Up To Date GIAC Systems And Network Auditor GSNA Practice Question

NEW QUESTION 1

You have to move the whole directory /foo to /bar. Which of the following commands will you use to accomplish the task?

• A. mv /bar /foo
• B. mv -R /foo /bar
• C. mv /foo /bar
• D. mv -r /bar /foo

Answer: C

Explanation:

You will use the mv /foo /bar command to move the whole directory /foo to /bar. The mv command moves files and directories from one directory to another or renames a file or directory. mv must always be given at least two arguments. The first argument is given as a source file. The second argument is interpreted as the destination. If destination is an existing directory, the source file is moved to that directory with the same name as the source. If the destination is any other directory, the source file is moved and/or renamed to that destination name. Syntax : mv [options] source destination Some important options used with mv command are as follows:

Answer A is incorrect. The mv /bar /foo command will move the whole /bar directory to the /foo directory. Answer B, D are incorrect. These are not valid Linux commands.

NEW QUESTION 2

Which of the following types of firewall ensures that the packets are part of the established session?

• A. Stateful inspection firewall
• B. Switch-level firewall
• C. Circuit-level firewall
• D. Application-level firewall

Answer: A

Explanation:

The stateful inspection firewall combines the circuit level and the application level firewall techniques. It assures the session or connection between the two parties is valid. It also inspects packets from the session to assure that the packets are part of the established session and not malicious. Answer C is incorrect. The circuit-level firewall regulates traffic based on whether or not a trusted connection has been established. Answer D is incorrect. The application level firewall inspects the contents of packets, rather than the source/destination or connection between the two devices. Answer B is incorrect. There is no firewall type such as switch-level firewall.

NEW QUESTION 3

An executive in your company reports odd behavior on her PDA. After investigation you discover that a trusted device is actually copying data off the PDA. The executive tells you that the behavior started shortly after accepting an e-business card from an unknown person. What type of attack is this?

• A. Session Hijacking
• B. Bluesnarfing
• C. Privilege Escalation
• D. PDA Hijacking

Answer: B

Explanation:

Bluesnarfing is a rare attack in which an attacker takes control of a bluetooth enabled device. One way to do this is to get your PDA to accept the attacker's device as a trusted device.

NEW QUESTION 4

You configure a wireless router at your home. To secure your home Wireless LAN (WLAN), you implement WEP. Now you want to connect your client computer to the WLAN. Which of the following is the required information that you will need to configure the client computer? (Choose two)

• A. SSID of the WLAN
• B. WEP key
• C. IP address of the router
• D. MAC address of the router

Answer: AB

Explanation:

In order to connect a client computer to a secured Wireless LAN (WLAN), you are required to provide the following information: SSID of the WLAN WEP key rticlesItemsReportsHelp

NEW QUESTION 5

In an IT organization, some specific tasks require additional detailed controls to ensure that the workers perform their job correctly. What do these detailed controls specify? (Choose three)

• A. How the department handles acquisitions, security, delivery, implementation, and support of IS services
• B. How to lock a user account after unsuccessful logon attempts
• C. How output data is verified before being accepted into an application
• D. The way system security parameters are set

Answer: ABD

Explanation:

Some of the specific tasks require additional detailed controls to ensure that the workers perform their job correctly. These controls refer to some specific tasks or steps to be performed such as: The way system security parameters are set. How input data is verified before being accepted into an application. How to lock a user account after unsuccessful logon attempts. How the department handles acquisitions, security, delivery, implementation, and support of IS services. Answer C is incorrect. Input data should be verified before being accepted into an application.

NEW QUESTION 6

You want to change the number of characters displaying on the screen while reading a txt file. However, you do not want to change the format of the txt file. Which of the following commands can be used to view (but not modify) the contents of the text file on the terminal screen at a time?

• A. cat
• B. tail
• C. less
• D. more

Answer: D

Explanation:

The more command is used to view (but not modify) the contents of a text file on the terminal screen at a time. The syntax of the more command is as follows: more [options] file_name Where,

Answer A is incorrect. The concatenate (cat) command is used to display or print the contents of a file. Syntax: cat filename For example, the following command will display the contents of the /var/log/dmesg file: cat /var/log/dmesg Note: The more command is used in conjunction with the cat command to prevent scrolling of the screen while displaying the contents of a file. Answer C is incorrect. The less command is used to view (but not change) the contents of a text file, one screen at a time. It is similar to the more command. However, it has the extended capability of allowing both forwarB, Dackward navigation through the file. Unlike most Unix text editors/viewers, less does not need to read the entire file before starting; therefore, it has faster load times with large files. The command syntax of the less command is as follows: less [options] file_name Where,

Answer B is incorrect. The tail command is used to display the last few lines of a text file or piped data.

NEW QUESTION 7

Which of the following types of attack is described in the statement below? "It is a technique employed to compromise the security of network switches. In this attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table."

• A. Man-in-the-middle
• B. Blind spoofing
• C. Dictionary
• D. MAC flooding

Answer: D

Explanation:

MAC flooding is a technique employed to compromise the security of network switches. In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table. The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. A malicious user could then use a packet sniffer (such as Wireshark) running in promiscuous mode to capture sensitive data from other computers (such as unencrypted passwords, e-mail and instant messaging conversations), which would not be accessible were the switch operating normally. Answer B is incorrect. Blind spoofing is a type of IP spoofing attack. This attack occurs when the attacker is on a different subnet as the destination host. Therefore, it is more difficult to obtain correct TCP sequence number and acknowledgement number of the data frames. In blind spoofing attack, an attacker sends several packets to the target computer so that he can easily obtain sequence number of each data frame. If the attacker is successful in compromising the sequence number of the data frames, the data is successfully sent to the target computer. Answer C is incorrect. Dictionary attack is a type of password guessing attack. This type of attack uses a dictionary of common words to find out the password of a user. It can also use common words in either upper or lower case to find a password. There are many programs available on the Internet to automate and execute dictionary attacks. Answer A is incorrect. Man-in-the-middle attacks occur when an attacker successfully inserts an intermediary software or program between two communicating hosts. The intermediary software or program allows attackers to listen to and modify the communication packets passing between the two hosts. The software intercepts the communication packets and then sends the information to the receiving host. The receiving host responds to the software, presuming it to be the legitimate client.

NEW QUESTION 8

Which of the following NFS mount options specifies whether a program using a file via an NFS connection should stop and wait for the server to come back online, if the host serving the exported file system is unavailable, or if it should report an error?

• A. intr
• B. hard or soft
• C. nfsvers=2 or nfsvers=3
• D. fsid=num

Answer: B

Explanation:

The hard or soft NFS mount options are used to specify whether a program using a file via an NFS connection should stop and wait (hard) for the server to come back online, if the host serving the exported file system is unavailable, or if it should report an error. Answer A is incorrect. The intr NFS mount option allows NFS requests to be interrupted if the server goes down or cannot be reached. Answer C is incorrect. The nfsvers=2 or nfsvers=3 NFS mount options are used to specify which version of the NFS protocol to use. Answer D is incorrect. The fsid=num NFS mount option forces the file handle and file attributes settings on the wire to be num.

NEW QUESTION 9

An attacker wants to connect directly to an unsecured station to circumvent the AP security or to attack the station. Which of the following tools can be used to accomplish the task?

• A. Wireless card
• B. MacChanger
• C. SirMACsAlot
• D. USB adapter

Answer: AD

Explanation:

Ad Hoc Association is a type of attack in which an attacker tries to connect directly to an unsecured station to circumvent the AP security or to attack the station. Any wireless card or USB adapter can be used to perform this attack.

NEW QUESTION 10

Peter works as a Web Developer for XYZ CORP. He is developing a Web site for the company. In one of the Web pages, Peter wants to ensure that certain information is consistent and visible while the other information changes. Which of the following will he use to accomplish this?

• A. Tables
• B. Navigation links
• C. Data elements
• D. Frames

Answer: D

Explanation:

Peter will use frames in the Web page. Frames are extensions of the HTML 3.2 standard introduced by Netscape. Elements such as navigation links and title graphic, can be placed in static individual frames. The <frame> tag defines the contents that will appear in each frame. It is used within the <frameset> tag. Frames allow users to display multiple HTML files at a time. Answer A is incorrect. A table is used to handle data in tabular form. Answer B is incorrect. Navigation links are used with the navigation bar to display a page. These hyperlinks are relative to the navigational structure of a Web site. Answer C is incorrect. Data elements are used to access data in XML format from a Web server.

NEW QUESTION 11

Which TCP and UDP ports can be used to start a NULL session attack in NT and 2000 operating systems?

• A. 149 and 133
• B. 203 and 333
• C. 139 and 445
• D. 198 and 173

Answer: C

Explanation:

A null session is an anonymous connection to a freely accessible network share called IPC$ on Windows-based servers. It allows immediate read and write access with Windows NT/2000 and read-access with Windows XP and 2003. The command to be inserted at the DOS-prompt is as follows: net use \\IP address_or_host name\ipc$ "" "/user:" net use Port numbers 139 TCP and 445 UDP can be used to start a NULL session attack.

NEW QUESTION 12

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP based switched network. A root bridge has been elected in the switched network. You have installed a new switch with a lower bridge ID than the existing root bridge. What will happen?

• A. The new switch starts advertising itself as the root bridge.
• B. The new switch divides the network into two broadcast domains.
• C. The new switch works as DR or BDR.
• D. The new switch blocks all advertisements.

Answer: A

Explanation:

The new switch starts advertising itself as the root bridge. It acts as it is the only bridge on the network. It has a lower Bridge ID than the existing root, so it is elected as the root bridge after the BPDUs converge and when all switches know about the new switch that it is the better choice. Answer B, C, D are incorrect. All these are not valid options, according to the given scenario.

NEW QUESTION 13

Which of the following controls define the direction and behavior required for technology to function properly?

• A. Detailed IS controls
• B. General controls
• C. Application controls
• D. Pervasive IS controls

Answer: D

Explanation:
Pervasive IS controls are a subset of general controls that contains some extra definitions focusing on the management of monitoring a specific technology. A pervasive order or control determines the direction and behavior required for technology to function properly. The pervasive control permeates the area by using a greater depth of control integration over a wide area of influence. Answer B is incorrect. General controls are the parent class of controls that governs all areas of a business. An example of general controls includes the separation duties that prevent employees from writing their own paychecks and creating accurate job descriptions. General controls define the structure of an organization, establish HR policies, monitor workers and the work environment, as well as support budgeting, auditing, and reporting. Answer A is incorrect. Detailed IS controls are controls used for manipulating the on-going tasks in an organization. Some of the specific tasks require additional detailed controls to ensure that the workers perform their job correctly. These controls refer to some specific tasks or steps to be performed such as: The way system security parameters are set. How input data is verified before being accepted into an application. How to lock a user account after unsuccessful logon attempts. How the department handles acquisitions, security, delivery, implementation, and support of IS services. Answer C is incorrect. Application controls are embedded in programs. It constitutes the lowest subset in the control family. An activity should be filtered through the general controls, then the pervasive controls and detailed controls, before reaching the application controls level. Controls in the higher level category help in protecting the integrity of the applications and their data. The management is responsible to get applications tested prior to production through a recognized test method. The goal of this test is to provide a technical certificate that each system meets the requirement.

NEW QUESTION 14

Which of the following statements about system hardening are true? (Choose two)

• A. It is used for securing the computer hardware.
• B. It can be achieved by installing service packs and security updates on a regular basis.
• C. It can be achieved by locking the computer room.
• D. It is used for securing an operating system.

Answer: BD

Explanation:

System hardening is a term used for securing an operating system. It can be achieved by installing the latest service packs, removing unused protocols and services, and limiting the number of users with administrative privileges.

NEW QUESTION 15

On which of the following does a CGI program execute?

• A. Router
• B. Web server
• C. Client
• D. Client and Web server

Answer: B

Explanation:

The Common Gateway Interface (CGI) specification is used for creating executable programs that run on a Web server. CGI defines the communication link between a Web server and Web applications. It gives a network or Internet resource access to specific programs. For example, when users submit an HTML form on a Web site, CGI is used to pass this information to a remote application for processing, and retrieve the results from the application. It then returns these results to the user by means of an HTML page. Answer A is incorrect. CGI programs do not execute on routers.

NEW QUESTION 16

You are concerned about rogue wireless access points being connected to your network. What is the best way to detect and prevent these?

• A. Network anti-spyware software
• B. Network anti-virus software
• C. Protocol analyzers
• D. Site surveys

Answer: D

Explanation:

Routinely doing site surveys (or better still, having them automatically conducted frequently) is the only way to know what is connected to your network. And it will reveal any rogue access points. Answer B is incorrect. While anti virus software is always a good idea, it will do nothing to prevent rogue access points. Answer A is incorrect. While anti-spyware software is always a good idea, it will do nothing to prevent rogue access points. Answer C is incorrect. A protocol analyzer will help you analyze the specific traffic on a given node, but won't be much help in directly detecting rogue access points.

NEW QUESTION 17

You work as a Desktop Support Technician for XYZ CORP. The company uses a Windows-based network comprising 50 Windows XP Professional computers. You want to
include the Safe Mode with Command Prompt feature into the boot.ini file of a Windows XP Professional computer. Which of the following switches will you use?

• A. /safeboot:network /sos /bootlog /noguiboot
• B. /safeboot:minimal /sos /bootlog /noguiboot
• C. /safeboot:minimal(alternateshell) /sos /bootlog /noguiboot
• D. /safeboot:dsrepair /sos

Answer: C

Explanation:

Safe-mode boot switches are used in the Windows operating systems to use the afe-mode boot feature. To use this feature the user should press F8 during boot. These modes are available in the Boot.ini file. Users can also automate the boot process using this feature. Various switches used for various modes are given below:

NEW QUESTION 18

You work as a Web Developer for XYZ CORP. The company has a Windows-based
network. You have been assigned the task to secure the website of the company. To accomplish the task, you want to use a website monitoring service. What are the tasks performed by a website monitoring service?

• A. It checks the health of various links in a network using end-to-end probes sent by agents located at vantage points in the network.
• B. It checks SSL Certificate Expiry.
• C. It checks HTTP pages.
• D. It checks Domain Name Expiry.

Answer: BCD

Explanation:

Website monitoring service can check HTTP pages, HTTPS, FTP, SMTP, POP3, IMAP, DNS, SSH, Telnet, SSL, TCP, PING, Domain Name Expiry, SSL Certificate Expiry, and a range of other ports with great variety of check intervals from every four hours to every one minute. Typically, most website monitoring services test a server anywhere between once-per hour to once-per-minute. Advanced services offer in-browser web transaction monitoring based on browser add-ons such as Selenium or iMacros. These services test a website by remotely controlling a large number of web browsers. Hence, it can also detect website issues such a JavaScript bugs that are browser specific. Answer A is incorrect. This task is performed under network monitoring. Network tomography deals with monitoring the health of various links in a network using end-to-end probes sent by agents located at vantage points in the network/Internet.

NEW QUESTION 19

Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

• A. Incontrovertible
• B. Corroborating
• C. Direct
• D. Circumstantial

Answer: D

Explanation:

Circumstantial evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person. Answer B is incorrect. Corroborating evidence is evidence that tends to support a proposition that is already supported by some evidence. Answer A is incorrect. Incontrovertible evidence is a colloquial term for evidence introduced to prove a fact that is supposed to be so conclusive that there can be no other truth as to the matter; evidence so strong, it overpowers contrary evidence, directing a fact-finder to a specific and certain conclusion. Answer C is incorrect. Direct evidence is testimony proof for any evidence, which expressly or straight-forwardly proves the existence of a fact.

NEW QUESTION 20

Brutus is a password cracking tool that can be used to crack the following authentications: HTTP (Basic Authentication) HTTP (HTML Form/CGI) POP3 (Post Office Protocol v3) FTP (File Transfer Protocol) SMB (Server Message Block) Telnet Which of the following attacks can be performed by Brutus for password cracking?

• A. Man-in-the-middle attack
• B. Hybrid attack
• C. Replay attack
• D. Brute force attack
• E. Dictionary attack

Answer: BDE

Explanation:

Brutus can be used to perform brute force attacks, dictionary attacks, or hybrid attacks.

NEW QUESTION 21
......