Cause all that matters here is passing the GIAC GSNA exam. Cause all that you need is a high score of GSNA GIAC Systems and Network Auditor exam. The only one thing you need to do is downloading Certleader GSNA exam study guides now. We will not let you down with our money-back guarantee.
Free GSNA Demo Online For GIAC Certifitcation:
NEW QUESTION 1
Which of the following aaa accounting commands should be used to enable logging of both the start and stop records for user terminal sessions on the router?
- A. aaa accounting auth proxy start-stop tacacs+
- B. aaa accounting system none tacacs+
- C. aaa accounting connection start-stop tacacs+
- D. aaa accounting exec start-stop tacacs+
Answer: D
Explanation:
In order to enable logging of both start and stop records for user terminal sessions on the router, the aaa accounting exec start-stop tacacs+ command should be used. The exec option performs accounting for EXEC shell sessions. Answer B is incorrect. The aaa accounting system none tacacs+ command disables accounting services on a specific interface for all system-level events that are not related with users such as reload. Answer C is incorrect. The aaa accounting connection start-stop tacacs+ command is used to enable logging of both start and stop records for all outbound connections that are established from the NAS (Network Access Server), such as Telnet, local-area transport (LAT), TN3270, packet assembler and disassembler (PAD), and rlogin. Answer A is incorrect. The aaa accounting auth proxy start-stop tacacs+ command is used to enable logging of both start and stop records for all authenticated proxy user events.
NEW QUESTION 2
You work as the Network Technician for XYZ CORP. The company has a Linux-based network. You are working on the Red Hat operating system. You want to view only the last 4 lines of a file named /var/log/cron. Which of the following commands should you use to accomplish the task?
- A. tail -n 4 /var/log/cron
- B. tail /var/log/cron
- C. cat /var/log/cron
- D. head /var/log/cron
Answer: A
Explanation:
The tail -n 4 /var/log/cron command will show the last four lines of the file /var/log/cron.
NEW QUESTION 3
You have purchased a laptop that runs Windows Vista Home Premium. You want to protect your computer from malicious applications, such as spyware, while connecting to the Internet. You configure Windows Defender on your laptop to schedule scan daily at 2 AM as shown in the image below:
You want Windows Defender to scan the laptop for all the known spyware and other potentially unwanted software, including the latest one. You do not want to manually perform this task. Which of the following actions will you perform to accomplish the task?
- A. Create a scheduled task to download definition files for Windows Defender every Sunday.
- B. Configure Windows Defender to use the definition file placed on the Microsoft Update site for scanning the laptop.
- C. Select the Check for updated definitions before scanning check box in the Automatic Scanning section.
- D. Click the arrow beside the Help button Click the Check for updates option.
Answer: C
Explanation:
According to the question, Windows Defender should scan the laptop for all the known spyware and other potentially unwanted software, including the latest one. Windows Defender uses definitions to scan the system. Definitions are files that include the information of known spyware and potentially unwanted software. To scan a computer for the latest spyware, Windows Defender requires the latest definition files available on the Internet. For this, you have to configure Windows Defender to check for the latest definitions and download them, if available, before scanning the computer. Furthermore, the question also states that the task must be performed automatically. In order to accomplish the task, you will have to select the Check for updated definitions before scanning check box in the Automatic Scanning section.
NEW QUESTION 4
You work as a Network Administrator for ABC Inc. The company needs a secured wireless network. To provide network security to the company, you are required to configure a device that provides the best network perimeter security. Which of the following devices would you use to accomplish the task?
- A. Proxy server
- B. IDS
- C. Packet filtering firewall
- D. honeypot
Answer: C
Explanation:
Packet filtering firewalls work on the first three layers of the OSI reference model, which means all the work is done between the network and physical layers. When a packet originates from the sender and filters through a firewall, the device checks for matches to any of the packet filtering rules that are configured in the firewall and drops or rejects the packet accordingly. In a software firewall, packet filtering is done by a program called a packet filter. The packet filter examines the header of each packet based on a specific set of rules, and on that basis, decides to prevent it from passing (called DROP) or allow it to pass (called ACCEPT). A packet filter passes or blocks packets at a network interface based on source and destination addresses, ports, or protocols. The process is used in conjunction with packet mangling and Network Address Translation (NAT). Packet filtering is often part of a firewall program for protecting a local network from unwanted intrusion. This type of firewall can be best used for network perimeter security. Answer B is incorrect. An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees. An IDS cannot directly detect attacks within properly encrypted traffic. An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms). Answer A is incorrect. A proxy server exists between a client's Web- browsing program and a real Internet server. The purpose of the proxy server is to enhance the performance of user requests and filter requests. A proxy server has a database called cache where the most frequently accessed Web pages are stored. The next time such pages are requested, the proxy server is able to suffice the request locally, thereby greatly reducing the access time. Only when a proxy server is unable to fulfill a request locally does it forward the request to a real Internet server. The proxy server can also be used for filtering user requests. This may be done in order to prevent the users from visiting non- genuine sites. Answer D is incorrect. A honeypot is a term in computer terminology used for a trap that is set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, and monitored, and which seems to contain information or a resource of value to attackers.
NEW QUESTION 5
Which of the following is a prevention-driven activity to reduce errors in the project and to help the project meet its requirements?
- A. Audit sampling
- B. Asset management
- C. Access control
- D. Quality assurance
Answer: D
Explanation:
Quality assurance is the application of planned, systematic quality activities to ensure that the project will employ all processes needed to meet requirements. It is a prevention-driven activity to reduce errors in the project and to help the project meet its requirements. Answer A is incorrect. Audit sampling is an application of the audit procedure that enables the IT auditor to evaluate audit evidence within a class of transactions for the purpose of forming a conclusion concerning the population. When designing the size and structure of an audit sample, the IT auditor should consider the audit objectives determined when planning the audit, the nature of the population, and the sampling and selection methods. Answer C is incorrect. The process of limiting access to the resources of a Web site is called access control. Access control can be performed in the following ways: Registering the user in order to access the resources of the Web site. This can be confirmed by the user name and password. Limiting the time during which resources of the Web site can be used. For example, the Web site can be viewed between certain hours of a day. Answer B is incorrect. It is the practice of managing the whole life cycle (design, construction, commissioning, operating, maintaining, repairing, modifying, replacing and decommissioning/disposal) of physical and infrastructure assets such as structures, production, distribution networks, transport systems, buildings, and other physical assets.
NEW QUESTION 6
You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to track the system for user logins. To accomplish the task, you need to analyze the log configuration files. Which of the following Unix log configuration files can you use to accomplish the task?
- A. /var/log/messages
- B. /var/log/secure
- C. /var/spool/mail
- D. /var/log/maillog
Answer: B
Explanation:
In Unix, the /var/log/secure file is used to track the systems for user logins. Answer D is incorrect. In Unix, the /var/log/maillog file is the normal system maillog file. Answer A is incorrect. In Unix, the /var/log/messages file is the main system message log file. Answer C is incorrect. In Unix, the /var/spool/mail file is the file where mailboxes are usually stored.
NEW QUESTION 7
You are concerned about rootkits on your network communicating with attackers outside your network. Without using an IDS how can you detect this sort of activity?
- A. By setting up a DMZ.
- B. You cannot, you need an IDS.
- C. By examining your domain controller server logs.
- D. By examining your firewall logs.
Answer: D
Explanation:
Firewall logs will show all incoming and outgoing traffic. By examining those logs you can detect anomalous traffic, which can indicate the presence of malicious code such as rootkits. Answer B is incorrect. While an IDS might be the most obvious solution in this scenario, it is not the only one. Answer C is incorrect. It is very unlikely that anything in your domain controller logs will show the presence of a rootkit, unless that rootkit is on the domain controller itself. Answer A is incorrect. A DMZ is an excellent firewall configuration but will not aid in detecting rootkits.
NEW QUESTION 8
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He wants to forward all the kernel messages to the remote host having IP address 192.168.0.1. Which of the following changes will he perform in the syslog.conf file to accomplish the task?
- A. kern.* @192.168.0.1
- B. !*.* @192.168.0.1
- C. !kern.* @192.168.0.1
- D. *.* @192.168.0.1
Answer: A
Explanation:
According to the scenario, John will make the following entry in the syslog.conf file to forward all the kernel messages to the remote host having IP address 192.168.0.1: kern.* @192.168.0.1 Answer D is incorrect. This entry will forward all the messages to the remote host having IP address 192.168.0.1. Answer B is incorrect. This entry will not forward any message to the remote host having IP address 192.168.0.1. Answer C is incorrect. This entry will not forward any kernel message to the remote host having IP address 192.168.0.1.
NEW QUESTION 9
Which of the following functions are performed by methods of the HttpSessionActivationListener interface?
- A. Notifying an attribute that a session has just migrated from one JVM to another.
- B. Notifying the object when it is unbound from a session.
- C. Notifying the object when it is bound to a session.
- D. Notifying an attribute that a session is about to migrate from one JVM to another.
Answer: AD
Explanation:
The HttpSessionActivationListener interface notifies an attribute that the session is about to be activated or passivated. Methods of this interface are as follows: public void sessionDidActivate(HttpSessionEvent session): It notifies the attribute that the session has just been moved to a different JVM. public void sessionWillPassivate(HttpSessionEvent se): It notifies the attribute that the session is about to move to a different JVM. Answer B, C are incorrect. These functions are performed by the HttpSessionBindingListener interface. The HttpSessionBindingListener interface causes an object of the implementing class to be notified when it is added to or removed from a session. The HttpSessionBindingListener interface has the following methods: public void valueBound(event): This method takes an object of type HttpSessionBindingEvent as an argument. It notifies the object when it is bound to a session. public void valueUnbound(HttpSessionBindingEvent event): This method takes an object of type HttpSessionBindingEvent as an argument. It notifies the object when it is unbound from a session.
NEW QUESTION 10
Which of the following commands is most useful for viewing large files?
- A. cat
- B. less
- C. touch
- D. cp
Answer: B
Explanation:
The less command is most useful for viewing large files. The less command displays the output of a file one page at a time. Viewing large files through cat may take more time to scroll pages, so it is better to use the less command to see the content of large files. Answer A is incorrect. The cat command is also used to view the content of a file, but it is most useful for viewing short files. Answer D is incorrect. The cp command is used to copy files and directories from one location to another. Answer C is incorrect. The touch command is not used to view the content of a file. It is used to create empty files or to update file timestamps.
NEW QUESTION 11
Which of the following internal control components provides the foundation for the other components and encompasses such factors as management's philosophy and operating style?
- A. Information and communication
- B. Risk assessment
- C. Control activities
- D. Control environment
Answer: D
Explanation:
COSO defines internal control as, "a process, influenced by an entity's board of directors, management, and other personnel, that is designed to provide reasonable assurance in the effectiveness and efficiency of operations, reliability of financial reporting, and the compliance of applicable laws and regulations". The auditor evaluates the organization's control structure by understanding the organization's five interrelated control components, which are as follows:
* 1. Control Environment: It provides the foundation for the other components and encompasses such factors as management's philosophy and operating style.
* 2. Risk Assessment: It consists of risk identification and analysis.
* 3. Control Activities: It consists of the policies and procedures that ensure employees carry out management's directions. The types of control activities an organization must implement are preventative controls (controls intended to stop an error from occurring), detective controls (controls intended to detect if an error has occurred), and mitigating controls (control activities that can mitigate the risks associated with a key control not operating effectively).
* 4. Information and Communication: It ensures the organization obtains pertinent information, and then communicates it throughout the organization.
* 5. Monitoring: It involves reviewing the output generated by control activities and conducting special evaluations. In addition to understanding the organization's control components, the auditor must also evaluate the organization's General and Application controls. There are three audit risk components: control risk, detection risk, and inherent risk.
NEW QUESTION 12
With reference to the given case study, one of the security goals requires to configure a secure connection between the Boston distribution center and the headquarters. You want to implement IP filter to fulfill the security requirements. How should you implement IP filters at the headquarters? (Click the Exhibit button on the toolbar to see the case study.)
- A. Add source filters for the headquarters for UDP port 1701 and IP protocol 50.Add destination filters for the Boston distribution center for UDP port 1701 and IP protocol 50.
- B. Add source filters for the Boston distribution center for UDP port 80 and IP protocol 50. Add destination filters for headquarters for UDP port 80 and IP protocol 50.
- C. Add source filters for the headquarters for UDP port 80 and IP protocol 50.Add destination filters for the Boston distribution center for UDP port 80 and IP protocol 50.
- D. Add source filters for the Boston distribution center for UDP port 1701 and IP protocol 50.Add destination filters for the headquarters for UDP port 1701 and IP protocol 50.
Answer: D
Explanation:
To implement IP filters at the headquarters, add source filters for the Boston distribution center for UDP port 1701 and IP protocol 50. Also, add destination filters for the headquarters for UDP port 1701 and IP protocol 50. The Windows 2000 Router service provides routing services in the LAN and WAN environments, and over the Internet, using secure virtual private network (VPN) connections. The VPN connections are based on the Point-to-Point Tunneling Protocol (PPTP) and the Layer 2 Tunneling Protocol (L2TP) L2TP is very similar to PPTP but uses UDP, and therefore can be used over asynchronous transfer mode (ATM), Frame Relay, and X.25 networks as well. When L2TP is used over IP networks, it uses a UDP port 1701 packet format for both a control channel and a data channel. L2TP can also be used with IPSec to provide a fully secured network link. Further, IP packet filtering provides an ability to restrict the traffic into and out of each interface. Packet filtering is based on filters defined by the values of source and destination IP addresses, TCP, and UDP port numbers, and IP protocol numbers. Inbound filters that are
applied to the receiving traffic allow the receiving computer to match the traffic with the IP Filter List for the source IP address. Similarly, the outbound filters that are applied to the traffic leaving a computer towards a destination trigger a security negotiation for the destination IP address. That is why, to implement the IP filtering at the headquarters, you have to add a source address for the filters at the Boston center and a destination address for the filters at the headquarters.
NEW QUESTION 13
Which of the following types of firewall functions at the Session layer of OSI model?
- A. Packet filtering firewall
- B. Circuit-level firewall
- C. Switch-level firewall
- D. Application-level firewall
Answer: B
Explanation:
Circuit-level firewall operates at the Session layer of the OSI model. This type of firewall regulates traffic based on whether or not a trusted connection has been established.
NEW QUESTION 14
Sam works as a Web Developer for McRobert Inc. He creates a Web site. He wants to include the following table in the Web site:
He writes the following HTML code to create the table:
* 1. <TABLE BORDER="1" WIDTH="500">
* 2. <TR>
* 3.
* 4.
* 5. </TR>
* 6. <TR>
* 7. <TD>
* 8. </TD>
* 9. <TD>
* 10. </TD>
* 11. <TD>
* 12. </TD>
* 13. </TR>
* 14. <TR>
* 15. <TD>
* 16. </TD>
* 17. <TD>
* 18. </TD>
* 19. <TD>
* 20. </TD>
* 21. </TR>
* 22. </TABLE>
Which of the following tags will Sam place at lines 3 and 4 to create the table?
- A. at line 3 at line 4
- B. at line 3 at line 4
- C. at line 4 at line
- D. at line 3 at line 4
Answer: D
Explanation:
The tag is used to specify each cell of the table. It can be used only within a row in a table. The ROWSPAN attribute of the tag specifies the number of rows that a cell spans over in a table. Since, the first cell of the table spans over three rows, Sam will use . specifies the number of columns that the head row contains. Answer C is incorrect. Placing the tags given in this option at lines 3 and 4 will create the following table: Answer A, B are incorrect. There are no attributes such as SPAN and SPANWIDTH for the tag.
NEW QUESTION 15
Which of the following commands can be used to intercept and log the Linux kernel messages?
- A. syslogd
- B. klogd
- C. sysklogd
- D. syslog-ng
Answer: BC
Explanation:
The klogd and sysklogd commands can be used to intercept and log the Linux kernel messages.
NEW QUESTION 16
John works as a Network Administrator for Perfect Solutions Inc. The company has a
Linux-based network. John is working as a root user on the Linux operating system. He has recently backed up his entire Linux hard drive into the my_backup.tgz file. The size of the my_backup.tgz file is 800MB. Now, he wants to break this file into two files in which the size of the first file named my_backup.tgz.aa should be 600MB and that of the second file named my_backup.tgz.ab should be 200MB. Which of the following commands will John use to accomplish his task?
- A. split --verbose -b 200m my_backup.tgz my_backup.tgz
- B. split --verbose -b 200m my_backup.tgz my_backup.tgz
- C. split --verbose -b 600m my_backup.tgz my_backup.tgz
- D. split --verbose -b 600m my_backup.tgz my_backup.tgz
Answer: D
Explanation:
According to the scenario, John wants to break the my_backup.tgz file into two files in which the size of the first file named my_backup.tgz.aa should be 600MB and that of the second file named my_backup.tgz.ab should be 200MB. Hence, he will use the the split --verbose -b 600 my_backup.tgz my_backup.tgz. command, which will automatically break the first file into 600MB named my_backup.tgz.aa, and the rest of the data (200MB) will be assigned to the second file named my_backup.tgz.ab. The reason behind the names is that the split command provides suffixes as 'aa', 'ab', 'ac', ..., 'az', 'ba', 'bb', etc. in the broken file names by default. Hence, both conditions, the file names as well as the file sizes, match with this command. Note: If the size of the tar file my_backup.tgz is 1300MB, the command split --verbose -b 600 my_backup.tgz my_backup.tgz. breaks the my_backup.tgz file into three files, i.e., my_backup.tgz.aa of size 600MB, my_backup.tgz.ab of size 600MB, and my_backup.tgz.ac of size 100MB.
NEW QUESTION 17
You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP based switched network. A root bridge has been elected in the switched network. You have installed a new switch with a lower bridge ID than the existing root bridge. What will happen?
- A. The new switch starts advertising itself as the root bridge.
- B. The new switch divides the network into two broadcast domains.
- C. The new switch works as DR or BDR.
- D. The new switch blocks all advertisements.
Answer: A
Explanation:
The new switch starts advertising itself as the root bridge. It acts as it is the only bridge on the network. It has a lower Bridge ID than the existing root, so it is elected as the root bridge after the BPDUs converge and when all switches know about the new switch that it is the better choice. Answer B, C, D are incorrect. All these are not valid options, according to the given scenario.
NEW QUESTION 18
Which of the following statements are true about the Enum tool?
- A. It uses NULL and User sessions to retrieve user lists, machine lists, LSA policy information, etc.
- B. It is capable of performing brute force and dictionary attacks on individual accounts of Windows NT/2000.
- C. One of the countermeasures against the Enum tool is to disable TCP port 139/445.
- D. It is a console-based Win32 information enumeration utility.
Answer: ABCD
Explanation:
Enum is a console-based Win32 information enumeration utility. It uses null sessions to retrieve user lists, machine lists, share lists, name lists, group and member lists, passwords, and LSA policy information. It is also capable of performing brute force and dictionary attacks on individual accounts. Since the Enum tool works on the NetBIOS NULL sessions, disabling the NetBIOS port can be a good countermeasure against the Enum tool.
NEW QUESTION 19
Which of the following are the methods of the HttpSession interface? (Choose three)
- A. setAttribute(String name, Object value)
- B. getAttribute(String name)
- C. getAttributeNames()
- D. getSession(true)
Answer: ABC
Explanation:
The HttpSession interface methods are setAttribute(String name, Object value), getAttribute(String name), and getAttributeNames(). The getAttribute(String name) method of the HttpSession interface returns the value of the named attribute as an object. It returns a null value if no attribute with the given name exists.
The setAttribute(String name, Object value) method stores an attribute in the current session. The setAttribute(String name, Object value) method binds an object value to a session using the String name. If an object with the same name is already bound, it will be replaced. The getAttributeNames() method returns an Enumeration containing the names of the attributes available to the current request. It returns an empty Enumeration if the request has no attributes available to it. Answer D is incorrect. The getSession(true) method is a method of the HttpServletRequest interface. The getSession(true) method gets the current session associated with the client request. If the requested session does not exist, the getSession(true) method creates a new session object explicitly for the request and returns it to the client.
NEW QUESTION 20
......
100% Valid and Newest Version GSNA Questions & Answers shared by Dumpscollection.com, Get Full Dumps HERE: https://www.dumpscollection.net/dumps/GSNA/ (New 368 Q&As)