GIAC Exam GCED Topic 8 Question 20 Discussion

Actual exam question for GIAC's GIAC Certified Enterprise Defender exam

Question #: 20
Topic #: 8

[All GIAC Certified Enterprise Defender Questions]

Although the packet listed below contained malware, it freely passed through a layer 3 switch. Why didn't the switch detect the malware in this packet?

AThe packet was part of a fragmentation attack

BThe data portion of the packet was encrypted

CThe entire packet was corrupted by the malware

DIt didn't look deeply enough into the packet

Show Suggested Answer

Suggested Answer: D

Routers, layer 3 switches, some firewalls, and other gateways are packet filtering devices that use access control lists (ACLs) and perform packet inspection. This type of device uses a small subset of the packet to make filtering decisions, such as source and destination IP address and protocol. These devices will then allow or deny protocols based on their associated ports. This type of packet inspection and access control is still highly susceptible to malicious attacks, because payloads and other areas of the packet are not being inspected. For example, application level attacks that are tunneled over open ports such as HTTP (port 80) and HTTPS (port 443).

by Lucina at May 05, 2022, 05:29 AM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!