100% Guarantee GIAC GSNA Exam Engine Online

NEW QUESTION 1

Which of the following statements are true about SSIDs?

• A. Configuring the same SSID as that of the other Wireless Access Points (WAPs) of other networks will create a conflict.
• B. SSIDs are case insensitive text strings and have a maximum length of 64 characters.
• C. All wireless devices on a wireless network must have the same SSID in order to communicate with each other.
• D. SSID is used to identify a wireless network.

Answer: ACD

Explanation:

SSID stands for Service Set Identifier. It is used to identify a wireless network. SSIDs are case sensitive text strings and have a maximum length of 32 characters. All wireless devices on a wireless network must have the same SSID in order to communicate with each other. The SSID on computers and the devices in WLAN can be set manually and automatically. Configuring the same SSID as that of the other Wireless Access Points (WAPs) of other networks will create a conflict. A network administrator often uses a public SSID that is set on the access point. The access point broadcasts SSID to all wireless devices within its range. Some newer wireless access points have the ability to disable the automatic SSID broadcast feature in order to improve network security.

NEW QUESTION 2

John works as a Network Administrator for We-are-secure Inc. The We-are-secure server is based on Windows Server 2003. One day, while analyzing the network security, he receives an error message that Kernel32.exe is encountering a problem. Which of the following steps should John take as a countermeasure to this situation?

• A. He should download the latest patches for Windows Server 2003 from the Microsoft site, so that he can repair the kernel.
• B. He should restore his Windows settings.
• C. He should observe the process viewer (Task Manager) to see whether any new process is running on the computer or no
• D. If any new malicious process is running, he should kill that process.
• E. He should upgrade his antivirus program.

Answer: CD

Explanation:

In such a situation, when John receives an error message revealing that Kernel32.exe is encountering a problem, he needs to come to the conclusion that his antivirus program needs to be updated, because Kernel32.exe is not a Microsoft file (It is a Kernel32.DLL file.). Although such viruses normally run on stealth mode, he should examine the process viewer (Task Manager) to see whether any new process is running on the computer or not. If any new process (malicious) is running on the server, he should exterminate that process. Answer A, B are incorrect. Since kernel.exe is not a real kernel file of Windows, there is no need to repair or download any patch for Windows Server 2003 from the Microsoft site to repair the kernel. Note: Such error messages can be received if the computer is infected with malware, such as Worm_Badtrans.b, Backdoor.G_Door, Glacier Backdoor, Win32.Badtrans.29020, etc.

NEW QUESTION 3

You are concerned about rootkits on your network communicating with attackers outside your network. Without using an IDS how can you detect this sort of activity?

• A. By setting up a DMZ.
• B. You cannot, you need an IDS.
• C. By examining your domain controller server logs.
• D. By examining your firewall logs.

Answer: D

Explanation:

Firewall logs will show all incoming and outgoing traffic. By examining those logs you can detect anomalous traffic, which can indicate the presence of malicious code such as rootkits. Answer B is incorrect. While an IDS might be the most obvious solution in this scenario, it is not the only one. Answer C is incorrect. It is very unlikely that anything in your domain controller logs will show the presence of a rootkit, unless that rootkit is on the domain controller itself. Answer A is incorrect. A DMZ is an excellent firewall configuration but will not aid in detecting rootkits.

NEW QUESTION 4

Which of the following statements are true about WPA?

• A. WPA-PSK requires a user to enter an 8-character to 63-character passphrase into a wireless client.
• B. Shared-key WPA is vulnerable to password cracking attacks if a weak passphrase is used.
• C. WPA-PSK converts the passphrase into a 256-bit key.
• D. WPA provides better security than WEP.

Answer: ABCD

Explanation:

WPA stands for Wi-Fi Protected Access. It is a wireless security standard. It provides better security than WEP (Wired Equivalent Protection). Windows Vista supports both WPA-PSK and WPA-EAP. Each of these is described as follows: WPA-PSK: PSK stands for Preshared key. This standard is meant for home environment. WPA-PSK requires a user to enter an 8- character to 63-character passphrase into a wireless client. The WPA converts the passphrase into a 256-bit key. WPA-EAP: EAP stands for Extensible Authentication Protocol. This standard relies on a back-end server that runs Remote Authentication Dial-In User Service for user authentication. Note: Windows Vista supports a user to use a smart card to connect to a WPA-EAP protected network. Shared- key WPA is vulnerable to password cracking attacks if a weak passphrase is used. To protect against a brute force attack, a truly random passphrase of 13 characters (selected from the set of 95 permitted characters) is probably sufficient.

NEW QUESTION 5

Which of the following listeners need not be configured in the deployment descriptor? (Choose two)

• A. HttpSessionBindingListener
• B. HttpSessionAttributeListener
• C. HttpSessionListener
• D. HttpSessionActivationListener

Answer: AD

Explanation:

Except for the HttpSessionActivationListener and the HttpSessionBindingListener, all other listeners must be configured in the deployment descriptor.
HttpSessionBindingListener has methods that notify the object when it is added to or removed from a session. It has methods that informs the attributes when the session is about to be activated or passivated. These methods are related to the attributes and not to the complete session. Hence, the container takes care of them and need not be configured in the deployment descriptor.

NEW QUESTION 6

Which of the following tools can be used to read NetStumbler's collected data files and present street maps showing the logged WAPs as icons, whose color and shape indicates WEP mode and signal strength?

• A. Kismet
• B. StumbVerter
• C. WEPcrack
• D. NetStumbler

Answer: B

Explanation:

StumbVerter tool is used to read NetStumbler's collected data files and present street maps showing the logged WAPs as icons, whose color and shape indicates WEP mode and signal strength. Answer C is incorrect. WEPcrack is a wireless network cracking tool that exploits the vulnerabilities in the RC4 Algorithm, which comprises the WEP security parameters. Answer A is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Answer D is incorrect. NetStumbler is a Windows- based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. It detects wireless networks and marks their relative position with a GPS.

NEW QUESTION 7

Which of the following is used to execute a SQL statement from the SQL buffer?

• A. Entering an asterisk (*)
• B. Pressing [RETURN] once
• C. Pressing [RETURN] twice
• D. Entering a slash (/)
• E. Pressing [ESC] twice.

Answer: D

Explanation:

A SQL statement or a PL/SQL block can be executed by entering a semicolon (;) or a slash (/), or by using the RUN command at SQL prompt. When a semicolon (;) is entered at the end of a command, the command is completed and executed. When a slash (/) is entered, the command in the buffer is executed. It can also be used to execute a PL/SQL block. The RUN command is used to execute a command in the buffer. Note: The SQL buffer stores the most recently used SQL commands and PL/SQL blocks. It does not store SQL* Plus commands. It can be edited or saved to a file. Note: A SQL command can be saved in the buffer by entering a blank line. Reference: Oracle8i Online Documentation, Contents: "SQL*PLUS Users Guide and Reference", "Learning SQL*PLUS Basics,3 of 4", "Understanding SQL COMMAND Syntax"

NEW QUESTION 8

With reference to the given case study, one of the security goals requires to configure a secure connection between the Boston distribution center and the headquarters. You want to implement IP filter to fulfill the security requirements. How should you implement IP filters at the headquarters? (Click the Exhibit button on the toolbar to see the case study.)

• A. Add source filters for the headquarters for UDP port 1701 and IP protocol 50.Add destination filters for the Boston distribution center for UDP port 1701 and IP protocol 50.
• B. Add source filters for the Boston distribution center for UDP port 80 and IP protocol 50. Add destination filters for headquarters for UDP port 80 and IP protocol 50.
• C. Add source filters for the headquarters for UDP port 80 and IP protocol 50.Add destination filters for the Boston distribution center for UDP port 80 and IP protocol 50.
• D. Add source filters for the Boston distribution center for UDP port 1701 and IP protocol 50.Add destination filters for the headquarters for UDP port 1701 and IP protocol 50.

Answer: D

Explanation:

To implement IP filters at the headquarters, add source filters for the Boston distribution center for UDP port 1701 and IP protocol 50. Also, add destination filters for the headquarters for UDP port 1701 and IP protocol 50. The Windows 2000 Router service provides routing services in the LAN and WAN environments, and over the Internet, using secure virtual private network (VPN) connections. The VPN connections are based on the Point-to-Point Tunneling Protocol (PPTP) and the Layer 2 Tunneling Protocol (L2TP) L2TP is very similar to PPTP but uses UDP, and therefore can be used over asynchronous transfer mode (ATM), Frame Relay, and X.25 networks as well. When L2TP is used over IP networks, it uses a UDP port 1701 packet format for both a control channel and a data channel. L2TP can also be used with IPSec to provide a fully secured network link. Further, IP packet filtering provides an ability to restrict the traffic into and out of each interface. Packet filtering is based on filters defined by the values of source and destination IP addresses, TCP, and UDP port numbers, and IP protocol numbers. Inbound filters that are
applied to the receiving traffic allow the receiving computer to match the traffic with the IP Filter List for the source IP address. Similarly, the outbound filters that are applied to the traffic leaving a computer towards a destination trigger a security negotiation for the destination IP address. That is why, to implement the IP filtering at the headquarters, you have to add a source address for the filters at the Boston center and a destination address for the filters at the headquarters.

NEW QUESTION 9

Which of the following can be the countermeasures to prevent NetBIOS NULL session enumeration in Windows 2000 operating systems?

• A. Denying all unauthorized inbound connections to TCP port 53
• B. Disabling SMB services entirely on individual hosts by unbinding WINS Client TCP/IP from the interface
• C. Editing the registry key HKLM\SYSTEM\CurrentControlSet\LSA and adding the value RestrictAnonymous
• D. Disabling TCP port 139/445

Answer: BCD

Explanation:

NetBIOS NULL session vulnerabilities are hard to prevent, especially if NetBIOS is needed as part of the infrastructure. One or more of the following steps can be taken to limit NetBIOS NULL session vulnerabilities: 1.Null sessions require access to the TCP 139 or TCP 445 port, which can be disabled by a Network Administrator. 2. A Network Administrator can also disable SMB services entirely on individual hosts by unbinding WINS Client TCP/IP from the interface. 3. A Network Administrator can also restrict the anonymous user by editing the registry values: a.Open regedit32, and go to HKLM\SYSTEM\CurrentControlSet\LSA. b.Choose edit > add value. Value name: RestrictAnonymous Data Type: REG_WORD Value: 2 Answer A is incorrect. TCP port 53 is the default port for DNS zone transfer. Although disabling it can help restrict DNS zone transfer enumeration, it is not useful as a countermeasure against the NetBIOS NULL session enumeration.

NEW QUESTION 10

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to use Kismet as a wireless sniffer to sniff the We-are-secure network. Which of the following IEEE-based traffic can be sniffed with Kismet?

• A. 802.11g
• B. 802.11n
• C. 802.11b
• D. 802.11a

Answer: ABCD

Explanation:

Kismet can sniff IEEE 802.11a, 802.11b, 802.11g, and 802.11n-based wireless network traffic.

NEW QUESTION 11

Which of the following responsibilities does not come under the audit process?

• A. Reporting all facts and circumstances of the irregular and illegal acts.
• B. Planning the IT audit engagement based on the assessed level of risk.
• C. Reviewing the results of the audit procedures.
• D. Applying security policies.

Answer: ABC

Explanation:

According to the standards of ISACA, an auditor should hold the following responsibilities: Planning the IT audit engagement based on an assessed level of risk. Designing audit procedures of irregular and illegal acts. Reviewing the results of the audit procedures. Assuming that acts are not isolated. Determining why the internal control system failed for that act. Conducting additional audit procedures. Evaluating the results of the expanded audit procedures. Reporting all facts and circumstances of the irregular and illegal acts. Distributing the report to the appropriate internal parties, such as managers. Answer D is incorrect. The auditor is not responsible for applying security policies.

NEW QUESTION 12

You work as a Network Administrator for Tech-E-book Inc. You are configuring the ISA Server 2006 firewall to provide your company with a secure wireless intranet. You want to accept inbound mail delivery though an SMTP server. What basic rules of ISA Server do you need to configure to accomplish the task.

• A. Publishing rules
• B. Network rules
• C. Mailbox rules
• D. Access rules

Answer: A

Explanation:

Publishing rules are applied on SMTP servers to accept inbound mail delivery. There are three basic rules of ISA Server, which are as follows: Access rules: These rules determine what network traffic from the internal network is allowed to access the external network. Publishing rules: These rules are used for controlling access requests from the external network for the internal resources. These types of rules are usually applied to Web servers that are used for providing public access. These are also applied on SMTP servers to accept inbound mail delivery. Network rules: These rules define the traffic source, traffic destination, and the network relationship. Answer D is incorrect. These rules are set for controlling outbound traffic. Answer B is incorrect. These rules define how to handle the traffic. Answer C is incorrect. There are no such ISA Server rule sets.

NEW QUESTION 13

You have detected what appears to be an unauthorized wireless access point on your network. However this access point has the same MAC address as one of your real access points and is broadcasting with a stronger signal. What is this called?

• A. Buesnarfing
• B. The evil twin attack
• C. WAP cloning
• D. DOS

Answer: B

Explanation:
In the evil twin attack, a rogue wireless access point is set up that has the same MAC address as one of your legitimate access points. That rogue WAP will often then initiate a denial of service attack on your legitimate access point making it unable to respond to users, so they are redirected to the 'evil twin'. Answer A is incorrect. Blue snarfing is the process of taking over a PD Answer D is incorrect. A DOS may be used as part of establishing an evil twin, but this attack is not specifically for denial of service. Answer C is incorrect. While you must clone a WAP MAC address, the attack is not called WAP cloning.

NEW QUESTION 14

You work as a Web Developer for XYZ CORP. The company has a Windows-based
network. You have been assigned the task to secure the website of the company. To accomplish the task, you want to use a website monitoring service. What are the tasks performed by a website monitoring service?

• A. It checks the health of various links in a network using end-to-end probes sent by agents located at vantage points in the network.
• B. It checks SSL Certificate Expiry.
• C. It checks HTTP pages.
• D. It checks Domain Name Expiry.

Answer: BCD

Explanation:

Website monitoring service can check HTTP pages, HTTPS, FTP, SMTP, POP3, IMAP, DNS, SSH, Telnet, SSL, TCP, PING, Domain Name Expiry, SSL Certificate Expiry, and a range of other ports with great variety of check intervals from every four hours to every one minute. Typically, most website monitoring services test a server anywhere between once-per hour to once-per-minute. Advanced services offer in-browser web transaction monitoring based on browser add-ons such as Selenium or iMacros. These services test a website by remotely controlling a large number of web browsers. Hence, it can also detect website issues such a JavaScript bugs that are browser specific. Answer A is incorrect. This task is performed under network monitoring. Network tomography deals with monitoring the health of various links in a network using end-to-end probes sent by agents located at vantage points in the network/Internet.

NEW QUESTION 15

You are tasked with configuring your routers with a minimum security standard that includes the following: A local Username and Password configured on the router A strong privilege mode password Encryption of user passwords Configuring telnet and ssh to authenticate against the router user database Choose the configuration that best meets these requirements.

• A. RouterA(config)#service password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable secret n56e&$te RouterA(config)#line vty 0 4 RouterA(config-line)#login
• B. RouterA(config)#service password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable password n56e&$te RouterA(config)#line vty 0 4RouterA(config-line)#login local
• C. RouterA(config)#service password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable secret n56e&$te RouterA(config)#line vty 0 4RouterA(config-line)#login local
• D. RouterA(config)#service enable-password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable secret n56e&$te RouterA(config)#line vty 0 4RouterA(config-line)#login user

Answer: C

Explanation:

In order to fulfill the requirements, you should use the following set of commands: RouterA(config)#service password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable secret n56e&$te RouterA(config)#line vty 0 4 RouterA(config-line)#login local Answer D is incorrect. This configuration does not apply password encryption correctly. The command service enable-password- encryption is incorrect. The correct command is service password-encryption. Answer A is incorrect. This configuration applies the login command to the VTY lines. This would require the password to be set at the VTY Line 0 4 level. This effectively will not configure user-level access for the VTY lines. Answer B is incorrect. The enable password command is obsolete and considered insecure. The proper command is enable secret followed by the password value.

NEW QUESTION 16

You work as a Database Administrator for Dolliver Inc. The company uses Oracle 11g as its database. You have used the LogMiner feature for auditing purposes. Which of the following files store a copy of the data dictionary? (Choose two)

• A. Online redo log files
• B. Operating system flat file
• C. Dump file
• D. Control file

Answer: AB

Explanation:

LogMiner requires a dictionary to translate object IDs into object names when it returns redo data to you. You have the following three options to retrieve the data dictionary: The Online catalog: It is the most easy and efficient option to be used. It is used when a database user have access to the source database from which the redo log files were created. The other condition that should qualify is that there should be no changes to the column definitions in the desired tables. The Redo Log Files: This option is used when a database user does not have access to the source database from which the redo log files were created and if there is any chances of changes to the column definitions of the desired tables. An operating system flat file: Oracle does not recommend to use this option, but it is retained for backward compatibility. The reason for not preferring the option is that it does not guarantee transactional consistency. LogMiner is capable to access the Oracle redo logs. It keeps the complete record of all the activities performed on the database, and the associated data dictionary, which is used to translate internal object identifiers and types to external names and data formats. For offline analysis, LogMiner can be run on a separate database, using archived redo logs and the associated dictionary from the source database.

NEW QUESTION 17

You are the project manager of a Web development project. You want to get information about your competitors by hacking into their computers. You and the project team determine should the hacking attack not be performed anonymously, you will be traced. Hence, you hire a professional hacker to work on the project. This is an example of what type of risk response?

• A. Transference
• B. Mitigation
• C. Acceptance
• D. Avoidance

Answer: A

Explanation:

Whenever the risk is transferred to someone else, it is an example of transference risk response. Transference usually has a fee attached to the service provider that will own the risk event.

NEW QUESTION 18
......