GIAC GSNA Free Practice Questions

NEW QUESTION 1

The SALES folder has a file named XFILE.DOC that contains critical information about your company. This folder resides on an NTFS volume. The company's Senior Sales Manager asks you to provide security for that file. You make a backup of that file and keep it in a locked cupboard, and then you deny access on the file for the Sales group. John, a member of the Sales group, accidentally deletes that file. You have verified that John is not a member of any other group. Although you restore the file from backup, you are confused how John was able to delete the file despite having no access to that file. What is the most likely cause?

• A. The Sales group has the Full Control permission on the SALES folder.
• B. The Deny Access permission does not restrict the deletion of files.
• C. John is a member of another group having the Full Control permission on that file.
• D. The Deny Access permission does not work on files.

Answer: A

Explanation:

Although NTFS provides access controls to individual files and folders, users can perform certain actions even if permissions are set on a file or folder to prevent access. If a user has been denied access to any file and he has Full Control rights in the folder on which it resides, he will be able to delete the file, as Full Control rights in the folder allow the user to delete the contents of the folder. Answer C is incorrect. In the event of any permission conflict, the most restrictive one prevails. Moreover, the question clearly states that John is not a member of any other group. Answer B, D are incorrect. The Deny Access permission works on files.

NEW QUESTION 2

Which of the following policies helps reduce the potential damage from the actions of one person?

• A. CSA
• B. Separation of duties
• C. Internal audit
• D. Risk assessment

Answer: B

Explanation:

Separation of duties (SoD) is the concept of having more than one person required to complete a task. It is alternatively called segregation of duties or, in the political realm, separation of powers. Segregation of duties helps reduce the potential damage from the actions of one person. IS or end-user department should be organized in a way to achieve adequate separation of duties. According to ISACA's Segregation of Duties Control matrix, some duties should not be combined into one position. This matrix is not an industry standard, just a general guideline suggesting which positions should be separated and which require compensating controls when combined. Answer A is incorrect. Cisco Security Agent (CSA) is an endpoint intrusion prevention system. It is rule-based and examines system activity and network traffic, determining which behaviors are normal and which may indicate an attack. CSA uses a two or three-tier client- server architecture. The Management Center 'MC' (or Management Console) contains the program logic; an MS SQL database backend is used to store alerts and configuration information; the MC and SQL database may be co-resident on the same system. The Agent is installed on the desktops and/or servers to be protected. The Agent communicates with the Management Center, sending logged events to the Management Center and receiving updates in rules when they occur. Answer C is incorrect. Internal auditing is a profession and activity involved in helping organizations achieve their stated objectives. It does this by using a systematic methodology for analyzing business processes, procedures and activities with the goal of highlighting organizational problems and recommending solutions. Answer D is incorrect. Risk assessment is a step in a risk management process.

NEW QUESTION 3

You work as a programmer for uCertify.Inc. You have a session object named session1 with an attribute named Attribute1, and an HttpSessionBindingEvent object binding1 bound to session1. Which of the following will be used to retrieve Attribute1?

• A. Object obj=binding1.getSession().getAttribute("Attribute1");
• B. Object obj=binding1.getAttribute("Attribute1");
• C. Long MyAttribute=session1.getAttribute("Attribute1");
• D. Object obj=session1.getAttribute("Attribute1");
• E. String str1=session1.getAttribute("Attribute1");

Answer: AD

Explanation:

The following two code are used to retrieve Attribute1: 1.Object obj=session1.getAttribute("Attribute1"); The getAttribute() method is used to retrieve the bound object with the specified name in this session, or null if no object is bound under the name. 2.Object obj=binding1.getSession().getAttribute("Attribute1"); The getSession() gets the current valid session associated with this request. a String object. Answer B is incorrect. The HttpSessionBindingEvent object cannot use the getAttribute() method.

NEW QUESTION 4

You work as a Software Developer for UcTech Inc. You are building a Web site that will contain study materials on the Java language. The company wants that members can
access all the pages, but non-members have only limited access to the Web site pages. Which of the following security mechanisms will you use to accomplish the task?

• A. Data integrity
• B. Authentication
• C. Confidentiality
• D. Authorization

Answer: D

Explanation:

Authorization is a process that verifies whether a user has permission to access a Web resource. A Web server can restrict access to some of its resources to only those clients that log in using a recognized username and password. To be authorized, a user must first be authenticated. Answer B is incorrect. Authentication is the process of verifying the identity of a user. This is usually done using a user name and password. This process compares the provided user name and password with those stored in the database of an authentication server. Answer C is incorrect. Confidentiality is a mechanism that ensures that only the intended and authorized recipients are able to read data. The data is so encrypted that even if an unauthorized user gets access to it, he will not get any meaning out of it. Answer A is incorrect. Data integrity is a mechanism that ensures that the data is not modified during transmission from source to destination. This means that the data received at the destination should be exactly the same as that sent from the source.

NEW QUESTION 5

Which of the following are HTML tags, used to create a table?

• A.
• B.
• C.
  D.
  E.
  F.

  Answer: ABF

  Explanation:
  
  In Hypertext Markup Language (HTML), a table is created using the
  

  , , and

  tags. The tag designs the table layout, the tag is used to create a row, and the tag is used to create a column. For example, the following code generates a table with two rows and two columns: Cell 1 Cell 2 Cell 3 Cell 4 Answer C, E, and D are incorrect. There are no HTML tags such as , , and . NEW QUESTION 6 You work as a Network Administrator for Infosec Inc. Nowadays, you are facing an unauthorized access in your Wi-Fi network. Therefore, you analyze a log that has been recorded by your favorite sniffer, Ethereal. You are able to discover the cause of the unauthorized access after noticing the following string in the log file: (Wlan.fc.type_subtype eq 32 and llc.oui eq 0x00601d and llc.pid eq 0x0001) When you find All your 802.11b are belong to us as the payload string, you are convinced about which tool is being used for the unauthorized access. Which of the following tools have you ascertained? A. AiroPeek B. AirSnort C. Kismet D. NetStumbler Answer: D Explanation: NetStumbler, a war driving tool, uses an organizationally unique identifier (OID) of 0x00601A, D protocol identifier (PID) of 0x0001. Each version has a typical payload string. For example, NetStumbler 3.2.3 has a payload string: 'All your 802.11b are belong to us'. Therefore, when you see the OID and PID values, you discover that the attacker is using NetStumbler, and when you see the payload string, you are able to ascertain that the attacker is using NetStumbler 3.2.3. NEW QUESTION 7 Which of the following statements are true about security risks? (Choose three) A. They can be removed completely by taking proper actions. B. They are considered an indicator of threats coupled with vulnerability. C. They can be mitigated by reviewing and taking responsible actions based on possible risks. D. They can be analyzed and measured by the risk analysis process. Answer: BCD Explanation: In information security, security risks are considered an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. These risks can be analyzed and measured by the risk analysis process. Answer A is incorrect. Security risks can never be removed completely but can be mitigated by taking proper actions. NEW QUESTION 8 You work as an IT Technician for XYZ CORP. You have to take security measures for the wireless network of the company. You want to prevent other computers from accessing the company's wireless network. On the basis of the hardware address, which of the following will you use as the best possible method to accomplish the task? A. RAS B. MAC Filtering C. SSID D. WEP Answer: B Explanation: MAC filtering is a security access control technique that allows specific network devices to access, or prevents them from accessing, the network. MAC filtering can also be used on a wireless network to prevent certain network devices from accessing the wireless network. MAC addresses are allocated only to hardware devices, not to persons. NEW QUESTION 9 Which of the following protocols is the mandatory part of the WPA2 standard in the wireless networking? A. CCMP B. ARP C. WEP D. TKIP Answer: A Explanation: CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is an IEEE 802.11i encryption protocol created to replace both TKIP, the mandatory protocol in WPA, and WEP, the earlier, insecure protocol. CCMP is a mandatory part of the WPA2 standard, an optional part of the WPA standard, and a required option for Robust Security Network (RSN) Compliant networks. CCMP is also used in the ITU-T home and business networking standard. CCMP, part of the 802.11i standard, uses the Advanced Encryption Standard (AES) algorithm. Unlike in TKIP, key management and message integrity is handled by a single component built around AES using a 128-bit key, a 128-bit block, and 10 rounds of encoding per the FIPS 197 standard. Answer C is incorrect. Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security, which is equivalent to wired networks, for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. WEP incorporates a checksum in each frame to provide protection against the attacks that attempt to reveal the key stream. Answer D is incorrect. TKIP (Temporal Key Integrity Protocol) is an encryption protocol defined in the IEEE 802.11i standard for wireless LANs (WLANs). It is designed to provide more secure encryption than the disreputably weak Wired Equivalent Privacy (WEP). TKIP is the encryption method used in Wi-Fi Protected Access (WPA), which replaced WEP in WLAN products. TKIP is a suite of algorithms to replace WEP without requiring the replacement of legacy WLAN equipment. TKIP uses the original WEP programming but wraps additional code at the beginning and end to encapsulate and modify it. Like WEP, TKIP uses the RC4 stream encryption algorithm as its basis. Answer B is incorrect. Address Resolution Protocol (ARP) is a network maintenance protocol of the TCP/IP protocol suite. It is responsible for the resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC). The ARP cache is used to maintain a correlation between a MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions. ARP is limited to physical network systems that support broadcast packets. NEW QUESTION 10 Which of the following types of audit constructs a risk profile for existing and new projects? A. Technological position audit B. Technological innovation process audit C. Innovative comparison audit D. Client/Server, Telecommunications, Intranets, and Extranets audits Answer: B Explanation: Various authorities have created differing taxonomies to distinguish the various types of IT audits. Goodman & Lawless state that there are three specific systematic approaches to carry out an IT audit: Technological innovation process audit: This audit constructs a risk profile for existing and new projects. The audit will assess the length and depth of the company's experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization and industry structure. Innovative comparison audit: This audit is an analysis of the innovative abilities of the company being audited in comparison to its competitors. This requires examination of company's research and development facilities, as well as its track record in actually producing new products. Technological position audit: This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either "base", "key", "pacing", or "emerging". Answer D is incorrect. These are the audits to verify that controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers. NEW QUESTION 11 Which of the following is a basic feature of the Unix operating system? (Choose three) A. It is highly portable across hardware. B. All files can be individually protected using read, write, and execute permissions for the user, group, and others. C. It allows all the modules to be loaded into memory. D. A user can execute multiple programs at the same time from a single terminal. Answer: ABD Explanation: The basic features of Unix are as follows: Multi-user: It supports more than one user to access the system simultaneously through a set of terminals attached to a system. Multi-tasking: A user can execute multiple programs at the same time from a single terminal. Time sharing: The operating system shares CPU time among tasks. Portability: It is highly portable across hardware. Modularity: It allows only needed modules to be loaded into the memory. File structure: It has an inverted tree like file structure, with files and directories created within the file structure. Security: All files can be individually protected using read, write, and execute permissions for the user, group, and others. Network support: It uses the TCP/IP protocol. Advanced graphics: CAD-CAM applications perform the best in a Unix System with its varied support for graphics card. NEW QUESTION 12 Ryan wants to create an ad hoc wireless network so that he can share some important files with another employee of his company. Which of the following wireless security protocols should he choose for setting up an ad hoc wireless network? (Choose two) A. WPA2 -EAP B. WPA-PSK C. WEP D. WPA-EAP Answer: BC Explanation: Ryan can either choose WEP or WPA-PSK wireless protocol to set an ad hoc wireless network. Answer A is incorrect. WPA2-EAP cannot be chosen for an ad hoc wireless network, as it requires RADIUS (Remote Authentication Dial- In User Service) server for authentication. Answer D is incorrect. WPA-EAP cannot be chosen for an ad hoc wireless network, as it requires RADIUS (Remote Authentication Dial-In User Service) server for authentication. NEW QUESTION 13 You work as a Security manager for Qualoxizz Inc. Your company has number of network switches in the site network infrastructure. Which of the following actions will you perform to ensure the security of the switches in your company? A. Open up all the unused management ports. B. Set similar passwords for each management port. C. Set long session timeouts. D. Ignore usage of the default account settings. Answer: D Explanation: A switch with a management port using a default user account permits an attacker to intrude inside by making connections using one or more of the well-known default user accounts (e.g., administrator, root, security). Therefore, the default account settings should not be used. Answer A is incorrect. The unused management ports on a switch should always be blocked to prevent port scanning attacks from the attackers. Answer B is incorrect. Setting similar passwords on all management ports increases the vulnerability of password cracking. The matching passwords on all ports can be used by the attacker to break into all ports once the password of one of the ports is known. Answer C is incorrect. Short timeout sessions should always be set to reduce the session period. If the connections to a management port on a switch do not have a timeout period set or have a large timeout period (greater than 9 minutes), then the connections will be more available for an attacker to hijack them. NEW QUESTION 14 John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to use Kismet as a wireless sniffer to sniff the We-are-secure network. Which of the following IEEE-based traffic can be sniffed with Kismet? A. 802.11g B. 802.11n C. 802.11b D. 802.11a Answer: ABCD Explanation: Kismet can sniff IEEE 802.11a, 802.11b, 802.11g, and 802.11n-based wireless network traffic. NEW QUESTION 15 You work as a Database Administrator for XYZ CORP. The company has a multi-platform network. The company requires a database that can receive data from various types of operating systems. You want to design a multidimensional database to accomplish the task. Which of the following statements are true about a multidimensional database? A. It is used to optimize Online Analytical Processing (OLAP) applications. B. It is used to optimize data warehouse. C. It is rarely created using input from existing relational databases. D. It allows users to ask questions that are related to summarizing business operations and trends. Answer: ABD Explanation: A multidimensional database (MDB) is a type of database that is optimized for data warehouse and Online Analytical Processing (OLAP) applications. Multidimensional databases are frequently created using input from existing relational databases. Whereas a relational database is typically accessed using a Structured Query Language (SQL) query, a multidimensional database allows a user to ask questions like "How many Aptivas have been sold in Nebraska so far this year?" and similar questions related to summarizing business operations and trends. An OLAP application that accesses data from a multidimensional database is known as a MOLAP (multidimensional OLAP) application. Answer C is incorrect. A multidimensional database is frequently created using input from existing relational databases. NEW QUESTION 16 Which of the following statements about a screened host is true? A. It facilitates a more efficient use of the Internet connection bandwidth and hides the real IP addresses of computers located behind the proxy. B. It is a small network that lies in between the Internet and a private network. C. It provides added security by using Internet access to deny or permit certain traffic from the Bastion Host. D. It provides a physical connection between computers within a network. Answer: C Explanation: A screened host provides added security by using Internet access to deny or permit certain traffic from the Bastion Host. Answer D is incorrect. A network interface card provides a physical connection between computers within a network. Answer B is incorrect. Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a private network. It is the boundary between the Internet and an internal network, usually a combination of firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a large enterprise network or corporate network the ability to use the Internet while still maintaining its security. Answer A is incorrect. A proxy server facilitates a more efficient use of the Internet connection bandwidth and hides the real IP addresses of computers located behind the proxy. NEW QUESTION 17 Which of the following statements is true about COLSPAN attribute? A. COLSPAN is used to create columns in a table. B. COLSPAN is used to divide one column into many columns. C. COLSPAN is used to span one column across many rows. D. COLSPAN is used to span one column across many columns. Answer: D Explanation: COLSPAN attribute is used to span one column across many columns. COLSPAN is an attribute of and tags that allow a single column in a table to take space that is occupied by several columns. If the specified COLSPAN value is greater than the number of columns in the table, then a new column is created at the end of the row. Reference: MSDN, Contents: COLSPAN NEW QUESTION 18 Which of the following tools is used to make fake authentication certificates? A. Obiwan B. Netcat C. WinSSLMiM D. Brutus Answer: C Explanation: WinSSLMiM is an HTTPS Man in the Middle attacking tool. It includes FakeCert, a tool used to make fake certificates. It can be used to exploit the Certificate Chain vulnerability in Internet Explorer. The tool works under Windows 9x/2000. For example, Generate fake certificate: fc -s www.we-are-secure.com -f fakeCert.crt Launch WinSSLMiM: wsm -f fakeCert.crt Answer D is incorrect. Brutus is a password cracking tool that performs both dictionary and brute force attacks in which passwords are randomly generated from given characters. Brute forcing can be performed on the following authentications: HTTP (Basic Authentication) HTTP (HTML Form/CGI) POP3 (Post Office Protocol v3) FTP (File Transfer Protocol) SMB (Server Message Block) Telnet Answer A is incorrect. Obiwan is a Web password cracking tool that is used to perform brute force and hybrid attacks. It is effective against HTTP connections for Web servers that allow unlimited failed login attempts by the user. Obiwan uses wordlists as well as alphanumeric characters as possible passwords. Answer B is incorrect. Netcat is a freely available networking utility that reads and writes data across network connections by using the TCP/IP protocol. Netcat has the following features: It provides outbound and inbound connections for TCP and UDP ports. It provides special tunneling such as UDP to TCP, with the possibility of specifying all network parameters. It is a good port scanner. It contains advanced usage options, such as buffered send-mode (one line every N seconds), and hexdump (to stderr or to a specified file) of transmitted and received data. It is an optional RFC854 telnet code parser and responder. NEW QUESTION 19 Which of the following is required by a Web-based application to connect to a database? A. DSN B. DNS C. CGI D. FQDN Answer: A Explanation: A Web-based application uses Data Source Name (DSN) to connect to a database. DSN is a logical name used by Open Database Connectivity (ODBC) to refer to connection information required to access dat Answer C is incorrect. The Common Gateway Interface (CGI) specification is used for creating executable programs that run on a Web server. CGI defines the communication link between a Web server and Web applications. It gives a network or Internet resource access to specific programs. For example, when users submit an HTML form on a Web site, CGI is used to pass this information to a remote application for processing, and retrieve the results from the application. It then returns these results to the user by means of an HTML page. Answer D is incorrect. Fully Qualified Domain Name (FQDN) is a unique name of a host or computer, which represents its position in the hierarchy. An FQDN begins with a host name and ends with the top-level domain name. FQDN includes the second-level domain and other lower level domains. For example, the FQDN of the address HTTP://WWW.UNI.ORG will be WWW.UNI.ORG where WWW is the host name, UNI is the second-level domain, and ORG is the top-level domain name. Answer B is incorrect. Domain Name System (DNS) is a hierarchical naming system used for locating domain names on private TCP/IP networks and the Internet. It provides a service for mapping DNS domain names to IP addresses and vice versa. DNS enables users to use friendly names to locate computers and other resources on an IP network. TCP/IP uses IP addresses to locate and connect to hosts, but for users, it is easier to use names instead of IP address to locate or connect to a site. For example, users will be more comfortable in using the host name www.uCertify.com rather than using its IP address 66.111.64.227. NEW QUESTION 20 ...... Recommend!! Get the Full GSNA dumps in VCE and PDF From 2passeasy, Welcome to Download: https://www.2passeasy.com/dumps/GSNA/ (New 368 Q&As Version) START GSNA EXAM 1 2 3 4 5 X © All pages Copyright to 2024 by itexamlabs.com. All rights reserved. testpreplab.com certstest.com