IP spoofing attacks where an attacker fakes an internal source address to impersonate a trusted host or bypass access controls. Option A (corruption) is incorrect because corruption would not consistently produce valid internal source addresses. Option D (excess fragmentation) is a separate concern unrelated to source address legitimacy. RFC 2827 (BCP 38) formalizes this ingress filtering best practice for exactly these reasons.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSEC Practice
When considering ingress filtering, why should all inbound packets... | GSEC Q#112 Answer | NerdExam