Exam Code: GSNA (Practice Exam Latest Test Questions VCE PDF)
Exam Name: GIAC Systems and Network Auditor
Certification Provider: GIAC
Free Today! Guaranteed Training- Pass GSNA Exam.
Also have GSNA free dumps questions for you:
NEW QUESTION 1
You are responsible for a large network that has its own DNS servers. You periodically check the log to see if there are any problems. Which of the following are likely errors you might encounter in the log? (Choose three)
- A. The DNS server could not create FTP socket for address [IP address of server]
- B. The DNS server could not create an SMTP socket
- C. Active Directory Errors
- D. The DNS server could not create a Transmission Control Protocol (TCP) socket
- E. The DNS server could not initialize the Remote Procedure Call (RPC) service
Answer: CDE
Explanation:
There are a number of errors one could find in a Windows Server 2003 DNS log. They are as follows: The DNS server could not create a Transmission Control Protocol. The DNS server could not open socket for address. The DNS server could not initialize the Remote Procedure Call (RPC) service. The DNS server could not bind the main datagram socket. The DNS Server service relies on Active Directory to store and retrieve information for Active Directory-integrated zones. And several active directory errors are possible. Answer B is incorrect. DNS Servers do not create FTP connections. Answer A is incorrect. DNS Servers do not create SMTP connections.
NEW QUESTION 2
Which of the following features of a switch helps to protect network from MAC flood and MAC spoofing?
- A. Multi-Authentication
- B. Port security
- C. MAC Authentication Bypass
- D. Quality of Service (QoS)
Answer: B
Explanation:
If a switch has the ability to enable port security, this will help to protect network from both the MAC Flood and MAC Spoofing attacks. Answer D is incorrect. Quality of Service (QoS) feature is useful for prioritizing VOIP traffic. Switches are offering the ability to assign a device a Quality of Service (QoS) value or a rate limiting value based on the RADIUS response. Answer A is incorrect. Multi-Authentication feature is used to allow multiple devices to use a single port. Answer C is incorrect. MAC Authentication Bypass feature is used to allow the RADIUS server to specify the default VLAN/ACL for every device that doesn't authenticate by 802.1X.
NEW QUESTION 3
You run the wc -c file1.txt command. If this command displays any error message, you want to store the error message in the error.txt file. Which of the following commands will you use to accomplish the task?
- A. wc -c file1.txt >>error.txt
- B. wc -c file1.txt 1>error.txt
- C. wc -c file1.txt 2>error.txt
- D. wc -c file1.txt >error.txt
Answer: C
Explanation:
According to the scenario, you will use the wc -c file1.txt 2>error.txt command to accomplish the task. The 2> operator is an error redirector, which, while running a command, redirects the error (if it exists) on the specified file. Answer B, D are incorrect. The > or 1> redirector can be used to redirect the output of the wc -c file1.txt file to the error.txt file; however, you want to write the errors in the error.txt file, not the whole output. Answer A is incorrect. The >> operator will redirect the output of the command in the same manner as the > or 1> operator. Although the >> operator will not overwrite the error.txt file, it will append the error.txt file.
NEW QUESTION 4
You are tasked with creating an ACL to apply to Fa0/0 based on the following requirements: The ACL must be protocol specific. All traffic from host 10.10.45.2 and subnet 10.10.1.32/27 must be denied access through the router. Telnet and SSH must be denied for ALL hosts except the management host with the IP address of 10.10.0.100. This management host must not only have Telnet and SSH access, but access to any port in the TCP and UDP suite to any destination. HTTP, HTTPS, and DNS requests must be allowed for all hosts on subnets 10.10.2.0/24 and 10.10.3.0/24 to any destination. All remaining traffic must be denied. Cisco IOS applies an implied deny all at the end of an ACL. However, you must provide this configuration manually so that engineers can see hit counts on the deny all traffic when running the show ip access-lists command. Which of the following sets of commands will you choose to complete the configuration on Router A?
- A. RouterA(config)#access-list 110 deny ip host 10.10.45.2 any RouterA(config)#access-list 110 deny ip 10.10.1.32 0.0.0.31 any RouterA(config)#access-list 110 permit tcp host 10.10.0.100 any RouterA(config)#access-list 110 permit udp host 10.10.0.100 any RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 80RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 443RouterA(config)#access-list 110 permit udp 10.10.2.0 0.0.1.255 any eq 53 RouterA(config)#access-list 110 deny ip any any RouterA(config)#interface fa0/0RouterA(config-if)#ip access-group 110 out
- B. RouterA(config)#access-list 110 deny ip host 10.10.45.2 any RouterA(config)#access-list 110 deny ip 10.10.1.32 0.0.0.31 any RouterA(config)#access-list 110 permit ip host 10.10.0.100 any RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 80RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 443RouterA(config)#access-list 110 permit udp 10.10.2.0 0.0.1.255 any eq 53 RouterA(config)#access-list 110 deny ip any any RouterA(config)#interface fa0/0 RouterA(config-if)#ip access-group 110 in
- C. RouterA(config)#access-list 110 deny ip host 10.10.45.2 any RouterA(config)#access-list 110 deny ip 10.10.1.32 0.0.0.31 any RouterA(config)#access-list 110 permit tcp host 10.10.0.100 any RouterA(config)#access-list 110 permit udp host 10.10.0.100 any RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 80RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 443RouterA(config)#access-list 110 permit udp 10.10.2.0 0.0.1.255 any eq 53 RouterA(config)#access-list 110 deny ip any any RouterA(config)#interface fa0/0 RouterA(config-if)#ip access-group 110 in
- D. RouterA(config)#access-list 99 deny ip host 10.10.45.2 any RouterA(config)#access-list 99 deny ip 10.10.1.32 0.0.0.31 any RouterA(config)#access-list 99 permit tcp host 10.10.0.100 any RouterA(config)#access-list 99 permit udp host 10.10.0.100 any RouterA(config)#access-list 99 permit tcp 10.10.2.0 0.0.1.255 any eq 80RouterA(config)#access-list 99 permit tcp 10.10.2.0 0.0.1.255 any eq 443RouterA(config)#access-list 99 permit udp 10.10.2.0 0.0.1.255 any eq 53 RouterA(config)#access-list 99 deny ip any any RouterA(config)#interface fa0/0 RouterA(config-if)#ip access-group 99 in
Answer: C
Explanation:
This ACL is an extended ACL. It meets the traffic requirements and is applied to Fa0/0 in the appropriate direction of in, which matches traffic going into the interface. In addition, this ACL meets the needs for subnets 10.10.2.0/24 and 10.10.3.0/24 by applying the subnet and wildcard mask of 10.10.2.0 0.0.1.255 for the lines that apply http, https, and dns. These subnets are covered by the wildcard mask 0.0.1.255. This wildcard mask is applied to a range of hosts from 10.10.2.0 through 10.10.3.255 which covers both of the subnets required. This is handy since both subnets are next to each other in their network numbers. Note: If the network numbers were not next to each other, for example 10.10.2.0/24 and 10.10.20.0/24, then the wildcard mask of 0.0.1.255 would be incorrect. A wildcard mask of 0.0.0.255 would be required. The configuration of the ACL would then be applied using the following commands: <!-- Only the relevant commands are displayed --> RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.0.255 any eq 80
RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.0.255 any eq 443
RouterA(config)#access-list 110 permit udp 10.10.2.0 0.0.0.255 any eq 53
RouterA(config)#access-list 110 permit tcp 10.10.20.0 0.0.0.255 any eq 80
RouterA(config)#access-list 110 permit tcp 10.10.20.0 0.0.0.255 any eq 443
RouterA(config)#access-list 110 permit udp 10.10.20.0 0.0.0.255 any eq 53
NEW QUESTION 5
You are concerned about war driving bringing hackers attention to your wireless network. What is the most basic step you can take to mitigate this risk?
- A. Implement WPA
- B. Implement WEP
- C. Don't broadcast SSID
- D. Implement MAC filtering
Answer: C
Explanation:
By not broadcasting your SSID some simple war driving tools won't detect your network. However you should be aware that there are tools that will still detect networks that are not broadcasting their SSID across your network. Answer D is incorrect. While MAC filtering may help prevent a hacker from accessing your network, it won't keep him or her from finding your network.
NEW QUESTION 6
In an IT organization, some specific tasks require additional detailed controls to ensure that the workers perform their job correctly. What do these detailed controls specify? (Choose three)
- A. How the department handles acquisitions, security, delivery, implementation, and support of IS services
- B. How to lock a user account after unsuccessful logon attempts
- C. How output data is verified before being accepted into an application
- D. The way system security parameters are set
Answer: ABD
Explanation:
Some of the specific tasks require additional detailed controls to ensure that the workers perform their job correctly. These controls refer to some specific tasks or steps to be performed such as: The way system security parameters are set. How input data is verified before being accepted into an application. How to lock a user account after unsuccessful logon attempts. How the department handles acquisitions, security, delivery, implementation, and support of IS services. Answer C is incorrect. Input data should be verified before being accepted into an application.
NEW QUESTION 7
Which of the following statements is NOT true about FAT16 file system?
- A. FAT16 file system works well with large disks because the cluster size increases as thedisk partition size increases.
- B. FAT16 file system supports file-level compression.
- C. FAT16 does not support file-level security.
- D. FAT16 file system supports Linux operating system.
Answer: AB
Explanation:
FAT16 file system was developed for disks larger than 16MB. It uses 16-bit allocation table entries. FAT16 file system supports all Microsoft operating systems. It also supports OS/2 and Linux. Answer C, D are incorrect. All these statements are true about FAT16 file system.
NEW QUESTION 8
You work as a Software Developer for XYZ CORP. You create a SQL server database named DATA1 that will manage the payroll system of the company. DATA1 contains two tables named EmployeeData, Department. While EmployeeData records detailed information of the employees, Department stores information about the available departments in the company. EmployeeData consists of columns that include EmpID, EmpName, DtOBrth, DtOJoin, DeptNo, Desig, BasicSal, etc. You want to ensure that each employee ID is unique and is not shared between two or more employees. You also want to ensure that the employees enter only valid department numbers in the DeptNo column. Which of the following actions will you perform to accomplish the task?
- A. Define triggers in the EmployeeData table.
- B. Add stored procedures by using Transact-SQL queries.
- C. Add constraints to the EmployeeData table.
- D. Define indexes in the EmployeeData table.
- E. Define views in the database.
Answer: BCDE
Explanation:
In the given scenario, you will add constraints to the EmpID and DeptNo columns of the EmployeeData table, as you want EmpID to be unique, and the number entered in the DeptNo column to be valid. A constraint enforces the integrity of a database. It defines rules regarding the values allowed in the columns of a table. A constraint is the standard mechanism for enforcing integrity. Using constraints is preferred to using triggers, rules, and defaults. Most of the RDBMS databases support the following five types of constraints: NOT NULL constraint: It specifies that the column does not accept NULL values. CHECK constraint: It enforces domain integrity by limiting the values that can be placed in a column. UNIQUE constraint: It enforces the uniqueness of values in a set of columns. PRIMARY KEY constraint: It identifies the column or set of columns whose values uniquely identify a row in a table. FOREIGN KEY constraint: It establishes a foreign key relationship between the columns of the same table or different tables. Following are the functions of constraints: Constraints enforce rules on data in a table whenever a row is inserted, updated, or deleted from the table. Constraints prevent the deletion of a table if there are dependencies from other tables. Constraints enforce rules at the column level as well as at the table level. Defining indexes in the EmployeeData table will help you find employee information based on EmpID, very fast. An index is a pointer to a table. It speeds up the process of data retrieval from a table. It is stored separately from a table for which it was created. Indexes can be created or dropped without affecting the data in a table. The syntax for creating an index is as follows: CREATE INDEX <Index name> Indexes can also be used for implementing data integrity in a table. A unique index does not allow duplicate values to enter in a row if a particular column is indexed as a unique index. The syntax for creating a unique index is as follows: CREATE UNIQUE INDEX <Index name> You will also add a stored procedure named AddEmp by using Transact-SQL queries. AddEmp will accept data values for new employees and will subsequently add a row in the EmployeeData table. Stored procedures are precompiled SQL routines that are stored on a database server. They are a combination of multiple SQL statements that form a logical unit and perform a particular task. Stored procedures provide the capability of combining multiple SQL statements and improve speed due to precompiled routines. Most of the DBMS provide support for stored procedures. They usually differ in their syntax and capabilities from one DBMS to another. A stored procedure can take three parameters: IN, OUT, and INOUT. Note: Stored procedures are very similar to functions and procedures of common programming languages. You will also define a view named DeptEmpView that will combine data from the Department and EmployeeData tables and thus produce the required result. A view can be thought of as a virtual table. The data accessible through a view is not stored in the database as a distinct object. Views are created by defining a SELECT statement. The result set of the SELECT statement forms the virtual table. A user can use this virtual table by referencing the view name in SQL statements in the same way a table is referenced. Answer A is incorrect. You do not need to define any triggers in the EmployeeData table, as they are not required while making the EmpID unique, or while entering valid data values in DeptNo. A trigger is a special kind of stored procedure that automatically runs when data in a specified table is updated, inserted, or deleted. Triggers can query other tables and can include complex SQL statements.
NEW QUESTION 9
Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security equivalent to wired networks for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. Which of the following statements are true about WEP?
- A. WEP uses the RC4 encryption algorithm.
- B. The Initialization Vector (IV) field of WEP is only 24 bits long.
- C. It provides better security than the Wi-Fi Protected Access protocol.
- D. Automated tools such as AirSnort are available for discovering WEP keys.
Answer: ABD
Explanation:
Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security equivalent to wired networks for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. WEP uses the RC4 encryption algorithm. The main drawback of WEP is that its Initialization Vector (IV) field is only 24 bits long. Many automated tools such as AirSnort are available for discovering WEP keys. Answer C is incorrect. WPA stands for Wi-Fi Protected Access. It is a wireless security standard. It provides better security than WEP (Wired Equivalent Protection). Windows Vista supports both WPA-PSK and WPA-EAP. Each of these is described as follows: WPA-PSK: PSK stands for Preshared key. This standard is meant for home environment. WPA-PSK requires a user to enter an 8- character to 63-character passphrase into a wireless client. The WPA converts the passphrase into a 256-bit key. WPA-EAP: EAP stands for Extensible Authentication Protocol. This standard relies on a back-end server that runs Remote Authentication Dial-In User Service for user authentication. Note: Windows Vista supports a user to use a smart card to connect to a WPA-EAP protected network.
NEW QUESTION 10
Which of the following can be the countermeasures to prevent NetBIOS NULL session enumeration in Windows 2000 operating systems?
- A. Denying all unauthorized inbound connections to TCP port 53
- B. Disabling SMB services entirely on individual hosts by unbinding WINS Client TCP/IP from the interface
- C. Editing the registry key HKLM\SYSTEM\CurrentControlSet\LSA and adding the value RestrictAnonymous
- D. Disabling TCP port 139/445
Answer: BCD
Explanation:
NetBIOS NULL session vulnerabilities are hard to prevent, especially if NetBIOS is needed as part of the infrastructure. One or more of the following steps can be taken to limit NetBIOS NULL session vulnerabilities: 1.Null sessions require access to the TCP 139 or TCP 445 port, which can be disabled by a Network Administrator. 2. A Network Administrator can also disable SMB services entirely on individual hosts by unbinding WINS Client TCP/IP from the interface. 3. A Network Administrator can also restrict the anonymous user by editing the registry values: a.Open regedit32, and go to HKLM\SYSTEM\CurrentControlSet\LSA. b.Choose edit > add value. Value name: RestrictAnonymous Data Type: REG_WORD Value: 2 Answer A is incorrect. TCP port 53 is the default port for DNS zone transfer. Although disabling it can help restrict DNS zone transfer enumeration, it is not useful as a countermeasure against the NetBIOS NULL session enumeration.
NEW QUESTION 11
Which of the following Web authentication techniques uses a single sign-on scheme?
- A. NTLM authentication
- B. Digest authentication
- C. Microsoft Passport authentication
- D. Basic authentication
Answer: C
Explanation:
Microsoft Passport authentication is based on single sign-on authentication in which a user needs to remember only one username and password to be authenticated for multiple services. The Passport is a suite of services for authenticating users across a number of applications. The Passport single sign-on service is an authentication service allowing users to create a single set of credentials that will enable them to sign in to any participating site that supports the Passport service. It enables the use of one set of credentials to access any Passport-enabled site such as MSN, Hotmail, and MSN Messenger.
NEW QUESTION 12
You are concerned about possible hackers doing penetration testing on your network as a prelude to an attack. What would be most helpful to you in finding out if this is occurring?
- A. Examining your antivirus logs
- B. Examining your domain controller server logs
- C. Examining your firewall logs
- D. Examining your DNS Server logs
Answer: C
Explanation:
Firewall logs will show all incoming and outgoing traffic. By examining those logs, you can do port scans and use other penetration testing tools that have been used on your firewall.
NEW QUESTION 13
You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to print the super block and block the group information for the filesystem present on a system. Which of the following Unix commands can you use to accomplish the task?
- A. e2fsck
- B. dump
- C. dumpe2fs
- D. e2label
Answer: C
Explanation:
In Unix, the dumpe2fs command dumps the filesystem superblock and blocks the group information. Answer B is incorrect. In Unix, the dump command is used to back up an ext2 filesystem. Answer A is incorrect. The e2fsck command is used to check the second extended file system (E2FS) of a Linux computer. Syntax: e2fsck [options]
<device> Where, <device> is the file name of a mounted storage device (for example,
/dev/hda1). Several options are used with the e2fsck command. Following is a list of some important options:
Answer D is incorrect. In Unix, the e2label command is used to change the label of an ext2 filesystem.
NEW QUESTION 14
Which of the following tools uses Internet Control Message Protocol (ICMP)?
- A. Port scanner
- B. Brutus
- C. Fragroute
- D. Ping scanner
Answer: D
Explanation:
A ping scanner is a tool that sends ICMP ECHO requests across a network and rapidly makes a list of responding nodes. Internet Control Message Protocol (ICMP) is an integral part of IP. It is used to report an error in datagram processing. The Internet Protocol (IP) is used for host-to-host datagram service in a network. The network is configured with connecting devices called gateways. When an error occurs in datagram processing, gateways or destination hosts report the error to the source hosts through the
ICMP protocol. The ICMP messages are sent in various situations, such as when a datagram cannot reach its destination, when the gateway cannot direct the host to send traffic on a shorter route, when the gateway does not have the buffering capacity, etc. Answer A, B, C are incorrect. These tools do not use ICMP to perform their functions.
NEW QUESTION 15
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We- are-secure server. The output of the scanning test is as follows: C.\whisker.pl -h target_IP_address -- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = -
= = Host: target_IP_address = Server: Apache/1.3.12 (Win32) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22 + 200 OK: HEAD /cgi-bin/printenv John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?
- A. With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.
- B. 'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.
- C. The countermeasure to 'printenv' vulnerability is to remove the CGI script.
- D. This vulnerability helps in a cross site scripting attack.
Answer: ACD
Explanation:
'Printenv' vulnerability allows an attacker to input specially crafted links and/or other malicious scripts. For example, http://www/cgi-bin/printenv/<script>alert (An attacker can misuse it!)</script> Since 'printenv' is just an example CGI script (It comes with various versions of the Apache Web server.) that has no real use and has its own problems, there is no problem in removing it. Answer B is incorrect. 'Printenv' does not maintain any log file of user activities.
NEW QUESTION 16
The SALES folder has a file named XFILE.DOC that contains critical information about your company. This folder resides on an NTFS volume. The company's Senior Sales Manager asks you to provide security for that file. You make a backup of that file and keep it in a locked cupboard, and then you deny access on the file for the Sales group. John, a member of the Sales group, accidentally deletes that file. You have verified that John is not a member of any other group. Although you restore the file from backup, you are confused how John was able to delete the file despite having no access to that file. What is the most likely cause?
- A. The Sales group has the Full Control permission on the SALES folder.
- B. The Deny Access permission does not restrict the deletion of files.
- C. John is a member of another group having the Full Control permission on that file.
- D. The Deny Access permission does not work on files.
Answer: A
Explanation:
Although NTFS provides access controls to individual files and folders, users can perform certain actions even if permissions are set on a file or folder to prevent access. If a user has been denied access to any file and he has Full Control rights in the folder on which it resides, he will be able to delete the file, as Full Control rights in the folder allow the user to delete the contents of the folder. Answer C is incorrect. In the event of any permission conflict, the most restrictive one prevails. Moreover, the question clearly states that John is not a member of any other group. Answer B, D are incorrect. The Deny Access permission works on files.
NEW QUESTION 17
Sarah works as a Web Developer for XYZ CORP. She develops a Web site for the company. She uses tables in the Web site. Sarah embeds three tables within a table. What is the technique of embedding tables within a table known as?
- A. Nesting tables
- B. Stacking tables
- C. CSS tables
- D. Horned tables
Answer: A
Explanation:
In general, nesting means embedding a construct inside another. Nesting tables is a technique in which one or more tables are embedded within a table. Answer B, C, D are incorrect. There are no techniques such as stacking tables, horned tables, or CSS tables.
NEW QUESTION 18
You work as a Network Administrator for Infonet Inc. The company's network has an FTP server. You want to secure the server so that only authorized users can access it. What will you do to accomplish this?
- A. Disable anonymous authentication.
- B. Stop the FTP service on the server.
- C. Disable the network adapter on the server.
- D. Enable anonymous authentication.
Answer: A
Explanation:
You will have to disable anonymous authentication. This will prevent unauthorized users from accessing the FTP server. Anonymous authentication (anonymous access) is a method of authentication for Websites. Using this method, a user can establish a Web connection to the IIS server without providing a username and password. Hence, this is an insecure method of authentication. This method is generally used to permit unknown users to access the Web or FTP server directories. Answer D is incorrect. Enabling anonymous authentication will allow all the users to access the server. Answer B is incorrect. Stopping the FTP service on the server will prevent all the users from accessing the FTP server. Answer C is incorrect. Disabling the network adapter on the FTP server will disconnect the server from the network.
NEW QUESTION 19
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. He is working on the Linux operating system. He wants to sniff the we-are-secure network and intercept a conversation between two employees of the company through session hijacking. Which of the following tools will John use to accomplish the task?
- A. IPChains
- B. Tripwire
- C. Hunt
- D. Ethercap
Answer: C
Explanation:
In such a scenario, John will use Hunt which is capable of performing both the hacking techniques, sniffing and session hijacking. Answer D is incorrect. Ethercap is a network sniffer and packet generator. It may be an option, but John wants to do session hijacking as well. Hence, he will not use Ethercap. Answer A is incorrect. IPChains is a firewall. Answer B is incorrect. Tripwire is a file and directory integrity checker.
NEW QUESTION 20
......
100% Valid and Newest Version GSNA Questions & Answers shared by Thedumpscentre.com, Get Full Dumps HERE: https://www.thedumpscentre.com/GSNA-dumps/ (New 368 Q&As)