Most Up-to-date GIAC Systems And Network Auditor GSNA Answers

NEW QUESTION 1

Which of the following are the disadvantages of Dual-Homed Host Firewall Architecture?

• A. It can provide services by proxying them.
• B. It can provide a very low level of control.
• C. User accounts may unexpectedly enable services a user may not consider secure.
• D. It provides services when users log on to the dual-homed host directly.

Answer: ACD

Explanation:

A dual-homed host is one of the firewall architectures for implementing preventive security. It provides the first-line defense and protection technology for keeping untrusted bodies from compromising information security by violating trusted network space as shown in the image below: A dual-homed host (or bastion host) is a system fortified with two network interfaces (NICs) that sits between an un-trusted network (like the Internet) and trusted network (such as a corporate network) to provide secure access. Dual-homed, or bastion, is a general term for proxies, gateways, firewalls, or any server that provides secured applications or services directly to an untrusted network.
A dual-homed host also has some disadvantages, which are as follows:
* 1. It can provide services by proxying them.
* 2. User accounts may unexpectedly enable services a user may not consider secure.
* 3. It provides services when users log on to the dual-homed host directly.
Answer B is incorrect. Dual-Homed Host Firewall Architecture can provide a very high level of control.

NEW QUESTION 2

An executive in your company reports odd behavior on her PDA. After investigation you discover that a trusted device is actually copying data off the PDA. The executive tells you that the behavior started shortly after accepting an e-business card from an unknown person. What type of attack is this?

• A. Session Hijacking
• B. Bluesnarfing
• C. Privilege Escalation
• D. PDA Hijacking

Answer: B

Explanation:

Bluesnarfing is a rare attack in which an attacker takes control of a bluetooth enabled device. One way to do this is to get your PDA to accept the attacker's device as a trusted device.

NEW QUESTION 3

Which of the following statements are true about security risks? (Choose three)

• A. They can be removed completely by taking proper actions.
• B. They are considered an indicator of threats coupled with vulnerability.
• C. They can be mitigated by reviewing and taking responsible actions based on possible risks.
• D. They can be analyzed and measured by the risk analysis process.

Answer: BCD

Explanation:

In information security, security risks are considered an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. These risks can be analyzed and measured by the risk analysis process. Answer A is incorrect. Security risks can never be removed completely but can be mitigated by taking proper actions.

NEW QUESTION 4

A Web developer with your company wants to have wireless access for contractors that come in to work on various projects. The process of getting this approved takes time. So rather than wait, he has put his own wireless router attached to one of the network ports in his department. What security risk does this present?

• A. None, adding a wireless access point is a common task and not a security risk.
• B. It is likely to increase network traffic and slow down network performance.
• C. This circumvents network intrusion detection.
• D. An unauthorized WAP is one way for hackers to get into a network.

Answer: D

Explanation:

Any unauthorized Wireless Access Point (WAP) is a serious security breach. Its configuration might be very unsecure. For example it might not use encryption or MAC filtering, thus allowing anyone in range to get on the network.

NEW QUESTION 5

The routing algorithm uses certain variables to create a metric of a path. It is the metric that actually determines the routing path. In a metric, which of the following variables is used to define the 'largest size' of a message that can be routed?

• A. Load
• B. MTU
• C. Hop count
• D. Bandwidth

Answer: B

Explanation:

The routing algorithm uses certain variables to create a metric of a path. It is the metric that is actually used for path determination. Variables that are used to create a metric of a path are as follows: Hop count: It is the total number of routers that a data packet goes through to reach its destination. Cost: It is determined by the administrator or calculated by the router. Bandwidth: It is defined as the bandwidth that the link provides. Maximum transmission unit (MTU): It is the largest message size that a link can route. Load: It states the amount of work the CPU has to perform and the number of packets the CPU needs to analyze and make calculations on.

NEW QUESTION 6

Which of the following protocols are used to provide secure communication between a
client and a server over the Internet? (Choose two)

• A. TLS
• B. SSL
• C. HTTP
• D. SNMP

Answer: AB

Explanation:
SSL and TLS protocols are used to provide secure communication between a client and a server over the Internet.

NEW QUESTION 7

You have been assigned a project to develop a Web site for a construction company. You plan to develop a Web site and want to use cascading style sheets (CSS) as it helps you to get more control over the appearance and presentation of your Web pages and also extends your ability to precisely specify the position and appearance of the elements on a page and create special effects. You want to define styles for individual elements of a page. Which type of style sheet will you use?

• A. Embedded Style Sheet
• B. Internal Style Sheet
• C. External Style Sheet
• D. Inline Style Sheet

Answer: D

Explanation:

Cascading style sheets (CSS) are used so that the Web site authors can exercise greater control on the appearance and presentation of their Web pages. And also because they increase the ability to precisely point to the location and look of elements on a Web page and help in creating special effects. Cascading Style Sheets have codes, which are interpreteA, Dpplied by the browser on to the Web pages and their elements. There are three types of cascading style sheets. External Style Sheets Embedded Style Sheets Inline Style Sheets External Style Sheets are used whenever consistency in style is required throughout a Web site. A typical external style sheet uses a .css file extension, which can be edited using a text editor such as a Notepad. Embedded Style Sheets are used for defining styles for an active page. Inline Style Sheets are used for defining individual elements of a page. Reference: TechNet, Contents: Microsoft Knowledgebase, February 2000 issue PSS ID Number: Q179628

NEW QUESTION 8

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using the Linux operating system. He wants to use a wireless sniffer to sniff the We-are-secure network. Which of the following tools will he use to accomplish his task?

• A. WEPCrack
• B. Kismet
• C. Snadboy's Revelation
• D. NetStumbler

Answer: B

Explanation:

According to the scenario, John will use Kismet. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks: To identify networks by passively collecting packets To detect standard named networks To detect masked networks
To collect the presence of non-beaconing networks via data traffic Answer D is incorrect. NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. It detects wireless networks and marks their relative position with a GPS. Answer A is incorrect. WEPCrack is an open source tool that breaks IEEE 802.11 WEP secret keys. Answer C is incorrect. Snadboy's Revelation is not a sniffer. It is used to see the actual password behind the asterisks.

NEW QUESTION 9

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint. Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?

• A. nmap -sS
• B. nmap -sU -p
• C. nmap -O -p
• D. nmap -sT

Answer: C

Explanation:

The nmap -O -p switch can be used to perform TCP/IP stack fingerprinting. Nmap is a free open-source utility for network exploration and security auditing. It is used to discover computers and services on a computer network, thus creating a "map" of the network. Just like many simple port scanners, Nmap is capable of discovering passive services. In addition, Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows etc. Answer B is incorrect. The nmap -sU -p switch can be used to perform UDP port scanning. Answer A is incorrect. The nmap -sS switch is used to perform a TCP half scan. TCP SYN scanning is also known as half-open scanning because in this a full TCP connection is never opened. Answer D is incorrect. The nmap -sT switch is used to perform a TCP full scan.

NEW QUESTION 10

You run the wc -c file1.txt command. If this command displays any error message, you want to store the error message in the error.txt file. Which of the following commands will you use to accomplish the task?

• A. wc -c file1.txt >>error.txt
• B. wc -c file1.txt 1>error.txt
• C. wc -c file1.txt 2>error.txt
• D. wc -c file1.txt >error.txt

Answer: C

Explanation:

According to the scenario, you will use the wc -c file1.txt 2>error.txt command to accomplish the task. The 2> operator is an error redirector, which, while running a command, redirects the error (if it exists) on the specified file. Answer B, D are incorrect. The > or 1> redirector can be used to redirect the output of the wc -c file1.txt file to the error.txt file; however, you want to write the errors in the error.txt file, not the whole output. Answer A is incorrect. The >> operator will redirect the output of the command in the same manner as the > or 1> operator. Although the >> operator will not overwrite the error.txt file, it will append the error.txt file.

NEW QUESTION 11

John visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to
* 1. Original cookie values: ItemID1=2 ItemPrice1=900 ItemID2=1 ItemPrice2=200 Modified cookie values: ItemID1=2 ItemPrice1=1 ItemID2=1 ItemPrice2=1 Now, he clicks the Buy button, and the prices are sent to the server that calculates the total price. Which of the following hacking techniques is John performing?

• A. Cross site scripting
• B. Man-in-the-middle attack
• C. Cookie poisoning
• D. Computer-based social engineering

Answer: C

Explanation:

John is performing cookie poisoning. In cookie poisoning, an attacker modifies the value of cookies before sending them back to the server. On modifying the cookie values, an attacker can log in to any other user account and can perform identity theft. The following figure explains how cookie poisoning occurs:

For example: The attacker visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1. Original cookie values: ItemID1= 2 ItemPrice1=900 ItemID2=1 ItemPrice2=200 Modified cookie values: ItemID1= 2 ItemPrice1=1 ItemID2=1 ItemPrice2=1 Now, the attacker clicks the Buy button and the prices are sent to the server that calculates the total price. Another use of a Cookie Poisoning attack is to pretend to be another user after changing the username in the cookie values: Original cookie values: LoggedIn= True Username = Mark Modified cookie values: LoggedIn= True Username = Admin Now, after modifying the cookie values, the attacker can do the admin login.
Answer A is incorrect. A cross site scripting attack is one in which an attacker enters malicious data into a Website. For example, the attacker posts a message that contains malicious code to any newsgroup site. When another user views this message, the browser interprets this code and executes it and, as a result, the attacker is able to take control of the user's system. Cross site scripting attacks require the execution of client-side languages such as JavaScript, Java, VBScript, ActiveX, Flash, etc. within a user's Web environment. With the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking, etc.

NEW QUESTION 12

Which of the following attacks allows the bypassing of access control lists on servers or routers, and helps an attacker to hide? (Choose two)

• A. DNS cache poisoning
• B. DDoS attack
• C. IP spoofing attack
• D. MAC spoofing

Answer: CD

Explanation:

Either IP spoofing or MAC spoofing attacks can be performed to hide the identity in the network. MAC spoofing is a hacking technique of changing an assigned Media Access Control (MAC) address of a networked device to a different one. The changing of the assigned MAC address may allow the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer. MAC spoofing is the activity of altering the MAC address of a network card. Answer A is incorrect. DNS cache poisoning is a maliciously created or unintended situation that provides data to a caching name server that did not originate from authoritative Domain Name System (DNS) sources. Once a DNS server has received such non-authentic datA, Caches it for future performance increase, it is considered poisoned, supplying the non-authentic data to the clients of the server. To perform a cache poisoning attack, the attacker exploits a flaw in the DNS software. If the server does not correctly validate DNS responses to ensure that they are from an authoritative source, the server will end up caching the incorrect entries locally and serve them to other users that make the same request. Answer B is incorrect. In a distributed denial of service (DDOS) attack, an attacker uses multiple computers throughout the network that has been previously infected. Such computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. TFN, TRIN00, etc. are tools used for a DDoS attack.

NEW QUESTION 13

Which of the following are the goals of risk management? (Choose three)

• A. Identifying the risk
• B. Assessing the impact of potential threats
• C. Finding an economic balance between the impact of the risk and the cost of the countermeasure
• D. Identifying the accused

Answer: ABC

Explanation:

There are three goals of risk management as follows: Identifying the risk Assessing the impact of potential threats Finding an economic balance between the impact of the risk and the cost of the countermeasure Answer D is incorrect. Identifying the accused does not come under the scope of risk management.

NEW QUESTION 14

Web applications are accessed by communicating over TCP ports via an IP address. Choose the two most common Web Application TCP ports and their respective protocol names. (Choose two)

• A. TCP Port 443 / S-HTTP or SSL
• B. TCP Port 80 / HTTPS or SSL
• C. TCP Port 443 / HTTPS or SSL
• D. TCP Port 80 / HTTP

Answer: CD

Explanation:
The two most common Web Application TCP ports are Port 443 and Port 80. HTTPS or SSL uses TCP port 443, whereas HTTP uses TCP Port 80. Answer B is incorrect. Port 80 is used for HTTP, not HTTPS. Answer A is incorrect. S-HTTP is not the protocol name for Port 443. HTTPS or SSL is the name used for Port 443 traffic.

NEW QUESTION 15

Zorp is a proxy firewall suite developed by Balabit IT Security. Which of the following statements are true about Zorp?

• A. It allows the administrators to fine-tune proxy decisions.
• B. Zorp aims for compliance with the Common Criteria/Application Level Firewall Protection Profile for Medium Robustness.
• C. It allows full analysis of embedded protocols.
• D. The GPL version of Zorp lacks much of the usability and functions from the other versions.

Answer: ABC

Explanation:

Zorp is a proxy firewall suite developed by Balabit IT Security. Its core framework allows the administrator to fine-tune proxy decisions (with its built-in script language), and fully analyze embedded protocols (such as SSL with an embedded POP3 or HTTP protocol). The FTP, HTTP, FINGER, WHOIS, TELNET, and SSL protocols are fully supported with an application-level gateway. Zorp aims for compliance with the Common Criteria/Application Level Firewall Protection Profile for Medium Robustness. Zorp is released under GNU/GPL and commercial license too. The GPL version is completely usable and functional; however, it lacks some of the more advanced functions available in the commercially available version only. Some of the Zorp supported protocols are Finger, Ftp, Http, Pop3, NNTP, IMAP4, RDP, RPC, SIP, SSL, SSH, Telnet, Whois, LDAP, RADIUS, TFtp, SQLNet NET8, Rsh, etc. Answer D is incorrect. The GPL version of Zorp is completely usable and functional; however, it lacks some of the more advanced functions available in the commercially available version only.

NEW QUESTION 16

You work as a Network Administrator for Tech Perfect Inc. You have a laptop running Windows Vista Ultimate. You want to configure Windows Defender on your laptop so that it does not take any action automatically whenever it scans malicious software. Rather, it should recommend the action and wait for your approval for taking any action. Which of the following actions will you take to accomplish the task?

• A. Clear the Use real-time protection check box in Defender Options
• B. Clear the Automatically scan my computer check box in Defender Options
• C. Select the Create a restore point before applying action to detected items check box in Defender Options
• D. Clear the Apply default actions to items detected during a scan check box in Defender Options.

Answer: D

Explanation:

According to the question, you want to prevent Windows Defender from taking any action automatically during the scanning of your laptop. In order to accomplish this, you will have to clear the Apply default actions to items detected during a scan check box in Defender Options.

If you clear the Apply default actions to items detected during a scan check box, it will result in Windows Defender only recommending an action to take for detected malicious software.

NEW QUESTION 17
......