Top Tips Of Abreast Of The Times GSNA Testing Bible

NEW QUESTION 1

Which of the following key combinations in the vi editor is used to copy the current line?

• A. dk
• B. yy
• C. d$
• D. dl

Answer: B

Explanation:

The yy key combination in the vi editor is used to copy the current line. The vi editor is an interactive, cryptic, and screen-based text editor used to create and edit a file. It operates in either Input mode or Command mode. In Input mode, the vi editor accepts a keystroke as text and displays it on the screen, whereas in Command mode, it interprets keystrokes as commands. As the vi editor is case sensitive, it interprets the same character or characters as different commands, depending upon whether the user enters a lowercase or uppercase character. When a user starts a new session with vi, he must put the editor in Input mode by pressing the "I" key. If he is not able to see the entered text on the vi editor's screen, it means that he has not put the editor in Insert mode. The user must change the editor to Input mode before entering any text so that he can see the text he has entered. Answer D is incorrect. It deletes next char on the right. Answer A is incorrect. It deletes the current line and one line above. Answer C is incorrect. It deletes from the cursor till the end of the line.

NEW QUESTION 2

Sarah works as a Web Developer for XYZ CORP. She develops a Web site for the company. She uses tables in the Web site. Sarah embeds three tables within a table. What is the technique of embedding tables within a table known as?

• A. Nesting tables
• B. Stacking tables
• C. CSS tables
• D. Horned tables

Answer: A

Explanation:

In general, nesting means embedding a construct inside another. Nesting tables is a technique in which one or more tables are embedded within a table. Answer B, C, D are incorrect. There are no techniques such as stacking tables, horned tables, or CSS tables.

NEW QUESTION 3

You are responsible for a large network that has its own DNS servers. You periodically check the log to see if there are any problems. Which of the following are likely errors you might encounter in the log? (Choose three)

• A. The DNS server could not create FTP socket for address [IP address of server]
• B. The DNS server could not create an SMTP socket
• C. Active Directory Errors
• D. The DNS server could not create a Transmission Control Protocol (TCP) socket
• E. The DNS server could not initialize the Remote Procedure Call (RPC) service

Answer: CDE

Explanation:

There are a number of errors one could find in a Windows Server 2003 DNS log. They are as follows: The DNS server could not create a Transmission Control Protocol. The DNS server could not open socket for address. The DNS server could not initialize the Remote Procedure Call (RPC) service. The DNS server could not bind the main datagram socket. The DNS Server service relies on Active Directory to store and retrieve information for Active Directory-integrated zones. And several active directory errors are possible. Answer B is incorrect. DNS Servers do not create FTP connections. Answer A is incorrect. DNS Servers do not create SMTP connections.

NEW QUESTION 4

Web mining allows a user to look for patterns in data through content mining, structure mining, and usage mining. What is the function of structure mining?

• A. To examine data collected by search engines
• B. To examine data collected by Web spiders
• C. To examine data related to the structure of a particular Web site
• D. To examine data related to a particular user's browser

Answer: C

Explanation:
Structure mining is used to examine data related to the structure of a particular Web site. Answer D is incorrect. Usage mining is used to examine data related to a particular user's browser as well as data gathered by forms the user may have submitted during Web transactions.

NEW QUESTION 5

Which of the following statements about the traceroute utility are true?

• A. It uses ICMP echo packets to display the Fully Qualified Domain Name (FQDN) and the IP address of each gateway along the route to the remote host.
• B. It records the time taken for a round trip for each packet at each router.
• C. It is an online tool that performs polymorphic shell code attacks.
• D. It generates a buffer overflow exploit by transforming an attack shell code so that the new attack shell code cannot be recognized by any Intrusion Detection Systems.

Answer: AB

Explanation:

Traceroute is a route-tracing utility that displays the path an IP packet takes to reach its destination. It uses ICMP echo packets to display the Fully Qualified Domain Name (FQDN) and the IP address of each gateway along the route to the remote host. This tool also records the time taken for a round trip for each packet at each router that can be used to find any faulty router along the path. Answer C, D are incorrect. Traceroute does not perform polymorphic shell code attacks. Attacking tools such as ADMutate areused to perform polymorphic shell code attacks.

NEW QUESTION 6

You work as a Computer Hacking Forensic Investigator for SecureNet Inc. You want to investigate Cross-Site Scripting attack on your company's Website. Which of the following methods of investigation can you use to accomplish the task?

• A. Review the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL to the company's site.
• B. Look at the Web servers logs and normal traffic logging.
• C. Use Wireshark to capture traffic going to the server and then searching for the requests going to the input page, which may give log of the malicious traffic and the IP address of the source.
• D. Use a Web proxy to view the Web server transactions in real time and investigate any communication with outside servers.

Answer: ABD

Explanation:

You can use the following methods to investigate Cross-Site Scripting attack:
* 1. Look at the Web servers logs and normal traffic logging.
* 2. Use a Web proxy to view the Web server transactions in real time and investigate any communication with outside servers.
* 3. Review the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL to the company's site. Answer C is incorrect. This method is not used to investigate Cross-Site Scripting attack.

NEW QUESTION 7

What is the extension of a Cascading Style Sheet?

• A. .hts
• B. .cs
• C. .js
• D. .css

Answer: D

Explanation:

A Cascading Style Sheet (CSS) is a separate text file that keeps track of design and formatting information, such as colors, fonts, font sizes, and margins, used in Web pages. CSS is used to provide Web site authors greater control on the appearance and presentation of their Web pages. It has codes that are interpreteA, Dpplied by the browser on to the Web pages and their elements. CSS files have .css extension. There are three types of Cascading Style Sheets: External Style Sheet Embedded Style Sheet Inline Style Sheet

NEW QUESTION 8

Which of the following is an enterprise-grade network/application/performance monitoring platform that tightly integrates with other smart building management systems, such as physical access control, HVAC, lighting, and time/attendance control?

• A. Airwave Management Platform
• B. Andrisoft WANGuard Platform
• C. akk@da
• D. Aggregate Network Manager

Answer: D

Explanation:

Aggregate Network Manager is an enterprise-grade network/application/performance monitoring platform that tightly integrates with other smart building management systems, such as physical access control, HVAC, lighting, and time/attendance control. Answer A is incorrect. Airwave Management Platform (AMP) is wireless network management software. It offers centralized control for Wi-Fi networks. Some of its common features are access point configuration management, reporting, user tracking, help desk views, and rogue AP discovery. Answer C is incorrect. akk@da is a simple network monitoring system. It is designed for small and middle size computer networks. Its function is to quickly detect the system or network faults and display the information about detected faults to the administrators. The information is collected by it in every single minute (a user can decrease this period to 1 second). Approximately all the services of the monitored hosts are discovered automatically. Answer B is incorrect. Andrisoft WANGuard Platform offers solutions for various network issues such as WAN links monitoring, DDoS detection and mitigation, traffic accounting, and graphing.

NEW QUESTION 9

You are concerned about an attacker being able to get into your network. You want to make sure that you are informed of any network activity that is outside normal parameters. What is the best way to do this?

• A. Utilize protocol analyzers.
• B. User performance monitors.
• C. Implement signature based antivirus.
• D. Implement an anomaly based IDS.

Answer: D

Explanation:

An anomaly based Intrusion Detection System will monitor the network for any activity that is outside normal parameters (i.e. an anomaly) and inform you of it. Answer C is incorrect. Antivirus software, while important, won't help detect the activities of intruders. Answer B is incorrect. Performance monitors are used to measure normal network activity and look for problems such as bottlenecks. Answer A is incorrect. A protocol analyzer does detect if a given protocol is moving over a particular network segment.

NEW QUESTION 10

You work as a Network Administrator for Tech Perfect Inc. For security issues, the company requires you to harden its routers. You therefore write the following code: Router#config terminal Router(config) #no ip bootp server Router(config) #no ip name- server Router(config) #no ntp server Router(config) #no snmp server Router(config) #no ip http server Router(config) #^Z Router# What services will be disabled by using this configuration fragment?

• A. BootP service
• B. Finger
• C. CDP
• D. DNS function

Answer: AD

Explanation:

The above configuration fragment will disable the following services from the router: The BootP service The DNS function The Network Time Protocol The Simple Network Management Protocol Hyper Text Transfer Protocol

NEW QUESTION 11

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against .

• A. NetBIOS NULL session
• B. DNS zone transfer
• C. IIS buffer overflow
• D. SNMP enumeration

Answer: C

Explanation:
Removing the IPP printing capability from a server is a good countermeasure against an IIS buffer overflow attack. A Network Administrator should take the following steps to prevent a Web server from IIS buffer overflow attacks: Conduct frequent scans for server vulnerabilities. Install the upgrades of Microsoft service packs. Implement effective firewalls. Apply URLScan and IISLockdown utilities. Remove the IPP printing capability. Answer B is incorrect. The following are the DNS zone transfer countermeasures: Do not allow DNS zone transfer using the DNS property sheet:
* a. Open DNS.
* b. Right-click a DNS zone and click Properties.
* c. On the Zone Transfer tab, clear the Allow zone transfers check box.
Configure the master DNS server to allow zone transfers only from secondary DNS servers:
* a. Open DNS.
* b. Right-click a DNS zone and click Properties.
* c. On the zone transfer tab, select the Allow zone transfers check box, and then do one of the following:
To allow zone transfers only to the DNS servers listed on the name servers tab, click on the Only to the servers listed on the Name Server tab. To allow zone transfers only to specific DNS servers, click Only to the following servers, and add the IP address of one or more servers. Deny all unauthorized inbound connections to TCP port 53. Implement DNS keys and encrypted DNS payloads. Answer D is incorrect. The following are the countermeasures against SNMP enumeration:
* 1. Removing the SNMP agent or disabling the SNMP service
* 2. Changing the default PUBLIC community name when 'shutting off SNMP' is not an option
* 3. Implementing the Group Policy security option called Additional restrictions for anonymous connections
* 4. Restricting access to NULL session pipes and NULL session shares
* 5. Upgrading SNMP Version 1 with the latest version 6.Implementing Access control list filtering to allow only access to the read-write community from approved stations or subnets Answer A is incorrect.
NetBIOS NULL session vulnerabilities are hard to prevent, especially if NetBIOS is needed as part of the infrastructure. One or more of the following steps can be taken to limit NetBIOS NULL session vulnerabilities: 1.Removing the SNMP agent or disabling the SNMP service 2.Changing the default PUBLIC community name when 'shutting off SNMP' is not an option 3.Implementing the Group Policy security option called Additional restrictions for anonymous connections 4.Restricting access to NULL session pipes and NULL session shares 5.Upgrading SNMP Version 1 with the latest version 6.Implementing
Access control list filtering to allow only access to the read-write community from approved stations or subnets nswer option A is incorrect. NetBIOS NULL session vulnerabilities are hard to prevent, especially if NetBIOS is needed as part of the nfrastructure. One or more of the following steps can be taken to limit NetBIOS NULL session vulnerabilities:
* 1. Null sessions require access to the TCP 139 or TCP 445 port, which can be disabled by a Network Administrator.
* 2. A Network Administrator can also disable SMB services entirely on individual hosts by unbinding WINS Client TCP/IP from the interface.
* 3. A Network Administrator can also restrict the anonymous user by editing the registry values:
* a.Open regedit32, and go to HKLM\SYSTEM\CurrentControlSet\LSA. b.Choose edit > add value. Value name: RestrictAnonymous Data Type: REG_WORD Value: 2

NEW QUESTION 12

You have made a program secure.c to display which ports are open and what types of services are running on these ports. You want to write the program's output to standard output and simultaneously copy it into a specified file. Which of the following commands will you use to accomplish the task?

• A. cat
• B. more
• C. less
• D. tee

Answer: D

Explanation:

You will use the tee command to write its content to standard output and simultaneously copy it into the specified file. The tee command is used to split the output of a program so that it can be seen on the display and also be saved in a file. It can also be used to capture intermediate output before the data is altered by another command or program. The tee command reads standard input, then writes its content to standard output, and simultaneously copies it into the specified file(s) or variables. The syntax of the tee command is as follows: tee [-a] [-i] [File] where, the -a option appends the output to the end of File instead of writing over it and the -i option is used to ignore interrupts. Answer A is incorrect. The concatenate (cat) command is used to display or print the contents of a file. Syntax: cat filename For example, the following command will display the contents of the /var/log/dmesg file: cat /var/log/dmesg Note: The more command is used in conjunction with the cat command to prevent scrolling of the screen while displaying the contents of a file. Answer C is incorrect. The less command is used to view (but not change) the contents of a text file, one screen at a time. It is similar to the more command. However, it has the extended capability of allowing both forwarB, Dackward navigation through the file. Unlike most Unix text editors/viewers, less does not need to read the entire file before starting; therefore, it has faster load times with large files. The command syntax of the less command is as follows: less [options] file_name Where,

Answer B is incorrect. The more command is used to view (but not modify) the contents of a text file on the terminal screen at a time. The syntax of the more command is as follows: more [options] file_name Where,

NEW QUESTION 13

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

• A. Safeguards
• B. Detective controls
• C. Corrective controls
• D. Preventive controls

Answer: C

Explanation:

Corrective controls are used after a security breach. After security has been breached, corrective controls are intended to limit the extent of any damage caused by the incident, e.g. by recovering the organization to normal working status as efficiently as possible. Answer D is incorrect. Before the event, preventive controls are intended to prevent an incident from occurring, e.g. by locking out unauthorized intruders. Answer B is incorrect. During the event, detective controls are intended to identify and characterize an
incident in progress, e.g. by sounding the intruder alarm and alerting the security guards or the police. Answer A is incorrect. Safeguards are those controls that provide some amount of protection to an asset.

NEW QUESTION 14

You have just installed a Windows 2003 server. What action should you take regarding the default shares?

• A. Disable them only if this is a domain server.
• B. Disable them.
• C. Make them hidden shares.
• D. Leave them, as they are needed for Windows Server operations.

Answer: B

Explanation:

Default shares should be disabled, unless they are absolutely needed. They pose a significant security risk by providing a way for an intruder to enter your machine. Answer A is incorrect. Whether this is a domain server, a DHCP server, a file server, or database server does not change the issue with shared drives/folders. Answer C is incorrect. They cannot be hidden. Shared folders are, by definition, not hidden but rather available to users on the network. Answer D is incorrect. These are not necessary for Windows Server operations.

NEW QUESTION 15

You work as a Network Administrator for Tech Perfect Inc. You need to configure the company firewall so that only Simple Network Management Protocol (SNMP) and Secure HTTP (HTTPS) traffic is allowed into the intranet of the company. No other traffic should be allowed into the intranet. Which of the following rule sets should you use on your firewall to accomplish the task? (Assume left to right equals top to bottom.)

• A. Output chain: allow port 443, allow 25, deny all
• B. Input chain: deny all, allow port 25, allow 443
• C. Input chain: allow port 25, allow 443, deny all
• D. Output chain: allow port 25, allow 443, deny all

Answer: C

Explanation:

In the given rule set, 'Input chain' defines that the rule is for the incoming traffic, i.e., traffic coming from the intranet to the Internet. Port 25 is being allowed for SNMP traffic and port 443 for the HTTPS traffic. Deny all is being used after allowing port 25 and 443; hence, all the other traffic will be denied. Answer B is incorrect. Deny all is executed first; hence, all the traffic will be denied including port 25 and 443. Answer A, D are incorrect. These rule sets are used for outgoing traffic, i.e., traffic going from the intranet to the Internet as the 'Output chain' rule is being used.

NEW QUESTION 16
......