Most Recent GIAC Systems And Network Auditor GSNA Preparation Exams

Proper study guides for Up to the immediate present GIAC GIAC Systems and Network Auditor certified begins with GIAC GSNA preparation products which designed to deliver the Validated GSNA questions by making you pass the GSNA test at your first time. Try the free GSNA demo right now.

Check GSNA free dumps before getting the full version:

NEW QUESTION 1

You are concerned about possible hackers doing penetration testing on your network as a prelude to an attack. What would be most helpful to you in finding out if this is occurring?

  • A. Examining your antivirus logs
  • B. Examining your domain controller server logs
  • C. Examining your firewall logs
  • D. Examining your DNS Server logs

Answer: C

Explanation:

Firewall logs will show all incoming and outgoing traffic. By examining those logs, you can do port scans and use other penetration testing tools that have been used on your firewall.

NEW QUESTION 2

Which of the following statements are true about security risks? (Choose three)

  • A. They can be removed completely by taking proper actions.
  • B. They are considered an indicator of threats coupled with vulnerability.
  • C. They can be mitigated by reviewing and taking responsible actions based on possible risks.
  • D. They can be analyzed and measured by the risk analysis process.

Answer: BCD

Explanation:

In information security, security risks are considered an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. These risks can be analyzed and measured by the risk analysis process. Answer A is incorrect. Security risks can never be removed completely but can be mitigated by taking proper actions.

NEW QUESTION 3

Sam works as a Network Administrator for XYZ CORP. The computers in the company run Windows Vista operating system, and they are continuously connected to the Internet. This makes the network of the company susceptible to attacks from unauthorized users. Which of the following will Sam choose to protect the network of the company from such attacks?

  • A. Firewall
  • B. Windows Defender
  • C. Software Explorer
  • D. Quarantined items

Answer: A

Explanation:
A firewall is a set of related programs configured to protect private networks connected to the Internet from intrusion. It is used to regulate the network traffic between different computer networks. It permits or denies the transmission of a network packet to its destination based on a set of rules. A firewall is often installed on a separate computer so that an incoming packet does not get into the network directly. Answer B is incorrect. Windows Defender is a software product designed by Microsoft to provide continuous security against malware. If it detects anything suspicious, an alert will appear on the screen. Windows Defender can also be used to scan a computer for suspicious software. It can remove or quarantine any malware or spyware it finds. Answer C is incorrect. Software Explorer is a tool of Windows Defender. It is used to remove, enable, or disable the programs running on a computer. Answer D is incorrect. Quarantined items is a tool of Windows Defender. It is used to remove or restore a program blocked by Windows Defender.

NEW QUESTION 4

You work as the Network Administrator for a company. You configure a Windows 2000- based computer as the Routing and Remote Access server, so that users can access the company's network, remotely. You want to log a record of all the users who access the network by using Routing and Remote Access. What will you do to log all the logon activities?

  • A. On the Routing and Remote Access server, enable log authentication requests in auditing, and define the path for the log file in Remote Access Logging.
  • B. On the Routing and Remote Access server, enable log authentication requests in Remote Access Logging.
  • C. On the Routing and Remote Access server, enable log authentication requests in auditing.
  • D. Do nothing as the Windows 2000-based Routing and Remote Access server automatically creates a log record for each connection attempt.

Answer: B

Explanation:

The Routing and Remote Access service can log all the records of authentication and accounting information for connection attempts when Windows authentication or accounting is enabled. This can be done by enabling the log authentication requests in the properties of the Remote Access Logging folder, in the Routing and Remote Access snap-in , where you can configure the type of activity to log, i.e., accounting or authentication activity and log file settings. This information is stored in the form of a log file in '%SystemRoot%System32LogFiles' folder. For each authentication attempt, the name of the remote access policy , that either accepted or rejected the connection attempt, is recorded. The logged information is useful to track remote access usage, and authentication attempts.

NEW QUESTION 5

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to identify the list of users with special privileges along with the commands that they can execute. Which of the following Unix configuration files can you use to accomplish the task?

  • A. /proc/meminfo
  • B. /etc/sysconfig/amd
  • C. /proc/modules
  • D. /etc/sudoers

Answer: D

Explanation:

In Unix, the /etc/sudoers file contains a list of users with special privileges along with the commands that they can execute. Answer A is incorrect. In Unix, the /proc/meminfo file shows information about the memory usage, both physical and swap. Answer B is incorrect. In Unix, the /etc/sysconfig/amd file is the configuration file that is used to configure the auto mount daemon. Answer C is incorrect. In Unix, the
/proc/modules file shows the kernel modules that are currently loaded.

NEW QUESTION 6

John works as a Network Administrator for Perfect Solutions Inc. The company has a Debian Linux-based network. He is working on the bash shell in which he creates a variable VAR1. After some calculations, he opens a new ksh shell. Now, he wants to set VAR1 as an environmental variable so that he can retrieve VAR1 into the ksh shell. Which of the following commands will John run to accomplish the task?

  • A. echo $VAR1
  • B. touch VAR1
  • C. export VAR1
  • D. env -u VAR1

Answer: C

Explanation:
Since John wants to use the variable VAR1 as an environmental variable, he will use the export command to accomplish the task.

NEW QUESTION 7

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He wants to forward all the kernel messages to the remote host having IP address 192.168.0.1. Which of the following changes will he perform in the syslog.conf file to accomplish the task?

  • A. kern.* @192.168.0.1
  • B. !*.* @192.168.0.1
  • C. !kern.* @192.168.0.1
  • D. *.* @192.168.0.1

Answer: A

Explanation:

According to the scenario, John will make the following entry in the syslog.conf file to forward all the kernel messages to the remote host having IP address 192.168.0.1: kern.* @192.168.0.1 Answer D is incorrect. This entry will forward all the messages to the remote host having IP address 192.168.0.1. Answer B is incorrect. This entry will not forward any message to the remote host having IP address 192.168.0.1. Answer C is incorrect. This entry will not forward any kernel message to the remote host having IP address 192.168.0.1.

NEW QUESTION 8

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

  • A. Safeguards
  • B. Detective controls
  • C. Corrective controls
  • D. Preventive controls

Answer: C

Explanation:

Corrective controls are used after a security breach. After security has been breached, corrective controls are intended to limit the extent of any damage caused by the incident, e.g. by recovering the organization to normal working status as efficiently as possible. Answer D is incorrect. Before the event, preventive controls are intended to prevent an incident from occurring, e.g. by locking out unauthorized intruders. Answer B is incorrect. During the event, detective controls are intended to identify and characterize an
incident in progress, e.g. by sounding the intruder alarm and alerting the security guards or the police. Answer A is incorrect. Safeguards are those controls that provide some amount of protection to an asset.

NEW QUESTION 9

You work as a Software Developer for UcTech Inc. You want to create a new session. Which of the following methods can you use to accomplish the task?

  • A. getNewSession(true)
  • B. getSession(false)
  • C. getSession()
  • D. getSession(true)
  • E. getNewSession()

Answer: CD

Explanation:
The getSession() method of the HttpServletRequest interface returns the current session associated with the request, or creates a new session if no session exists. The method has two syntaxes as follows: public HttpSession getSession(): This method creates a new session if it does not exist. public HttpSession getSession(boolean create): This method becomes similar to the above method if create is true, and returns the current session if create is false. It returns null if no session exists. Answer B is incorrect. The getSession(false) method returns a pre-existing session. It returns null if the client has no session associated with it.

NEW QUESTION 10

What is the purpose of Cellpadding attribute of <Table> tag?

  • A. Cellpadding is used to set the width of cell border and its content.
  • B. Cellpadding is used to set the width of a table.
  • C. Cellpadding is used to set the space between the cell border and its content.
  • D. Cellpadding is used to set the space between two cells in a table.

Answer: C

Explanation:

Cellpadding attribute is used to set the space, in pixels , between the cell border and its content. If you have not set the value of Cellpadding attribute for a table, the browser takes the default value as 1.

NEW QUESTION 11

Data access auditing is a surveillance mechanism that watches over access to all sensitive information contained within the database. What are the questions addressed in a perfect data access auditing solution?

  • A. Who accessed the data?
  • B. When was the data accessed?
  • C. For whom was the data accessed?
  • D. What was the SQL query that accessed the data?

Answer: ABD

Explanation:

The perfect data access auditing solution would address the following six questions: 1.Who accessed the data? 2.When was the data accessed? 3.Which computer program or client software was used to access the data? 4.From what location on the network was the data accessed? 5.What was the SQL query that accessed the data? 6.Was access to the data successfully done; and if so, how many rows of data were retrieved? Answer C is incorrect. In the perfect data access auditing solution, it cannot be determined for whom the data is being accessed. Only the person accessing the data can be identified.

NEW QUESTION 12

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to find out when a particular user was last logged in. To accomplish this, you need to analyze the log configuration files. Which of the following Unix log configuration files can you use to accomplish the task?

  • A. /var/log/btmp
  • B. /var/log/messages
  • C. /var/log/lastlog
  • D. /var/log/wtmp

Answer: C

Explanation:

In Unix, the /var/log/lastlog file is used by the finger to find when a user was last logged in. Answer D is incorrect. In Unix, the /var/log/wtmp file stores the binary info of users that have been logged on. Answer A is incorrect. In Unix, the /var/log/btmp file is used to store information about failed logins. Answer B is incorrect. In Unix, the /var/log/messages is the main system message log file.

NEW QUESTION 13

Which of the following types of attack is described in the statement below? "It is a technique employed to compromise the security of network switches. In this attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table."

  • A. Man-in-the-middle
  • B. Blind spoofing
  • C. Dictionary
  • D. MAC flooding

Answer: D

Explanation:

MAC flooding is a technique employed to compromise the security of network switches. In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table. The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. A malicious user could then use a packet sniffer (such as Wireshark) running in promiscuous mode to capture sensitive data from other computers (such as unencrypted passwords, e-mail and instant messaging conversations), which would not be accessible were the switch operating normally. Answer B is incorrect. Blind spoofing is a type of IP spoofing attack. This attack occurs when the attacker is on a different subnet as the destination host. Therefore, it is more difficult to obtain correct TCP sequence number and acknowledgement number of the data frames. In blind spoofing attack, an attacker sends several packets to the target computer so that he can easily obtain sequence number of each data frame. If the attacker is successful in compromising the sequence number of the data frames, the data is successfully sent to the target computer. Answer C is incorrect. Dictionary attack is a type of password guessing attack. This type of attack uses a dictionary of common words to find out the password of a user. It can also use common words in either upper or lower case to find a password. There are many programs available on the Internet to automate and execute dictionary attacks. Answer A is incorrect. Man-in-the-middle attacks occur when an attacker successfully inserts an intermediary software or program between two communicating hosts. The intermediary software or program allows attackers to listen to and modify the communication packets passing between the two hosts. The software intercepts the communication packets and then sends the information to the receiving host. The receiving host responds to the software, presuming it to be the legitimate client.

NEW QUESTION 14

You work as a Database Administrator for XYZ CORP. The company has a multi-platform network. The company requires a database that can receive data from various types of operating systems. You want to design a multidimensional database to accomplish the task. Which of the following statements are true about a multidimensional database?

  • A. It is used to optimize Online Analytical Processing (OLAP) applications.
  • B. It is used to optimize data warehouse.
  • C. It is rarely created using input from existing relational databases.
  • D. It allows users to ask questions that are related to summarizing business operations and trends.

Answer: ABD

Explanation:

A multidimensional database (MDB) is a type of database that is optimized for data warehouse and Online Analytical Processing (OLAP) applications. Multidimensional databases are frequently created using input from existing relational databases. Whereas a relational database is typically accessed using a Structured Query Language (SQL) query, a multidimensional database allows a user to ask questions like "How many Aptivas have been sold in Nebraska so far this year?" and similar questions related to summarizing business operations and trends. An OLAP application that accesses data from a multidimensional database is known as a MOLAP (multidimensional OLAP) application. Answer C is incorrect. A multidimensional database is frequently created using input from existing relational databases.

NEW QUESTION 15

You work as a Software Developer for UcTech Inc. You are building a Web site that will contain study materials on the Java language. The company wants that members can
access all the pages, but non-members have only limited access to the Web site pages. Which of the following security mechanisms will you use to accomplish the task?

  • A. Data integrity
  • B. Authentication
  • C. Confidentiality
  • D. Authorization

Answer: D

Explanation:

Authorization is a process that verifies whether a user has permission to access a Web resource. A Web server can restrict access to some of its resources to only those clients that log in using a recognized username and password. To be authorized, a user must first be authenticated. Answer B is incorrect. Authentication is the process of verifying the identity of a user. This is usually done using a user name and password. This process compares the provided user name and password with those stored in the database of an authentication server. Answer C is incorrect. Confidentiality is a mechanism that ensures that only the intended and authorized recipients are able to read data. The data is so encrypted that even if an unauthorized user gets access to it, he will not get any meaning out of it. Answer A is incorrect. Data integrity is a mechanism that ensures that the data is not modified during transmission from source to destination. This means that the data received at the destination should be exactly the same as that sent from the source.

NEW QUESTION 16

Which of the following is an example of penetration testing?

  • A. Configuring firewall to block unauthorized traffic
  • B. Implementing HIDS on a computer
  • C. Simulating an actual attack on a network
  • D. Implementing NIDS on a network

Answer: C

Explanation:

Penetration testing is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution. The intent of a penetration testing is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered. It is a component of a full security of penetration testing.

NEW QUESTION 17

Which of the following key combinations in the vi editor is used to copy the current line?

  • A. dk
  • B. yy
  • C. d$
  • D. dl

Answer: B

Explanation:

The yy key combination in the vi editor is used to copy the current line. The vi editor is an interactive, cryptic, and screen-based text editor used to create and edit a file. It operates in either Input mode or Command mode. In Input mode, the vi editor accepts a keystroke as text and displays it on the screen, whereas in Command mode, it interprets keystrokes as commands. As the vi editor is case sensitive, it interprets the same character or characters as different commands, depending upon whether the user enters a lowercase or uppercase character. When a user starts a new session with vi, he must put the editor in Input mode by pressing the "I" key. If he is not able to see the entered text on the vi editor's screen, it means that he has not put the editor in Insert mode. The user must change the editor to Input mode before entering any text so that he can see the text he has entered. Answer D is incorrect. It deletes next char on the right. Answer A is incorrect. It deletes the current line and one line above. Answer C is incorrect. It deletes from the cursor till the end of the line.

NEW QUESTION 18

Which of the following is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines?

  • A. Warkitting
  • B. War driving
  • C. Wardialing
  • D. Demon dialing

Answer: C

Explanation:

War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers - hackers that specialize in computer security - for password guessing. Answer A is incorrect. Warkitting is a combination of wardriving and rootkitting. In a warkitting attack, a hacker replaces the firmware of an attacked router. This allows them to control all traffic for the victim, and could even permit them to disable SSL by replacing HTML content as it is being downloaded. Warkitting was identified by Tsow, Jakobsson, Yang, and Wetzel in 2006. Their discovery indicated that 10% of the wireless routers were susceptible to WAPjacking (malicious configuring of the firmware settings, but making no modification on the firmware itself) and 4.4% of wireless routers were vulnerable to WAPkitting (subverting the router firmware). Their analysis showed that the volume of credential theft possible through Warkitting exceeded the estimates of credential theft due to phishing. Answer D is incorrect. In the computer hacking scene of the 1980s, demon dialing was a technique by which a computer is used to repeatedly dial a number (usually to a crowded modem pool) in an attempt to gain access immediately after another user had hung up. The expansion of accessible Internet service provider connectivity since that time more or less rendered the practice obsolete. The term "demon dialing" derives from the Demon Dialer product from Zoom Telephonics, Inc., a telephone device produced in the 1980s which repeatedly dialed busy telephone numbers under control of an extension phone. Answer B is incorrect. War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, one needs a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources.

NEW QUESTION 19

Andrew works as a Network Administrator for Infonet Inc. The company has a Windows 2003 domain-based network. The network has five Windows 2003 member servers and 150 Windows XP Professional client computers. One of the member servers works as an IIS server. The IIS server is configured to use the IP address 142.100.10.6 for Internet users and the IP address 16.5.7.1 for the local network. Andrew wants the server to allow only Web communication over the Internet. He also wants to enable the local network users to access the shared folders and other resources. How will Andrew configure the IIS server to accomplish this? (Choose three)

  • A. Enable the IP packet filter.
  • B. Permit all the ports on the network adapter that uses the IP address 142.100.10.6.
  • C. Permit only port 25 on the network adapter that uses the IP address 142.100.10.6.
  • D. Permit all the ports on the network adapter that uses the IP address 16.5.7.1.
  • E. Permit only port 80 on the network adapter that uses the IP address 142.100.10.6.

Answer: ADE

Explanation:

In order to configure the IIS server to allow only Web communication over the Internet, Andrew will have to use IP packet filtering to permit only port 80 on the network adapter that uses the IP address 142.100.10.6 for connecting to the Internet. This is because Web communication uses the Hyper Text Transfer Protocol (HTTP) that uses the TCP port 80. IP packet filtering restricts the IP traffic received by the network interface by controlling the TCP or UDP port for incoming data. Furthermore, Andrew wants to allow local users to access shared folders and all other resources. Therefore, Andrew will have to enable all the ports on the network adapter that uses the IP address 16.5.7.1 for the local
network.

NEW QUESTION 20

You work as a Computer Hacking Forensic Investigator for SecureNet Inc. You want to investigate Cross-Site Scripting attack on your company's Website. Which of the following methods of investigation can you use to accomplish the task?

  • A. Review the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL to the company's site.
  • B. Look at the Web servers logs and normal traffic logging.
  • C. Use Wireshark to capture traffic going to the server and then searching for the requests going to the input page, which may give log of the malicious traffic and the IP address of the source.
  • D. Use a Web proxy to view the Web server transactions in real time and investigate any communication with outside servers.

Answer: ABD

Explanation:

You can use the following methods to investigate Cross-Site Scripting attack:
* 1. Look at the Web servers logs and normal traffic logging.
* 2. Use a Web proxy to view the Web server transactions in real time and investigate any communication with outside servers.
* 3. Review the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL to the company's site. Answer C is incorrect. This method is not used to investigate Cross-Site Scripting attack.

NEW QUESTION 21
......

100% Valid and Newest Version GSNA Questions & Answers shared by Dumps-hub.com, Get Full Dumps HERE: https://www.dumps-hub.com/GSNA-dumps.html (New 368 Q&As)