aiotestking uk

GSNA Exam Questions - Online Test


GSNA Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

It is impossible to pass GIAC GSNA exam without any help in the short term. Come to Passleader soon and find the most advanced, correct and guaranteed GIAC GSNA practice questions. You will get a surprising result by our Up to date GIAC Systems and Network Auditor practice guides.

Free demo questions for GIAC GSNA Exam Dumps Below:

NEW QUESTION 1

Zorp is a proxy firewall suite developed by Balabit IT Security. Which of the following statements are true about Zorp?

  • A. It allows the administrators to fine-tune proxy decisions.
  • B. Zorp aims for compliance with the Common Criteria/Application Level Firewall Protection Profile for Medium Robustness.
  • C. It allows full analysis of embedded protocols.
  • D. The GPL version of Zorp lacks much of the usability and functions from the other versions.

Answer: ABC

Explanation:

Zorp is a proxy firewall suite developed by Balabit IT Security. Its core framework allows the administrator to fine-tune proxy decisions (with its built-in script language), and fully analyze embedded protocols (such as SSL with an embedded POP3 or HTTP protocol). The FTP, HTTP, FINGER, WHOIS, TELNET, and SSL protocols are fully supported with an application-level gateway. Zorp aims for compliance with the Common Criteria/Application Level Firewall Protection Profile for Medium Robustness. Zorp is released under GNU/GPL and commercial license too. The GPL version is completely usable and functional; however, it lacks some of the more advanced functions available in the commercially available version only. Some of the Zorp supported protocols are Finger, Ftp, Http, Pop3, NNTP, IMAP4, RDP, RPC, SIP, SSL, SSH, Telnet, Whois, LDAP, RADIUS, TFtp, SQLNet NET8, Rsh, etc. Answer D is incorrect. The GPL version of Zorp is completely usable and functional; however, it lacks some of the more advanced functions available in the commercially available version only.

NEW QUESTION 2

Which of the following are the limitations for the cross site request forgery (CSRF) attack?

  • A. The attacker must determine the right values for all the form inputs.
  • B. The attacker must target a site that doesn't check the referrer header.
  • C. The target site should have limited lifetime authentication cookies.
  • D. The target site should authenticate in GET and POST parameters, not only cookies.

Answer: AB

Explanation:

Following are the limitations of cross site request forgeries to be successful:
* 1. The attacker must target either a site that doesn't check the Referer header (which is common) or a victim with a browser or plugin bug that allows Referer spoofing (which is rare).
* 2. The attacker must find a form submission at the target site that does something useful to the attacker (e.g., transfers money, or changes the victim's e-mail address or password).
* 3. The attacker must determine the right values for all the form inputs: if any of them are required to be secret authentication values or IDs that the attacker can't guess, the attack will fail.
* 4. The attacker must lure the victim to a Web page with malicious code while the victim is logged in to the target site. Since, the attacker can't see what the target Web site sends back to the victim in response to the forged requests, unless he exploits a cross- site scripting or other bug at the target Web site.
Similarly, the attacker can only "click" any links or submit any forms that come up after the initial forged request, if the subsequent links or forms are similarly predictable. (Multiple "clicks" can be simulated by including multiple images on a page, or by using JavaScript to introduce a delay between clicks). from cross site request forgeries (CSRF) by applying the following countermeasures available: Requiring authentication in GET and POST parameters, not only cookies. Checking the HTTP Referer header. Ensuring there's no crossdomain.xml file granting unintended access to Flash movies. Limiting the lifetime of authentication cookies. Requiring a secret, user-specific token in all form submissions prevents CSRF; the attacker's site can't put the right token in its submissions. Individual Web users can do relatively little to prevent cross-site request forgery. Logging out of sites and avoiding their "remember me" features can mitigate CSRF risk; not displaying external images or not clicking links in "spam" or unreliable e-mails may also help.

NEW QUESTION 3

John works as a Network Administrator for Perfect Solutions Inc. The company has a Debian Linux-based network. He is working on the bash shell in which he creates a variable VAR1. After some calculations, he opens a new ksh shell. Now, he wants to set VAR1 as an environmental variable so that he can retrieve VAR1 into the ksh shell. Which of the following commands will John run to accomplish the task?

  • A. echo $VAR1
  • B. touch VAR1
  • C. export VAR1
  • D. env -u VAR1

Answer: C

Explanation:
Since John wants to use the variable VAR1 as an environmental variable, he will use the export command to accomplish the task.

NEW QUESTION 4

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to fix partitions on a hard drive. Which of the following Unix commands can you use to accomplish the task?

  • A. fdformat
  • B. exportfs
  • C. fsck
  • D. fdisk

Answer: D

Explanation:

The fdisk command is a menu-based command available with Unix for hard disk configuration. This command can perform the following tasks: Delete a partition on a hard disk. Create a partition on a hard disk. Change the partition type. Display the partition table. Answer B is incorrect. In Unix, the exportfs command is used to set up filesystems to export for nfs (network file sharing). Answer A is incorrect. In Unix, the fdformat command formats a floppy disk. Answer C is incorrect. In Unix, the fsck command is used to add new blocks to a filesystem. This command must not be run on a mounted file system.

NEW QUESTION 5

You are responsible for a number of Windows Server 2003 DNS servers on a large
corporate network. You have decided to audit the DNS server logs. Which of the following are likely errors you could encounter in the log? (Choose two)

  • A. The DNS server could not create FTP socket for address [IP address of server].
  • B. The DNS server could not open socket for domain name [domain name of server].
  • C. The DNS server could not create a Transmission Control Protocol (TCP) socket.
  • D. The DNS server could not open socket for address [IP address of server].

Answer: CD

Explanation:

There are a number of errors one could find in a Windows Server 2003 DNS log. They are as follows: The DNS server could not create a Transmission Control Protocol. The DNS server could not open socket for address. The DNS server could not initialize the Remote Procedure Call (RPC) service. The DNS server could not bind the main datagram socket. The DNS Server service relies on Active Directory to store and retrieve information for Active Directory-integrated zones. And several active directory errors are possible. Answer A is incorrect. DNS Servers do not create FTP connections. Answer B is incorrect. A DNS server looks up a name to return an IP, it would not and cannot connect to a domain name, it must connect to an IP address.

NEW QUESTION 6

You work as a Network Administrator for Tech Perfect Inc. You need to configure the company firewall so that only Simple Network Management Protocol (SNMP) and Secure HTTP (HTTPS) traffic is allowed into the intranet of the company. No other traffic should be allowed into the intranet. Which of the following rule sets should you use on your firewall to accomplish the task? (Assume left to right equals top to bottom.)

  • A. Output chain: allow port 443, allow 25, deny all
  • B. Input chain: deny all, allow port 25, allow 443
  • C. Input chain: allow port 25, allow 443, deny all
  • D. Output chain: allow port 25, allow 443, deny all

Answer: C

Explanation:

In the given rule set, 'Input chain' defines that the rule is for the incoming traffic, i.e., traffic coming from the intranet to the Internet. Port 25 is being allowed for SNMP traffic and port 443 for the HTTPS traffic. Deny all is being used after allowing port 25 and 443; hence, all the other traffic will be denied. Answer B is incorrect. Deny all is executed first; hence, all the traffic will be denied including port 25 and 443. Answer A, D are incorrect. These rule sets are used for outgoing traffic, i.e., traffic going from the intranet to the Internet as the 'Output chain' rule is being used.

NEW QUESTION 7

Which of the following is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines?

  • A. Warkitting
  • B. War driving
  • C. Wardialing
  • D. Demon dialing

Answer: C

Explanation:

War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers - hackers that specialize in computer security - for password guessing. Answer A is incorrect. Warkitting is a combination of wardriving and rootkitting. In a warkitting attack, a hacker replaces the firmware of an attacked router. This allows them to control all traffic for the victim, and could even permit them to disable SSL by replacing HTML content as it is being downloaded. Warkitting was identified by Tsow, Jakobsson, Yang, and Wetzel in 2006. Their discovery indicated that 10% of the wireless routers were susceptible to WAPjacking (malicious configuring of the firmware settings, but making no modification on the firmware itself) and 4.4% of wireless routers were vulnerable to WAPkitting (subverting the router firmware). Their analysis showed that the volume of credential theft possible through Warkitting exceeded the estimates of credential theft due to phishing. Answer D is incorrect. In the computer hacking scene of the 1980s, demon dialing was a technique by which a computer is used to repeatedly dial a number (usually to a crowded modem pool) in an attempt to gain access immediately after another user had hung up. The expansion of accessible Internet service provider connectivity since that time more or less rendered the practice obsolete. The term "demon dialing" derives from the Demon Dialer product from Zoom Telephonics, Inc., a telephone device produced in the 1980s which repeatedly dialed busy telephone numbers under control of an extension phone. Answer B is incorrect. War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, one needs a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources.

NEW QUESTION 8

In which of the following does a Web site store information such as user preferences to provide customized services to users?

  • A. Protocol
  • B. ActiveX control
  • C. Cookie
  • D. Keyword

Answer: C

Explanation:

A cookie is a small bit of text that accompanies requests and pages as they move between Web servers and browsers. It contains information that is read by a Web application, whenever a user visits a site. Cookies are stored in the memory or hard disk of client computers. A Web site stores information, such as user preferences and settings in a cookie. This information helps in providing customized services to users. There is absolutely no way a Web server can access any private information about a user or his computer through cookies, unless a user provides the information. A Web server cannot access cookies created by other Web servers.
Answer A is incorrect. A protocol is a set of predefined rules that govern how two or more processes communicate and interact to exchange data. Protocols are considered as the building blocks of network communication. Computer protocols are used by communicating
devices and software services to format data in a way that all participants understand. It provides a context in which to interpret communicated information. Answer B is incorrect. ActiveX controls are software components that can be integrated into Web pages and applications, within a computer or among computers in a network, to reuse the functionality. Reusability of controls reduces development time of applications and improves program interfaces. They enhance the Web pages with formatting features and animation. ActiveX controls can be used in applications written in different programming languages that recognize Microsoft's Component Object Model (COM). These controls always run in a container. ActiveX controls simplify and automate the authoring tasks, display data, and add functionality to Web pages. Answer D is incorrect. Keywords are important terms used to search Web pages on a particular topic. For example, if a user enters a keyword "Networking" in a search engine form, all Web pages containing the term "Networking" will be displayed.

NEW QUESTION 9

In which of the following is absolute size of frames expressed?

  • A. Bits
  • B. Percentage
  • C. Inches
  • D. Pixels

Answer: D

Explanation:

Absolute size of frames is expressed in pixels. Size is expressed in terms of the number of pixels in a frame. Therefore, a change in the screen area of a display device does not affect the absolute frame size of a Web page.

NEW QUESTION 10

On which of the following does a CGI program execute?

  • A. Router
  • B. Web server
  • C. Client
  • D. Client and Web server

Answer: B

Explanation:

The Common Gateway Interface (CGI) specification is used for creating executable programs that run on a Web server. CGI defines the communication link between a Web server and Web applications. It gives a network or Internet resource access to specific programs. For example, when users submit an HTML form on a Web site, CGI is used to pass this information to a remote application for processing, and retrieve the results from the application. It then returns these results to the user by means of an HTML page. Answer A is incorrect. CGI programs do not execute on routers.

NEW QUESTION 11

You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the
forest is Windows Server 2003. The company has recently provided laptops to its sales team members. You have configured access points in the network to enable a wireless network. The company's security policy states that all users using laptops must use smart cards for authentication. Which of the following authentication techniques will you use to implement the security policy of the company?

  • A. IEEE 802.1X using EAP-TLS
  • B. IEEE 802.1X using PEAP-MS-CHAP
  • C. Pre-shared key
  • D. Open system

Answer: A

Explanation:

In order to ensure that the laptop users use smart cards for authentication, you will have to configure IEEE 802.1X authentication using the EAP-TLS protocol on the network.

NEW QUESTION 12

Which of the following is used to execute a SQL statement from the SQL buffer?

  • A. Entering an asterisk (*)
  • B. Pressing [RETURN] once
  • C. Pressing [RETURN] twice
  • D. Entering a slash (/)
  • E. Pressing [ESC] twice.

Answer: D

Explanation:

A SQL statement or a PL/SQL block can be executed by entering a semicolon (;) or a slash (/), or by using the RUN command at SQL prompt. When a semicolon (;) is entered at the end of a command, the command is completed and executed. When a slash (/) is entered, the command in the buffer is executed. It can also be used to execute a PL/SQL block. The RUN command is used to execute a command in the buffer. Note: The SQL buffer stores the most recently used SQL commands and PL/SQL blocks. It does not store SQL* Plus commands. It can be edited or saved to a file. Note: A SQL command can be saved in the buffer by entering a blank line. Reference: Oracle8i Online Documentation, Contents: "SQL*PLUS Users Guide and Reference", "Learning SQL*PLUS Basics,3 of 4", "Understanding SQL COMMAND Syntax"

NEW QUESTION 13

Which of the following types of authentication tokens forms a logical connection to the client computer but does not require a physical connection?

  • A. Virtual token
  • B. Connected token
  • C. Disconnected token
  • D. Contactless token

Answer: D

Explanation:

Contactless tokens are the third main type of physical tokens. Unlike connected tokens, they form a logical connection to the client computer but do not require a physical connection. The absence of the need for physical contact makes them more convenient than both connected and disconnected tokens. As a result, contactless tokens are a popular choice for keyless entry systems and electronic payment solutions such as Mobil Speedpass, which uses RFID to transmit authentication information from a keychain token. However, there have been various security concerns raised about RFID tokens after researchers at Johns Hopkins University and RSA Laboratories discovered that RFID tags could be easily cracked and cloned. Another downside is that contactless tokens have relatively short battery lives, usually only 3-5 years, which is low compared to USB tokens which may last up to 10 years. However, some tokens do allow the batteries to be changed, thus reducing costs. Answer A is incorrect. Virtual tokens are a new concept in multi-factor authentication first introduced in 2005 by security company Sestus. Virtual tokens work by sharing the token generation process between the Internet website and the user's computer and have the advantage of not requiring the distribution of additional hardware or software. In addition, since the user's device is communicating directly with the authenticating website, the solution is resistant to man-in-the-middle attacks and similar forms of online fraud. Answer B is incorrect. Connected tokens are tokens that must be physically connected to the client computer. Tokens in this category will automatically transmit the authentication information to the client computer once a physical connection is made, eliminating the need for the user to manually enter the authentication information. However, in order to use a connected token, the appropriate input device must be installed. The most common types of physical tokens are smart cards and USB tokens, which require a smart card reader and a USB port, respectively. Answer C is incorrect. Disconnected tokens have neither a physical nor logical connection to the client computer. They typically do not require a special input device, and instead use a built-in screen to display the generated authentication data, which the user enters manually via a keyboard or keypad.
Disconnected tokens are the most common type of security token used (usually in combination with a password) in two-factor authentication for online identification.

NEW QUESTION 14

Mark works as a Web Developer for XYZ CORP. He is developing a Web site for the company. He wants to use frames in the Web site. Which of the following is an HTML tag used to create frames?

  • A. <REGION>
  • B. <TABLESET>
  • C. <FRAMEWINDOW>
  • D. <FRAMESET>

Answer: D

Explanation:

<FRAMESET> tag specifies a frameset used to organize multiple frames and nested framesets in an HTML document. It defines the location, size, and orientation of frames. An HTML document can either contain a <FRAMESET> tag or a <BODY> tag. Answer A, B, C are incorrect. There are no HTML tags such as <TABLESET>,
<FRAMEWINDOW>, and <REGION>.

NEW QUESTION 15

You are concerned about rootkits on your network communicating with attackers outside your network. Without using an IDS how can you detect this sort of activity?

  • A. By setting up a DMZ.
  • B. You cannot, you need an IDS.
  • C. By examining your domain controller server logs.
  • D. By examining your firewall logs.

Answer: D

Explanation:

Firewall logs will show all incoming and outgoing traffic. By examining those logs you can detect anomalous traffic, which can indicate the presence of malicious code such as rootkits. Answer B is incorrect. While an IDS might be the most obvious solution in this scenario, it is not the only one. Answer C is incorrect. It is very unlikely that anything in your domain controller logs will show the presence of a rootkit, unless that rootkit is on the domain controller itself. Answer A is incorrect. A DMZ is an excellent firewall configuration but will not aid in detecting rootkits.

NEW QUESTION 16

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He
executes the following command in the terminal: echo $USER, $UID Which of the following will be displayed as the correct output of the above command?

  • A. John, 0
  • B. root, 0
  • C. root, 500
  • D. John, 502

Answer: B

Explanation:

According to the scenario, John is a root user. Hence, the value of the environmental variables $USER and $UID will be root and 0, respectively.

NEW QUESTION 17

Adam works as a Security Analyst for Umbrella Inc. He is retrieving large amount of log data from syslog servers and network devices such as Router and switches. He is facing difficulty in analyzing the logs that he has retrieved. To solve this problem, Adam decides to use software called Sawmill. Which of the following statements are true about Sawmill?

  • A. It incorporates real-time reporting and real-time alerting.
  • B. It is used to analyze any device or software package, which produces a log file such as Web servers, network devices (switches & routers etc.), syslog servers etc.
  • C. It is a software package for the statistical analysis and reporting of log files.
  • D. It comes only as a software package for user deployment.

Answer: ABC

Explanation:
Sawmill is a software package for the statistical analysis and reporting of log files, with dynamic contextual filtering, 'live' data zooming, user interface customization, and custom calculated reports. Sawmill incorporates real-time reporting and real-time alerting. Sawmill also includes a page tagging server and JavaScript page tag for the analysis of client side
clicks (client requests) providing a total view of visitor traffic and on-site behavioral activity. Sawmill Analytics is offered in three forms, as a software package for user deployment, as a turnkey on-premise system appliance, and as a SaaS service. Sawmill analyzes any device or software package producing a log file and that includes Web servers, firewalls, proxy servers, mail servers, network devices (switches & routers etc.), syslog servers, databases etc. Its range of potential uses by knowledge workers is essentially limitless. Answer D is incorrect. Sawmill Analytics software is available in three different forms; as a software package for user deployment, as a turnkey on-premise system appliance, and as a SaaS service.

NEW QUESTION 18
......

Thanks for reading the newest GSNA exam dumps! We recommend you to try the PREMIUM Thedumpscentre.com GSNA dumps in VCE and PDF here: https://www.thedumpscentre.com/GSNA-dumps/ (368 Q&As Dumps)