The Secret Of GIAC GSNA Exam

2024 GIAC Official New Released GSNA ♥♥
https://www.certleader.com/GSNA-dumps.html


Master the GSNA GIAC Systems and Network Auditor content and be ready for exam day success quickly with this Certleader GSNA study guide. We guarantee it!We make it a reality and give you real GSNA questions in our GIAC GSNA braindumps.Latest 100% VALID GIAC GSNA Exam Questions Dumps at below page. You can use our GIAC GSNA braindumps and pass your exam.

GIAC GSNA Free Dumps Questions Online, Read and Test Now.

NEW QUESTION 1

What are the purposes of audit records on an information system? (Choose two)

  • A. Upgradation
  • B. Backup
  • C. Troubleshooting
  • D. Investigation

Answer: CD

Explanation:

The following are the purposes of audit records on an information system: Troubleshooting Investigation An IT audit is the process of collecting and evaluating records of an organization's information systems, practices, and operations. The evaluation of records provides evidence to determine if the information systems are safeguarding assets, maintaining data integrity, and operating effectively and efficiently enough to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement. Audit records are also used to troubleshoot system issues. Answer A, B are incorrect. The audit records cannot be used for backup and upgradation purposes.

NEW QUESTION 2

Mark works as a project engineer in Tech Perfect Inc. His office is configured with Windows XP-based computers. The computer that he uses is not configured with a default gateway. He is able to access the Internet, but is not able to use e-mail services via the Internet. However, he is able to access e-mail services via the intranet of the company. Which of the following could be the reason of not being able to access e-mail services via the Internet?

  • A. Proxy server
  • B. IP packet filter
  • C. Router
  • D. Protocols other than TCP/IP

Answer: A

Explanation:

A proxy server exists between a client's Web-browsing program and a real Internet server. The purpose of the proxy server is to enhance the performance of user requests and filter requests. A proxy server has a database called cache where the most frequently accessed Web pages are stored. The next time such pages are requested, the proxy server is able to suffice the request locally, thereby greatly reducing the access time. Only when a proxy server is unable to fulfill a request locally does it forward the request to a real Internet server. The proxy server can also be used for filtering user requests. This may be done in order to prevent the users from visiting non-genuine sites. Answer D is incorrect. Transmission Control Protocol/Internet Protocol (TCP/IP) is a suite of standard protocols that govern how data passes between networks. It can be used to provide communication between the basic operating systems on local and wide-area networks (WANs). TCP/IP is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet). It is considered the primary protocol of the Internet and the World Wide Web. Answer B is incorrect. IP packet filters allow or block packets from passing through specified ports. They can filter packets based on service type, port number, source computer name, or destination computer name. When packet filtering is enabled, all packets on the external interface are dropped unless they are explicitly allowed, either statically by IP packet filters or dynamically by access policy or publishing rules. Answer C is incorrect. A router is a device that routes data packets between computers in different networks. It is used to connect multiple networks, and it determines the path to be taken by each data packet to its destination computer. A router maintains a routing table of the available routes and their conditions. By using this information, along with distance and cost algorithms, the router determines the best path to be taken by the data packets to the destination computer. A router can connect dissimilar networks, such as Ethernet, FDDI, and Token Ring, and route data packets among them. Routers operate at the network layer (layer 3) of the Open Systems Interconnection (OSI) model.

NEW QUESTION 3

Which of the following statements about a session are true? (Choose two)

  • A. The creation time can be obtained using the getSessionCreationTime() method of the HttpSession.
  • B. The getAttribute() method of the HttpSession interface returns a String.
  • C. The time for the setMaxInactiveInterval() method of the HttpSession interface is specified in seconds.
  • D. The isNew() method is used to identify if the session is new.

Answer: CD

Explanation:

The setMaxInactiveInterval() method sets the maximum time in seconds before a session becomes invalid. The syntax of this method is as follows: public void
setMaxInactiveInterval(int interval) Here, interval is specified in seconds. The isNew() method of the HttpSession interface returns true if the client does not yet know about the session, or if the client chooses not to join the session. This method throws an IllegalStateException if called on an invalidated session. Answer B is incorrect. The getAttribute(String name) method of the HttpSession interface returns the value of the named attribute as an object. It returns a null value if no attribute with the given name is bound to the session. This method throws an IllegalStateException if it is called on an invalidated session. Answer A is incorrect. The creation time of a session can be obtained using the getCreationTime() method of the HttpSession.

NEW QUESTION 4

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool. Which of the following statements are true about SARA? (Choose two)

  • A. It operates under Unix, Linux, MAC OS/X, or Windows (through coLinux) OS.
  • B. It cannot be used to perform exhaustive XSS tests.
  • C. It cannot be used to perform SQL injection tests.
  • D. It supports plug-in facility for third party apps.

Answer: AD

Explanation:

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool. It has the following functions: It operates under Unix, Linux, MAC OS/X, or Windows (through coLinux) OS. It integrates the National Vulnerability Database (NVD). It can be used to perform SQL injection tests. It can be used to perform exhaustive XSS tests. It can be adapted to multiple firewalled environments. It supports remote self scan and API facilities. It is used for CIS benchmark initiatives. It also supports plug-in facility for third party apps. It supports CVE standards. It works as an enterprise search module. It works in both standalone or demo mode. Answer C is incorrect. SARA can be used to perform SQL injection tests. Answer B is incorrect. SARA can be used to perform exhaustive XSS tests.
GSNA dumps exhibit

NEW QUESTION 5

You are tasked with configuring your routers with a minimum security standard that includes the following: A local Username and Password configured on the router A strong privilege mode password Encryption of user passwords Configuring telnet and ssh to authenticate against the router user database Choose the configuration that best meets these requirements.

  • A. RouterA(config)#service password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable secret n56e&$te RouterA(config)#line vty 0 4 RouterA(config-line)#login
  • B. RouterA(config)#service password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable password n56e&$te RouterA(config)#line vty 0 4RouterA(config-line)#login local
  • C. RouterA(config)#service password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable secret n56e&$te RouterA(config)#line vty 0 4RouterA(config-line)#login local
  • D. RouterA(config)#service enable-password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable secret n56e&$te RouterA(config)#line vty 0 4RouterA(config-line)#login user

Answer: C

Explanation:

In order to fulfill the requirements, you should use the following set of commands: RouterA(config)#service password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable secret n56e&$te RouterA(config)#line vty 0 4 RouterA(config-line)#login local Answer D is incorrect. This configuration does not apply password encryption correctly. The command service enable-password- encryption is incorrect. The correct command is service password-encryption. Answer A is incorrect. This configuration applies the login command to the VTY lines. This would require the password to be set at the VTY Line 0 4 level. This effectively will not configure user-level access for the VTY lines. Answer B is incorrect. The enable password command is obsolete and considered insecure. The proper command is enable secret followed by the password value.

NEW QUESTION 6

You are the Security Administrator for an Internet Service Provider. From time to time your company gets subpoenas from attorneys and law enforcement for records of customers' access to the internet. What policies must you have in place to be prepared for such requests?

  • A. Group access policies
  • B. Backup policies
  • C. User access policies
  • D. Storage and retention policies

Answer: D

Explanation:

Storage and retention policies will determine how long you keep records (such as records of customers Web activity), how you will store them, and how you will dispose of them. This will allow you to know what records you should still have on hand should a legal request for such records come in. Answer C is incorrect. User policies might determine what a customer has access to, but won't help you identify what they actually did access. Answer A is incorrect. Group policies are usually pertinent to network administration, not the open and uncontrolled environment of an ISP. Answer B is incorrect. Backup policies dictate how data is backed up and stored.

NEW QUESTION 7

Which of the following policies helps reduce the potential damage from the actions of one person?

  • A. CSA
  • B. Separation of duties
  • C. Internal audit
  • D. Risk assessment

Answer: B

Explanation:

Separation of duties (SoD) is the concept of having more than one person required to complete a task. It is alternatively called segregation of duties or, in the political realm, separation of powers. Segregation of duties helps reduce the potential damage from the actions of one person. IS or end-user department should be organized in a way to achieve adequate separation of duties. According to ISACA's Segregation of Duties Control matrix, some duties should not be combined into one position. This matrix is not an industry standard, just a general guideline suggesting which positions should be separated and which require compensating controls when combined. Answer A is incorrect. Cisco Security Agent (CSA) is an endpoint intrusion prevention system. It is rule-based and examines system activity and network traffic, determining which behaviors are normal and which may indicate an attack. CSA uses a two or three-tier client- server architecture. The Management Center 'MC' (or Management Console) contains the program logic; an MS SQL database backend is used to store alerts and configuration information; the MC and SQL database may be co-resident on the same system. The Agent is installed on the desktops and/or servers to be protected. The Agent communicates with the Management Center, sending logged events to the Management Center and receiving updates in rules when they occur. Answer C is incorrect. Internal auditing is a profession and activity involved in helping organizations achieve their stated objectives. It does this by using a systematic methodology for analyzing business processes, procedures and activities with the goal of highlighting organizational problems and recommending solutions. Answer D is incorrect. Risk assessment is a step in a risk management process.

NEW QUESTION 8

eBox Platform is an open source unified network server (or a Unified Network Platform) for SMEs. In which of the following forms can eBox Platform be used?

  • A. Unified Communications Server
  • B. Network Infrastructure Manager
  • C. Gateway
  • D. Sandbox

Answer: ABC

Explanation:

eBox Platform is an open source unified network server (or a Unified Network Platform) for SMEs. eBox Platform can act as a Gateway, Network Infrastructure Manager, Unified Threat Manager, Office Server, Unified Communications Server or a combination of them. Besides, eBox Platform includes a development framework to ease the development of new Unix-based services. Answer D is incorrect. eBox Platform cannot act as a sandbox. A sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs, from unverified third-parties, suppliers, and untrusted users.

NEW QUESTION 9

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He wants to break a dat a.txt file, 200MB in size, into two files in which the size of the first file named data.txt.aa should be 150MB and that of the second file named data.txt.ab should be 50MB. To accomplish his task and to further delete the data.txt file, he enters the following command: split --verbose -b 150m data.txt data.txt. ; rm -vf data.txt Which of the following commands can John use to join the splitted files into a new data.txt file?

  • A. vi data.txt.* > data.txt
  • B. less data.txt.* > data.txt
  • C. vi data.txt.*
  • D. cat data.txt.* > data.txt

Answer: D

Explanation:

The cat data.txt.* command will display both the splitted files, and the > command will redirect the output into a new data.txt file.

NEW QUESTION 10

You are the project manager of a Web development project. You want to get information about your competitors by hacking into their computers. You and the project team determine should the hacking attack not be performed anonymously, you will be traced. Hence, you hire a professional hacker to work on the project. This is an example of what type of risk response?

  • A. Transference
  • B. Mitigation
  • C. Acceptance
  • D. Avoidance

Answer: A

Explanation:

Whenever the risk is transferred to someone else, it is an example of transference risk response. Transference usually has a fee attached to the service provider that will own the risk event.

NEW QUESTION 11

You are concerned about possible hackers doing penetration testing on your network as a prelude to an attack. What would be most helpful to you in finding out if this is occurring?

  • A. Examining your antivirus logs
  • B. Examining your domain controller server logs
  • C. Examining your firewall logs
  • D. Examining your DNS Server logs

Answer: C

Explanation:

Firewall logs will show all incoming and outgoing traffic. By examining those logs, you can do port scans and use other penetration testing tools that have been used on your firewall.

NEW QUESTION 12

Which of the following processes are involved under the COBIT framework?

  • A. Managing the IT workforce.
  • B. Correcting all risk issues.
  • C. Conducting IT risk assessments.
  • D. Developing a strategic plan.

Answer: ACD

Explanation:

The Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for information technology (IT) management, which provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company. It has the following 11 processes: Developing a strategic plan. Articulating the information architecture. Finding an optimal stage between the IT and the organization's strategy. Designing the IT function to match the organization's needs. Maximizing the return of the IT investment. Communicating IT policies to the user's community. Managing the IT workforce. Obeying external regulations, laws, and contracts. Conducting IT risk assessments. Maintaining a high-quality systems-development process. Incorporating sound project-management techniques. Answer B is incorrect. Correcting all risk issues does not come under auditing processes.

NEW QUESTION 13

Which of the following statements is true about the Digest Authentication scheme?

  • A. A valid response from the client contains a checksum of the username, the password, the given random value, the HTTP method, and the requested URL.
  • B. In this authentication scheme, the username and password are passed with everyrequest, not just when the user first types them.
  • C. The password is sent over the network in clear text format.
  • D. It uses the base64 encoding encryption scheme.

Answer: A

Explanation:

The Digest Authentication scheme is a replacement of the Basic Authentication scheme. This authentication scheme is based on the challenge response model. In Digest authentication, the password is never sent across the network in clear text format but is always transmitted as an MD5 digest of the user's password. In this way, the password cannot be determined with the help of a sniffer.
How does it work? In this authentication scheme, an optional header allows the server to specify the algorithm used to create the checksum or digest (by default, the MD5 algorithm). The Digest Authentication scheme provides the challenge using a randomly chosen value. This randomly chosen value is a server-specified data string which may be uniquely generated each time a 401 response is made. A valid response contains a checksum (by default, the MD5 checksum) of the username, the password, the given random value, the HTTP method, and the requested URL. In this way, the password is never sent in clear text format. Drawback: Although the password is not sent in clear text format, an attacker can gain access with the help of the digested password, since the digested password is really all the information needed to access the web site. Answer B, C, D are incorrect. These statements are true about the Basic Authentication scheme.

NEW QUESTION 14

Which of the following statements about data integrity of a container are true? (Choose two)

  • A. It ensures that a hacker cannot alter the contents of an HTTP message while it is in transit from a container to a client.
  • B. Data integrity ensures that information is made available to users who are authorized to access it.
  • C. Data integrity ensures that information has not been modified by a third party while it is in transit.
  • D. It ensures that an eavesdropper cannot read an HTTP message being sent from a client to a container.

Answer: AC

Explanation:

Data integrity ensures that information has not been modified, altered, or destroyed by a third party while it is in transit. Data integrity ensures that the data received is same as the data that was sent. Moreover, no one can tamper with the data during transmission from source to destination.
It also ensures that a hacker cannot alter the contents of an HTTP message while it is in transit from the container to the client. This will be accomplished through the use of HTTPS. The HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer. The HTTPS encrypts and decrypts the page requests and page information between the client browser and the Web server using a Secure Socket Layer. Answer D is incorrect. This answer option describes confidentiality. Answer B is incorrect. This answer option also describes confidentiality.

NEW QUESTION 15

Adam works as a Security Analyst for Umbrella Inc. He is retrieving large amount of log data from syslog servers and network devices such as Router and switches. He is facing difficulty in analyzing the logs that he has retrieved. To solve this problem, Adam decides to use software called Sawmill. Which of the following statements are true about Sawmill?

  • A. It incorporates real-time reporting and real-time alerting.
  • B. It is used to analyze any device or software package, which produces a log file such as Web servers, network devices (switches & routers etc.), syslog servers etc.
  • C. It is a software package for the statistical analysis and reporting of log files.
  • D. It comes only as a software package for user deployment.

Answer: ABC

Explanation:
Sawmill is a software package for the statistical analysis and reporting of log files, with dynamic contextual filtering, 'live' data zooming, user interface customization, and custom calculated reports. Sawmill incorporates real-time reporting and real-time alerting. Sawmill also includes a page tagging server and JavaScript page tag for the analysis of client side
clicks (client requests) providing a total view of visitor traffic and on-site behavioral activity. Sawmill Analytics is offered in three forms, as a software package for user deployment, as a turnkey on-premise system appliance, and as a SaaS service. Sawmill analyzes any device or software package producing a log file and that includes Web servers, firewalls, proxy servers, mail servers, network devices (switches & routers etc.), syslog servers, databases etc. Its range of potential uses by knowledge workers is essentially limitless. Answer D is incorrect. Sawmill Analytics software is available in three different forms; as a software package for user deployment, as a turnkey on-premise system appliance, and as a SaaS service.

NEW QUESTION 16

From an auditing perspective, database security can be broken down into four key categories: Server Security Database Connections Table Access Control Restricting Database Access Which of the following categories leads to the process of limiting access to the database server?

  • A. Table access control
  • B. Database connections
  • C. Restricting database access
  • D. Server security

Answer: D

Explanation:

Server security is the process of limiting access to the database server. This is one of the most basic and most important components of database security. It is imperative that an organization not let their database server be visible to the world. If an organization's database server is supplying information to a web server, then it should be configured to allow connections only from that web server. Also, every server should be configured to allow only trusted IP addresses. Answer B is incorrect. With regard to database connections, system administrators should not allow immediate unauthenticated updates to a database. If users are allowed to make updates to a database via a web page, the system administrator should validate all updates to make sure that they are warranted and safe. Also, the system administrator should not allow users to use their designation of "sa" when accessing the database. This gives employees complete access to all of the data stored on the database regardless of whether or not they are authenticated to have such access. Answer A is incorrect. Table access control is related to an access control list, which is a table that tells a computer operating system which access rights each user has to a particular system object. Table access control has been referred to as one of the most overlooked forms of database security. This is primarily because it is so difficult to apply. In order to properly use table access control, the system administrator and the database developer need to collaborate with each other. Answer C is incorrect. Restricting database access is important especially for the companies that have their databases uploaded on the Internet. Internet-based databases have been the most recent targets of attacks, due to their open access or open ports. It is very easy for criminals to conduct a "port scan" to look for ports that are open that popular database systems are using by default. The ports that are used by default can be changed, thus throwing off a criminal looking for open ports set by default. Following are the security measures that can be implemented to prevent open access from the Internet: Trusted IP addresses: Servers can be configured to answer pings from a list of trusted hosts only. Server account disabling: The server ID can be suspended after three password attempts. Special tools: Products can be used to send an alert when an external server is attempting to breach the system's security. One such example is RealSecure by ISS.

NEW QUESTION 17

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to query an image root device and RAM disk size. Which of the following Unix commands can you use to accomplish the task?

  • A. rdev
  • B. rdump
  • C. setfdprm
  • D. mount

Answer: A

Explanation:

The rdev commad is used to query/set an image root device, RAM disk size, or video mode. If a user executes the rdev commands with no arguments, it outputs a /etc/mtab line for the current root file system. The command syntax of the rdev command is as follows: rdev [ -Rrvh ] [ -o offset ] [ image [ value [ offset ] ] ] Answer B is incorrect. In Unix, the rdump command is used to back up an ext2 filesystem. Answer D is incorrect. In Unix, the mount command is used to mount a filesystem. Answer C is incorrect. In Unix, the setfdprm command sets floppy drive parameters.

NEW QUESTION 18

Which of the following are the limitations for the cross site request forgery (CSRF) attack?

  • A. The attacker must determine the right values for all the form inputs.
  • B. The attacker must target a site that doesn't check the referrer header.
  • C. The target site should have limited lifetime authentication cookies.
  • D. The target site should authenticate in GET and POST parameters, not only cookies.

Answer: AB

Explanation:

Following are the limitations of cross site request forgeries to be successful:
* 1. The attacker must target either a site that doesn't check the Referer header (which is common) or a victim with a browser or plugin bug that allows Referer spoofing (which is rare).
* 2. The attacker must find a form submission at the target site that does something useful to the attacker (e.g., transfers money, or changes the victim's e-mail address or password).
* 3. The attacker must determine the right values for all the form inputs: if any of them are required to be secret authentication values or IDs that the attacker can't guess, the attack will fail.
* 4. The attacker must lure the victim to a Web page with malicious code while the victim is logged in to the target site. Since, the attacker can't see what the target Web site sends back to the victim in response to the forged requests, unless he exploits a cross- site scripting or other bug at the target Web site.
Similarly, the attacker can only "click" any links or submit any forms that come up after the initial forged request, if the subsequent links or forms are similarly predictable. (Multiple "clicks" can be simulated by including multiple images on a page, or by using JavaScript to introduce a delay between clicks). from cross site request forgeries (CSRF) by applying the following countermeasures available: Requiring authentication in GET and POST parameters, not only cookies. Checking the HTTP Referer header. Ensuring there's no crossdomain.xml file granting unintended access to Flash movies. Limiting the lifetime of authentication cookies. Requiring a secret, user-specific token in all form submissions prevents CSRF; the attacker's site can't put the right token in its submissions. Individual Web users can do relatively little to prevent cross-site request forgery. Logging out of sites and avoiding their "remember me" features can mitigate CSRF risk; not displaying external images or not clicking links in "spam" or unreliable e-mails may also help.

NEW QUESTION 19

You want to change the number of characters displaying on the screen while reading a txt file. However, you do not want to change the format of the txt file. Which of the following commands can be used to view (but not modify) the contents of the text file on the terminal screen at a time?

  • A. cat
  • B. tail
  • C. less
  • D. more

Answer: D

Explanation:

The more command is used to view (but not modify) the contents of a text file on the terminal screen at a time. The syntax of the more command is as follows: more [options] file_name Where,
GSNA dumps exhibit
Answer A is incorrect. The concatenate (cat) command is used to display or print the contents of a file. Syntax: cat filename For example, the following command will display the contents of the /var/log/dmesg file: cat /var/log/dmesg Note: The more command is used in conjunction with the cat command to prevent scrolling of the screen while displaying the contents of a file. Answer C is incorrect. The less command is used to view (but not change) the contents of a text file, one screen at a time. It is similar to the more command. However, it has the extended capability of allowing both forwarB, Dackward navigation through the file. Unlike most Unix text editors/viewers, less does not need to read the entire file before starting; therefore, it has faster load times with large files. The command syntax of the less command is as follows: less [options] file_name Where,
GSNA dumps exhibit
Answer B is incorrect. The tail command is used to display the last few lines of a text file or piped data.

NEW QUESTION 20
......

Thanks for reading the newest GSNA exam dumps! We recommend you to try the PREMIUM DumpSolutions.com GSNA dumps in VCE and PDF here: https://www.dumpsolutions.com/GSNA-dumps/ (368 Q&As Dumps)