Refined of GSNA testing engine materials and real exam for GIAC certification for IT learners, Real Success Guaranteed with Updated GSNA pdf dumps vce Materials. 100% PASS GIAC Systems and Network Auditor exam Today!

Also have GSNA free dumps questions for you:

NEW QUESTION 1

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool. Which of the following statements are true about SARA? (Choose two)

  • A. It operates under Unix, Linux, MAC OS/X, or Windows (through coLinux) OS.
  • B. It cannot be used to perform exhaustive XSS tests.
  • C. It cannot be used to perform SQL injection tests.
  • D. It supports plug-in facility for third party apps.

Answer: AD

Explanation:

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool. It has the following functions: It operates under Unix, Linux, MAC OS/X, or Windows (through coLinux) OS. It integrates the National Vulnerability Database (NVD). It can be used to perform SQL injection tests. It can be used to perform exhaustive XSS tests. It can be adapted to multiple firewalled environments. It supports remote self scan and API facilities. It is used for CIS benchmark initiatives. It also supports plug-in facility for third party apps. It supports CVE standards. It works as an enterprise search module. It works in both standalone or demo mode. Answer C is incorrect. SARA can be used to perform SQL injection tests. Answer B is incorrect. SARA can be used to perform exhaustive XSS tests.
GSNA dumps exhibit

NEW QUESTION 2

Which of the following are the countermeasures against WEP cracking?

  • A. Using the longest key supported by hardware.
  • B. Changing keys often.
  • C. Using a non-obvious key.
  • D. Using a 16 bit SSID.

Answer: ABC

Explanation:

A user can use some countermeasures to prevent WEP cracking. Although WEP is least secure, it should not be used. However, a user can use the following methods to mitigate WEP cracking: Use a non-obvious key. Use the longest key supported by hardware. Change keys often. Use WEP in combination with other security features, such as rapid WEP key rotation and dynamic keying using 802.1x. Consider WEP a deterrent, not a guarantee. Answer D is incorrect. SSID stands for Service Set Identifier. It is used to identify a wireless network. SSIDs are case sensitive text strings and have a maximum length of 32 characters. All wireless devices on a wireless network must have the same SSID in order to communicate with each other. The SSID on computers and the devices in WLAN can be set manually and automatically. Configuring the same SSID as that of the other Wireless Access Points (WAPs) of other networks will create a conflict. A network administrator often uses a public SSID that is set on the access point. The access point broadcasts SSID to all wireless devices within its range. Some newer wireless access points have the ability to disable the automatic SSID broadcast feature in order to improve network security.

NEW QUESTION 3

Brutus is a password cracking tool that can be used to crack the following authentications: HTTP (Basic Authentication) HTTP (HTML Form/CGI) POP3 (Post Office Protocol v3) FTP (File Transfer Protocol) SMB (Server Message Block) Telnet Which of the following attacks can be performed by Brutus for password cracking?

  • A. Man-in-the-middle attack
  • B. Hybrid attack
  • C. Replay attack
  • D. Brute force attack
  • E. Dictionary attack

Answer: BDE

Explanation:

Brutus can be used to perform brute force attacks, dictionary attacks, or hybrid attacks.

NEW QUESTION 4

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. You want to run two programs, foo and bar. You also want to ensure that bar is executed if and
only if foo has executed successfully. Which of the following command sequences will John use to accomplish the task?

  • A. foo; bar;
  • B. foo || bar;
  • C. foo | bar;
  • D. foo && bar;

Answer: D

Explanation:

According to the scenario, John will execute the foo && bar; command. Because of the && operator, bar will execute if and only if foo completes successfully. Answer A is incorrect. The foo; bar; command sequence will run foo and bar in a sequential manner, but the successful completion of the first command does not matter. Answer B is incorrect. The foo || bar; command sequence will run the bar if and only if foo fails to complete successfully. Answer C is incorrect. In the foo | bar; command sequence, the output of the foo command will be the input for the bar command.

NEW QUESTION 5

Which of the following statements are true about security risks? (Choose three)

  • A. They can be removed completely by taking proper actions.
  • B. They are considered an indicator of threats coupled with vulnerability.
  • C. They can be mitigated by reviewing and taking responsible actions based on possible risks.
  • D. They can be analyzed and measured by the risk analysis process.

Answer: BCD

Explanation:

In information security, security risks are considered an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. These risks can be analyzed and measured by the risk analysis process. Answer A is incorrect. Security risks can never be removed completely but can be mitigated by taking proper actions.

NEW QUESTION 6

You have to ensure that your Cisco Router is only accessible via telnet and ssh from the following hosts and subnets: 10.10.2.103 10.10.0.0/24 Which of the following sets of commands will you use to accomplish the task?

  • A. access-list 10 permit host 10.10.2.103access-list 10 permit 10.10.0.0 0.0.0.255access-list 10 deny any line vty 0 4 access-class 10 out
  • B. access-list 10 permit 10.10.2.103access-list 10 permit 10.10.0.0 0.0.0.255access-list 10 deny any line vty 0 4 access-group 10 in
  • C. access-list 10 permit host 10.10.2.103access-list 10 permit 10.10.0.0 0.0.0.255access-list 10 deny any line vty 0 4access-class 10 in
  • D. access-list 10 permit host 10.10.2.103access-list 11 permit host 10.10.0.0 255.255.255.0access-list 12 deny any line vty 0 4access-group 10, 11, 12 in

Answer: C

Explanation:

In order to accomplish the task, you will have to run the following sets of commands: access-list 10 permit host 10.10.2.103 access-list 10 permit 10.10.0.0 0.0.0.255 access-list 10 deny any line vty 0 4 access-class 10 in This configuration set meets all the requirements. The ACL is correctly configured and is applied to the VTY lines using the access-class command for inbound connections. Answer D is incorrect. This
configuration actually creates 3 separate ACL's (10, 11, and 12) and also incorrectly attempts to apply the ACL's to the VTY lines. Answer A is incorrect. This configuration is correct except for the access-class command being applied in the outbound direction. When using "access-class out", the router will not match connections coming into the router for Telnet and/or SSH. Instead, it will match connections being generated from the router. Answer B is incorrect. This configuration is correct except for the access-group command. Access-group is used to apply ACLs to an interface. Access-class is used to apply ACLs to VTY lines.

NEW QUESTION 7

Which of the following statements about the /etc/profile file are true?

  • A. It allows a system administrator to create a default home directory for all new users on a computer.
  • B. A user can change the settings of the /etc/profile file, but he cannot delete the fil
  • C. It can only be deleted by the root user.
  • D. It can change the default umask value.
  • E. It is used to configure and control system-wide default variables.

Answer: CD

Explanation:

The /etc/profile file is used to configure and control system-wide default variables. It performs many operations, some of which are as follows: Exporting variables Setting the umask value Sending mail messages to indicate that new mail has arrived Exporting variables Setting the umask value Sending mail messages to indicate that new mail has arrived Only the root user can configure and change the /etc/profile file for all users on the system. Answer A is incorrect. The /etc/skel file allows a system administrator to create a default home directory for all new users on a computer or network and thus to make certain that all users begin with the same settings. When a new account is created with a home directory, the entire contents of /etc/skel are copied into the new home directory location. The home directory and its entire contents are then set to the new account's UID and GID, making the new user owner of the initial files. The system administrator can create files in /etc/skel that will provide a nice default environment for users. For example, he might create a /etc/skel/.profile that sets the PATH environment variable for new users. Answer B is incorrect. Only the root user can change the settings of the /etc/profile file.

NEW QUESTION 8

Which of the following are the limitations for the cross site request forgery (CSRF) attack?

  • A. The attacker must determine the right values for all the form inputs.
  • B. The attacker must target a site that doesn't check the referrer header.
  • C. The target site should have limited lifetime authentication cookies.
  • D. The target site should authenticate in GET and POST parameters, not only cookies.

Answer: AB

Explanation:

Following are the limitations of cross site request forgeries to be successful:
* 1. The attacker must target either a site that doesn't check the Referer header (which is common) or a victim with a browser or plugin bug that allows Referer spoofing (which is rare).
* 2. The attacker must find a form submission at the target site that does something useful to the attacker (e.g., transfers money, or changes the victim's e-mail address or password).
* 3. The attacker must determine the right values for all the form inputs: if any of them are required to be secret authentication values or IDs that the attacker can't guess, the attack will fail.
* 4. The attacker must lure the victim to a Web page with malicious code while the victim is logged in to the target site. Since, the attacker can't see what the target Web site sends back to the victim in response to the forged requests, unless he exploits a cross- site scripting or other bug at the target Web site.
Similarly, the attacker can only "click" any links or submit any forms that come up after the initial forged request, if the subsequent links or forms are similarly predictable. (Multiple "clicks" can be simulated by including multiple images on a page, or by using JavaScript to introduce a delay between clicks). from cross site request forgeries (CSRF) by applying the following countermeasures available: Requiring authentication in GET and POST parameters, not only cookies. Checking the HTTP Referer header. Ensuring there's no crossdomain.xml file granting unintended access to Flash movies. Limiting the lifetime of authentication cookies. Requiring a secret, user-specific token in all form submissions prevents CSRF; the attacker's site can't put the right token in its submissions. Individual Web users can do relatively little to prevent cross-site request forgery. Logging out of sites and avoiding their "remember me" features can mitigate CSRF risk; not displaying external images or not clicking links in "spam" or unreliable e-mails may also help.

NEW QUESTION 9

You work as a Network Administrator for XYZ CORP. The company's Windows 2000 network is configured with Internet Security and Acceleration (ISA) Server 2000. ISA Server is configured as follows: The server uses the default site and content rule and default IP packet filters. Packet filtering is enabled. The server has two protocol rules:
GSNA dumps exhibit
Users in the network complain that they are unable to access secure Web sites. However, they are able to connect to Web sites in which secure transmission is not required. What is the most likely cause?

  • A. A protocol rule that allows the use of HTTP has not been created.
  • B. An IP packet filter that allows the use of network traffic on port 80 has not been created.
  • C. An IP packet filter that allows the use of network traffic on port 443 has not been created.
  • D. A protocol rule that allows the use of HTTPS has not been created.

Answer: C

Explanation:

The default IP packet filter allows HTTP protocol (for non-secure communication) at port 80 to access the Internet. However, to allow users to access secure Web sites, you will have to create an additional packet filter to allow communication on port 443.

NEW QUESTION 10

You work as an IT Technician for XYZ CORP. You have to take security measures for the wireless network of the company. You want to prevent other computers from accessing the company's wireless network. On the basis of the hardware address, which of the following will you use as the best possible method to accomplish the task?

  • A. RAS
  • B. MAC Filtering
  • C. SSID
  • D. WEP

Answer: B

Explanation:

MAC filtering is a security access control technique that allows specific network devices to access, or prevents them from accessing, the network. MAC filtering can also be used on a wireless network to prevent certain network devices from accessing the wireless network. MAC addresses are allocated only to hardware devices, not to persons.

NEW QUESTION 11

Which of the following are the disadvantages of Dual-Homed Host Firewall Architecture?

  • A. It can provide services by proxying them.
  • B. It can provide a very low level of control.
  • C. User accounts may unexpectedly enable services a user may not consider secure.
  • D. It provides services when users log on to the dual-homed host directly.

Answer: ACD

Explanation:

A dual-homed host is one of the firewall architectures for implementing preventive security. It provides the first-line defense and protection technology for keeping untrusted bodies from compromising information security by violating trusted network space as shown in the image below: A dual-homed host (or bastion host) is a system fortified with two network interfaces (NICs) that sits between an un-trusted network (like the Internet) and trusted network (such as a corporate network) to provide secure access. Dual-homed, or bastion, is a general term for proxies, gateways, firewalls, or any server that provides secured applications or services directly to an untrusted network.
A dual-homed host also has some disadvantages, which are as follows:
* 1. It can provide services by proxying them.
* 2. User accounts may unexpectedly enable services a user may not consider secure.
* 3. It provides services when users log on to the dual-homed host directly.
Answer B is incorrect. Dual-Homed Host Firewall Architecture can provide a very high level of control.

NEW QUESTION 12

Which of the following user authentications are supported by the SSH-1 protocol but not by the SSH-2 protocol?

  • A. TIS authentication
  • B. Kerberos authentication
  • C. Rhosts (rsh-style) authentication
  • D. Password-based authentication

Answer: ABC

Explanation:
The Rhosts (rsh-style), TIS, and Kerberos user authentication methods are supported by the SSH-1 protocol but not by SSH-2 protocol. Answer D is incorrect. Password-based authentication is supported by both the SSH-1 and SSH-2 protocols.

NEW QUESTION 13

Which of the following statements about the <web-resource-collection> element are true?

  • A. It has <web-resource-name> as one of its sub-elements.
  • B. If there is no <http-method> sub-element, no HTTP method will be constrained.
  • C. It can have at the most one <url-pattern> sub-element.
  • D. It is a sub-element of the <security-constraint> element.

Answer: AD

Explanation:

The <web-resource-collection> element is a sub-element of the <security-
constraint> element and specifies the resources that will be constrained. Each <security- constraint> element should have one or more <web-resource-collection> sub-elements. The syntax of the <web-resource-collection> element is as follows: <security-constraint>
<web-resource-collection> <web-resource-name>ResourceName</web-resource-name>
<http-method>GET</http-method> <url-pattern>PatternName</url-pattern> </web- resource-collection> </security-constraint> The sub-elements of the <web-resource- collection> element are as follows: <web-resource-name>: This mandatory sub-element is the name of the Web resource collection. <description>: This is an optional sub-element that specifies a text description of the current security constraint. <http-method>: This optional sub-element specifies HTTP methods that are constrained. <url-pattern>: This sub-element specifies the URL to which the security constraint applies. There should be atleast one url-pattern element; otherwise, the <web-resource-collection> will be ignored. Answer C is incorrect. The <web-resource-collection> element can have any number of
<url-pattern> sub-elements. Answer B is incorrect. If there is no <http-method> sub- element, no HTTP methods will be allowed.

NEW QUESTION 14

You work as a Network Administrator for XYZ CORP. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory- based single forest network. You configure a new Windows Server 2008 server in the network. The new server is not yet linked to Active Directory. You are required to accomplish the following tasks: Add a new group named "Sales". Copy the "Returns" group from the older server to the new one. Rename the "Returns" group to "Revenue". View all group members, including for multiple groups/entire domain. You use Hyena to simplify and centralize all of these tasks. Which of the assigned tasks will you be able to accomplish?

  • A. Copy the "Returns" group to the new server.
  • B. Rename the "Returns" group to "Revenue".
  • C. Add the new group named "Sales".
  • D. View and manage all group members, including for multiple groups/entire domain.

Answer: ABC

Explanation:

Hyena supports the following group management functions: Full group administration such as add, modify, delete, and copy Rename groups Copy groups from one computer to another View both direct and indirect (nested) group members for one or more groups [only for Active Directory] View all group members, including for multiple groups/entire domain [only for Active Directory] Answer D is incorrect. All group members can neither be viewed nor managed until the new server is linked to Active Directory.

NEW QUESTION 15

Which of the following is used to execute a SQL statement from the SQL buffer?

  • A. Entering an asterisk (*)
  • B. Pressing [RETURN] once
  • C. Pressing [RETURN] twice
  • D. Entering a slash (/)
  • E. Pressing [ESC] twice.

Answer: D

Explanation:

A SQL statement or a PL/SQL block can be executed by entering a semicolon (;) or a slash (/), or by using the RUN command at SQL prompt. When a semicolon (;) is entered at the end of a command, the command is completed and executed. When a slash (/) is entered, the command in the buffer is executed. It can also be used to execute a PL/SQL block. The RUN command is used to execute a command in the buffer. Note: The SQL buffer stores the most recently used SQL commands and PL/SQL blocks. It does not store SQL* Plus commands. It can be edited or saved to a file. Note: A SQL command can be saved in the buffer by entering a blank line. Reference: Oracle8i Online Documentation, Contents: "SQL*PLUS Users Guide and Reference", "Learning SQL*PLUS Basics,3 of 4", "Understanding SQL COMMAND Syntax"

NEW QUESTION 16

You work as a Network Administrator for XYZ CORP. The company has a Windows-based network. You are concerned about the vulnerabilities existing in the network of the company. Which of the following can be a cause for making the network vulnerable? (Choose two)

  • A. Use of well-known code
  • B. Use of uncommon code
  • C. Use of uncommon software
  • D. Use of more physical connections

Answer: AD

Explanation:

In computer security, the term vulnerability is a weakness which allows an attacker to reduce a system's Information Assurance. A computer or a network can be vulnerable due to the following reasons: Complexity: Large, complex systems increase the probability of flaws and unintended access points. Familiarity: Using common, well-known code, software, operating systems, and/or hardware increases the probability an attacker has or can find the knowledge and tools to exploit the flaw. Connectivity: More physical connections, privileges, ports, protocols, and services and time each of those are accessible increase vulnerability. Password management flaws: The computer user uses weak passwords that could be discovered by brute force. The computer user stores the password on the computer where a program can access it. Users re-use passwords between many programs and websites. Fundamental operating system design flaws: The operating system designer chooses to enforce sub optimal policies on user/program management. For example, operating systems with policies such as default permit grant every program and every user full access to the entire computer. This operating system flaw allows viruses and malware to execute commands on behalf of the administrator. Internet Website Browsing: Some Internet websites may contain harmful Spyware or Adware that can be installed automatically on the computer systems. After visiting those websites, the computer systems become infected and personal information will be collected and passed on to third party individuals. Software bugs: The programmer leaves an exploitable bug in a software program. The software bug may allow an attacker to misuse an application. Unchecked user input: The program assumes that all user input is safe. Programs that do not check user input can allow unintended direct execution of commands or SQL statements (known as Buffer overflows, SQL injection or other non-validated inputs). Answer B, C are incorrect. Use of common software and common code can make a network vulnerable.

NEW QUESTION 17

John works as a Network Administrator for Perfect Solutions Inc. The company has a
Linux-based network. John is working as a root user on the Linux operating system. He has a data.txt file in which each column is separated by the TAB character. Now, he wants to use this file as input for a data mining software he has created. The problem preventing him from accomplishing his task is that with his data mining software, he has used TAB as a delimiter to distinguish between columns. Hence, he is unable to use this file as input for the software. However, if he somehow replaces the TAB characters of the file with SPACE characters, he can use this file as an input file for his data mining software. Which of the following commands will John use to replace the TAB characters of the file with SPACE characters?

  • A. expand -t 1 data.txt > data.txt
  • B. cat data.txt
  • C. chmod 755 data.txt
  • D. touch data.txt

Answer: A

Explanation:
According to the scenario, John can replace the TAB characters with single space characters with the expand command. With the expand -t 1 data.txt > data.txt command, the TABs of data.txt are changed into single spaces and are redirected by using the > command into the data.txt file. Now, John can use the data.txt file as the input file for his data mining software.

NEW QUESTION 18

Which of the following statements are true about locating rogue access points using WLAN discovery software such as NetStumbler, Kismet, or MacStumbler if you are using a Laptop integrated with Wi-Fi compliant MiniPCI card? (Choose two)

  • A. These tools can determine the rogue access point even when it is attached to a wired network.
  • B. These tools can determine the authorization status of an access point.
  • C. These tools cannot detect rogue access points if the victim is using data encryption.
  • D. These tools detect rogue access points if the victim is using IEEE 802.11 frequency bands.

Answer: BD

Explanation:

WLAN discovery software such as NetStumbler, Kismet, or MacStumbler can be used to detect rogue access points if the victim is using IEEE 802 frequency bands. However, if the victim is using non-IEEE 802.11 frequency bands or unpopular modulations, these tools might not detect rogue access. NetStumbler, kismet, or MacStumbler also gives the authorization status of an access point. A Rogue access point (AP) is set up by the attackers in an Enterprise's network. The attacker captures packets in the existing wireless LAN (WLAN) and finds the SSID and security keys (by cracking). Then the attacker sets up his own AP using the same SSID and security keys. The network clients unknowingly use this AP and the attacker captures their usernames and passwords. This can help the attacker to intrude the security and have access to the Enterprise dat Answer A, C are incorrect. The WLAN software such as NetStumbler, Kismet, or MacStumbler can search rogue access points even when the victim is using data encryption. However, these tools cannot determine the rogue access point even when it is attached to a wired network.

NEW QUESTION 19

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to set the user login features on the systems with the shadow passwords. Which of the following Unix configuration files can you use to accomplish the task?

  • A. /etc/logrotate.conf
  • B. /etc/login.defs
  • C. /etc/magic
  • D. /etc/filesystems

Answer: B

Explanation:

In Unix, the /etc/login.defs file is used by system administrators to set the user login features on the systems with the shadow passwords. Answer A is incorrect. In Unix, the /etc/logrotate.conf file configures the logrotate program used for managing log files. Answer C is incorrect. In Unix, the /etc/magic file contains the descriptions of various file formats for the file command. Answer D is incorrect. In Unix, the /etc/filesystems file is used to set the filesystem probe order when filesystems are mounted with the auto option.

NEW QUESTION 20
......

P.S. Dumps-hub.com now are offering 100% pass ensure GSNA dumps! All GSNA exam questions have been updated with correct answers: https://www.dumps-hub.com/GSNA-dumps.html (368 New Questions)