Most Up-to-date GSNA Questions Pool For GIAC Systems And Network Auditor Certification

High quality of GSNA free exam questions materials and preparation for GIAC certification for examinee, Real Success Guaranteed with Updated GSNA pdf dumps vce Materials. 100% PASS GIAC Systems and Network Auditor exam Today!

Also have GSNA free dumps questions for you:


Adam works on a Linux system. He is using Sendmail as the primary application to transmit e-mails. Linux uses Syslog to maintain logs of what has occurred on the system. Which of the following log files contains e-mail information such as source and destination IP addresses, date and time stamps etc?

  • A. /var/log/mailog
  • B. /var/log/logmail
  • C. /log/var/mailog
  • D. /log/var/logd

Answer: A


/var/log/mailog ?le generally contains the source and destination IP addresses, date and time stamps, and other information that may be used to check the information contained within an e-mail header. Linux uses Syslog to maintain logs of what has occurred on the system. The configuration file /etc/syslog.conf is used to determine where the Syslog service (Syslogd) sends its logs. Sendmail can create event messages and is usually configured to record the basic information such as the source and destination addresses, the sender and recipient addresses, and the message ID of e-mail. The syslog.conf will display the location of the log file for e-mail. Answer B, C, D are incorrect. All these files are not valid log files.


Which of the following does an anti-virus program update regularly from its manufacturer's Web site?

  • A. Hotfixes
  • B. Permissions
  • C. Service packs
  • D. Definition

Answer: D


An anti-virus program updates the virus definition file regularly from the anti- virus manufacturer's Web site. Antivirus (or anti-virus) software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware. Traditional antivirus software solutions run virus scanners on schedule, on demand and some run scans in real time. If a virus or malware is located, the suspect file is usually placed into a quarantine to terminate its chances of disrupting the system. Traditional antivirus solutions scan and compare against a publicized and regularly updated dictionary of malware otherwise known as a blacklist. Some antivirus solutions have additional options that employ a heuristic engine which further examines the file to see if it is behaving in a similar manner to previous examples of malware. A new technology utilized by a few antivirus solutions is whitelisting; this technology first checks if the file is trusted and only questions those that are not. With the addition of wisdom of crowds, antivirus solutions backup other antivirus techniques by harnessing the intelligence and advice of a community of trusted users to protect each other. Answer C is incorrect. A service pack is a collection of Fixes and Patches in a single product. A service pack can be used to handle a large number of viruses and bugs or to update an operating system with advanceB, Detter capabilities. A service pack usually contains a number of file replacements. Answer A is incorrect. Hotfix is a collection of files used by Microsoft for software updates that are released between major service pack releases. A hotfix is about a problem, occurring under specific circumstances, which cannot wait to be fixed till the next service pack release. Hotfixes are generally related to security problems. Hence, it is essential to fix these problems as soon as possible. Answer B is incorrect. An anti-virus program does not update Permissions regularly from its manufacturer's Web site.


John works as a Network Administrator for Perfect Solutions Inc. The company has a Debian Linux-based network. He is working on the bash shell in which he creates a variable VAR1. After some calculations, he opens a new ksh shell. Now, he wants to set VAR1 as an environmental variable so that he can retrieve VAR1 into the ksh shell. Which of the following commands will John run to accomplish the task?

  • A. echo $VAR1
  • B. touch VAR1
  • C. export VAR1
  • D. env -u VAR1

Answer: C

Since John wants to use the variable VAR1 as an environmental variable, he will use the export command to accomplish the task.


Which of the following is the best way to authenticate users on the intranet?

  • A. By using Forms authentication.
  • B. By using Basic authentication.
  • C. By using clear text.
  • D. By using NT authentication.

Answer: D


The best way to authenticate users on the intranet is by using NT authentication. Windows NT authentication works where the client and server computers are located in the same or trusted domains. Using NT authentication with an anonymous logon account is the best way to authenticate users on intranet because passwords are not transmitted over the network. User credentials are supplied automatically, if the user is logged on to a Windows machine. Answer B is incorrect. Basic authentication is used to authenticate users on the Internet. It is used by most of the browsers for authentication and connection. When using Basic authentication, the browser prompts the user for a username and password. This information is then transmitted across the Hypertext Transfer Protocol (HTTP). Answer A is incorrect. Forms authentication is used in an ASP environment to issue appropriate Membership server related cookies, to a user. Answer C is incorrect. Clear text is not an authentication method.


Which of the following statements about a session are true? (Choose two)

  • A. The creation time can be obtained using the getSessionCreationTime() method of the HttpSession.
  • B. The getAttribute() method of the HttpSession interface returns a String.
  • C. The time for the setMaxInactiveInterval() method of the HttpSession interface is specified in seconds.
  • D. The isNew() method is used to identify if the session is new.

Answer: CD


The setMaxInactiveInterval() method sets the maximum time in seconds before a session becomes invalid. The syntax of this method is as follows: public void
setMaxInactiveInterval(int interval) Here, interval is specified in seconds. The isNew() method of the HttpSession interface returns true if the client does not yet know about the session, or if the client chooses not to join the session. This method throws an IllegalStateException if called on an invalidated session. Answer B is incorrect. The getAttribute(String name) method of the HttpSession interface returns the value of the named attribute as an object. It returns a null value if no attribute with the given name is bound to the session. This method throws an IllegalStateException if it is called on an invalidated session. Answer A is incorrect. The creation time of a session can be obtained using the getCreationTime() method of the HttpSession.


You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to see the username, real name, home directory, encrypted password, and other information about a user. Which of the following Unix configuration files can you use to accomplish the task?

  • A. /etc/passwd
  • B. /etc/printcap
  • C. /etc/hosts
  • D. /etc/inittab

Answer: A


In Unix, the /etc/passwd file contains username, real name, home directory,
encrypted password, and other information about a user. Answer C is incorrect. In Unix, the /etc/hosts file lists the hosts for name lookup use that are locally required. Answer D is incorrect. In Unix, the /etc/inittab file is the configuration file for init. It controls startup run levels and determines scripts to start with. Answer B is incorrect. In Unix, the /etc/printcap file is the configuration file for printers.


Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

  • A. Single Loss Expectancy (SLE)
  • B. Annualized Rate of Occurrence (ARO)
  • C. Exposure Factor (EF)
  • D. Safeguard

Answer: B


The Annualized Rate of Occurrence (ARO) is a number that represents the estimated frequency at which a threat is expected to occur. It is calculated based upon the probability of the event occurring and the number of employees that could make that event occur. Answer C is incorrect. The Exposure Factor (EF) represents the % of assets loss caused by a threat. The EF is required to calculate the Single Loss Expectancy (SLE). Answer A is incorrect. The Single Loss Expectancy (SLE) is the value in dollars that is assigned to a single event. SLE = Asset Value ($) X Exposure Factor (EF) Answer D is incorrect. Safeguard acts as a countermeasure for reducing the risk associated with a specific threat or a group of threats.


In which of the following attacking methods does an attacker distribute incorrect IP address?

  • A. DNS poisoning
  • B. IP spoofing
  • C. Mac flooding
  • D. Man-in-the-middle

Answer: A


In DNS poisoning attack, an attacker distributes incorrect IP address. DNS cache poisoning is a maliciously created or unintended situation that provides data to a caching name server that did not originate from authoritative Domain Name System (DNS) sources. Once a DNS server has received such non-authentic datA, Caches it for future performance increase, it is considered poisoned, supplying the non-authentic data to the clients of the server. To perform a cache poisoning attack, the attacker exploits a flaw in the DNS software. If the server does not correctly validate DNS responses to ensure that they are from an authoritative source, the server will end up caching the incorrect entries locally and serve them to other users that make the same request. Answer B is incorrect. IP (Internet Protocol) address spoofing is an attack in which an attacker creates the IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing system. The basic protocol for sending data over the Internet and many other computer networks is the Internet Protocol ("IP"). The header of each IP packet contains, among other things, the numerical source and destination address of the packet. The source address is normally the address that the packet was sent from. By forging the header so it contains a different address, an attacker can make it appear that the packet was sent by a different machine. The machine that receives spoofed packets will send response back to the forged source address, which means that this technique is mainly used when the attacker does not care about the response or the attacker has some way of guessing the response. Answer D is incorrect. Man-in-the-middle attacks occur when an attacker successfully inserts an intermediary software or program between two communicating hosts. The intermediary software or program allows attackers to listen to and modify the communication packets passing between the two hosts. The software intercepts the communication packets and then sends the information to the receiving host. The receiving host responds to the software, presuming it to be the legitimate client. Answer C is incorrect. MAC flooding is a technique employed to compromise the security of network switches. In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table. The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. A malicious user could then use a packet sniffer (such as Wireshark) running in promiscuous mode to capture sensitive data from other computers (such as unencrypted passwords, e- mail and instant messaging conversations), which would not be accessible were the switch operating normally.


Which of the following is an attempt to give false information or to deny that a real event or transaction should have occurred?

  • A. A DDoS attack
  • B. A repudiation attack
  • C. A reply attack
  • D. A dictionary attack

Answer: B


A repudiation attack is an attempt to give false information or to deny that a real event or transaction should have occurred. Answer A is incorrect. In a distributed denial of service (DDOS) attack, an attacker uses multiple computers throughout the network that has been previously infected. Such computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. TFN, TRIN00, etc. are tools used for a DDoS attack. Answer C is incorrect. A replay attack is a type of attack in which attackers capture packets containing passwords or digital signatures whenever packets pass between two hosts on a network. In an attempt to obtain an authenticated connection, the attackers then resend the captured packet to the system. In this type of attack, the attacker does not know the actual password, but can simply replay
the captured packet. Answer D is incorrect. Dictionary attack is a type of password guessing attack. This type of attack uses a dictionary of common words to find out the password of a user. It can also use common words in either upper or lower case to find a password. There are many programs available on the Internet to automate and execute dictionary attacks.


Which of the following allows the use of multiple virtual servers using different DNS names resolved by the same IP address?

  • A. HTTP 1.1
  • B. JAVA
  • C. HTML
  • D. VPN

Answer: A


HTTP 1.1 allows the use of multiple virtual servers, all using different DNS names resolved by the same IP address. The WWW service supports a concept called virtual server. A virtual server can be used to host multiple domain names on the same physical Web server. Using virtual servers, multiple FTP sites and Web sites can be hosted on a single computer. It means that there is no need to allocate different computers and software packages for each site. Answer D is incorrect. VPN stands for virtual private network. It allows users to use the Internet as a secure pipeline to their corporate local area networks (LANs). Remote users can dial-in to any local Internet Service Provider (ISP) and initiate a VPN session to connect to their corporate LAN over the Internet. Companies using VPNs significantly reduce long-distance dial-up charges. VPNs also provide remote employees with an inexpensive way of remaining connected to their company's LAN for extended periods.
Answer B is incorrect. Java is an object oriented programming language developed by Sun Microsystems. It allows the creation of platform independent executables. Java source code files are compiled into a format known as bytecode (files with .class extension). Java supports programming for the Internet in the form of Java applets. Java applets can be executed on a computer having a Java interpreter and a run-time environment known as Java Virtual Machine (JVM). Java Virtual Machines (JVMs) are available for most operating systems, including UNIX, Macintosh OS, and Windows. Answer C is incorrect. HTML stands for Hypertext Markup Language. It is a set of markup symbols or codes used to create Web pages and define formatting specifications. The markup tells the Web browser how to display the content of the Web page.


In which of the following does a Web site store information such as user preferences to provide customized services to users?

  • A. Protocol
  • B. ActiveX control
  • C. Cookie
  • D. Keyword

Answer: C


A cookie is a small bit of text that accompanies requests and pages as they move between Web servers and browsers. It contains information that is read by a Web application, whenever a user visits a site. Cookies are stored in the memory or hard disk of client computers. A Web site stores information, such as user preferences and settings in a cookie. This information helps in providing customized services to users. There is absolutely no way a Web server can access any private information about a user or his computer through cookies, unless a user provides the information. A Web server cannot access cookies created by other Web servers.
Answer A is incorrect. A protocol is a set of predefined rules that govern how two or more processes communicate and interact to exchange data. Protocols are considered as the building blocks of network communication. Computer protocols are used by communicating
devices and software services to format data in a way that all participants understand. It provides a context in which to interpret communicated information. Answer B is incorrect. ActiveX controls are software components that can be integrated into Web pages and applications, within a computer or among computers in a network, to reuse the functionality. Reusability of controls reduces development time of applications and improves program interfaces. They enhance the Web pages with formatting features and animation. ActiveX controls can be used in applications written in different programming languages that recognize Microsoft's Component Object Model (COM). These controls always run in a container. ActiveX controls simplify and automate the authoring tasks, display data, and add functionality to Web pages. Answer D is incorrect. Keywords are important terms used to search Web pages on a particular topic. For example, if a user enters a keyword "Networking" in a search engine form, all Web pages containing the term "Networking" will be displayed.


Which of the following protocols are used to provide secure communication between a
client and a server over the Internet? (Choose two)

  • A. TLS
  • B. SSL
  • C. HTTP
  • D. SNMP

Answer: AB

SSL and TLS protocols are used to provide secure communication between a client and a server over the Internet.


You work as a Network Administrator for Tech-E-book Inc. You are configuring the ISA Server 2006 firewall to provide your company with a secure wireless intranet. You want to accept inbound mail delivery though an SMTP server. What basic rules of ISA Server do you need to configure to accomplish the task.

  • A. Publishing rules
  • B. Network rules
  • C. Mailbox rules
  • D. Access rules

Answer: A


Publishing rules are applied on SMTP servers to accept inbound mail delivery. There are three basic rules of ISA Server, which are as follows: Access rules: These rules determine what network traffic from the internal network is allowed to access the external network. Publishing rules: These rules are used for controlling access requests from the external network for the internal resources. These types of rules are usually applied to Web servers that are used for providing public access. These are also applied on SMTP servers to accept inbound mail delivery. Network rules: These rules define the traffic source, traffic destination, and the network relationship. Answer D is incorrect. These rules are set for controlling outbound traffic. Answer B is incorrect. These rules define how to handle the traffic. Answer C is incorrect. There are no such ISA Server rule sets.


Anonymizers are the services that help make a user's own Web surfing anonymous. An anonymizer removes all the identifying information from a user's computer while the user surfs the Internet. It ensures the privacy of the user in this manner. After the user anonymizes a Web access with an anonymizer prefix, every subsequent link selected is also automatically accessed anonymously. Which of the following are limitations of anonymizers?

  • A. ActiveX controls
  • B. Plugins
  • C. Secure protocols
  • D. Java applications
  • E. JavaScript

Answer: ABCDE


Anonymizers have the following limitations: 1.HTTPS: Secure protocols such as 'https:' cannot be properly anonymized, as the browser needs to access the site directly to properly maintain the secure encryption. 2.Plugins: If an accessed site invokes a third-party plugin, there is no guarantee of an established independent direct connection from the user computer to a remote site. 3.Java: Any Java application accessed through an anonymizer will not be able to bypass the Java security wall. 4.ActiveX: ActiveX applications have almost unlimited access to the user's computer system. 5.JavaScript: The JavaScript scripting language is disabled with URL-based anonymizers.


You are concerned about attackers simply passing by your office, discovering your wireless network, and getting into your network via the wireless connection. Which of the following are NOT steps in securing your wireless connection? (Choose two)

  • A. Hardening the server OS
  • B. Using either WEP or WPA encryption
  • C. MAC filtering on the router
  • D. Strong password policies on workstations.
  • E. Not broadcasting SSID

Answer: AD


Both hardening the server OS and using strong password policies on workstations are good ideas, but neither has anything to do with securing your wireless connection. Answer B is incorrect. Using WEP or WPA is one of the most basic security steps in securing your wireless.


P.S. Surepassexam now are offering 100% pass ensure GSNA dumps! All GSNA exam questions have been updated with correct answers: (368 New Questions)