The Secret Of GIAC GSNA Exam Dumps

2024 GIAC Official New Released GSNA ♥♥
https://www.certleader.com/GSNA-dumps.html


100% Guarantee of GSNA practice materials and free samples for GIAC certification for IT learners, Real Success Guaranteed with Updated GSNA pdf dumps vce Materials. 100% PASS GIAC Systems and Network Auditor exam Today!

GIAC GSNA Free Dumps Questions Online, Read and Test Now.

NEW QUESTION 1

This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of these tools are as follows: It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc. It is commonly used for the following purposes: a.War driving b.Detecting unauthorized access pointsc.Detecting causes of interference on a WLAN d.WEP ICV error trackinge.Making Graphs and Alarms on 802.11 Data, including Signal Strength This tool is known as .

  • A. THC-Scan
  • B. NetStumbler
  • C. Absinthe
  • D. Kismet

Answer: B

Explanation:

NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of NetStumbler are as follows: It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc. It is commonly used for the following purposes: a.War driving b.Detecting unauthorized access points c.Detecting causes of interference on a WLAN d.WEP ICV error tracking e.Making Graphs and Alarms on 802.11 Data, including Signal Strength
Answer D is incorrect. Kismet is an IEEE 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Answer A is incorrect. THC-Scan is a war-dialing tool. Answer C is incorrect. Absinthe is an automated SQL injection tool.

NEW QUESTION 2

Which of the following protocols are used to provide secure communication between a
client and a server over the Internet? (Choose two)

  • A. TLS
  • B. SSL
  • C. HTTP
  • D. SNMP

Answer: AB

Explanation:
SSL and TLS protocols are used to provide secure communication between a client and a server over the Internet.

NEW QUESTION 3

An executive in your company reports odd behavior on her PDA. After investigation you discover that a trusted device is actually copying data off the PDA. The executive tells you that the behavior started shortly after accepting an e-business card from an unknown person. What type of attack is this?

  • A. Session Hijacking
  • B. Bluesnarfing
  • C. Privilege Escalation
  • D. PDA Hijacking

Answer: B

Explanation:

Bluesnarfing is a rare attack in which an attacker takes control of a bluetooth enabled device. One way to do this is to get your PDA to accept the attacker's device as a trusted device.

NEW QUESTION 4

Which of the following records is the first entry in a DNS database file?

  • A. CNAME
  • B. SOA
  • C. SRV
  • D. MX

Answer: B

Explanation:

Start of Authority (SOA) record is the first record in any DNS database file. The SOA resource record includes the following fields: owner, TTL, class, type, authoritative server, refresh, minimum TTL, etc. Answer A is incorrect. Canonical Name (CNAME) is a resource record that creates an alias for the specified Fully Qualified Domain Name (FQDN). It hides the implementation details of a network from the clients that are connected to the network. Answer D is incorrect. MX is a mail exchange resource record in the database file of a DNS server. It specifies a mail exchange server for a DNS domain name. Answer C is incorrect. SRV resource record is a DNS record that enables users to specify the location of servers for a specific service, protocol, and DNS domain. For example, if there are two servers in a domain, creating SRV records specifies which hosts serve as Web servers, and resolvers can then retrieve all the SRV resource records for the Web servers.

NEW QUESTION 5

Mark works as a Web Developer for XYZ CORP. He is developing a Web site for the company. He wants to use frames in the Web site. Which of the following is an HTML tag used to create frames?

  • A. <REGION>
  • B. <TABLESET>
  • C. <FRAMEWINDOW>
  • D. <FRAMESET>

Answer: D

Explanation:

<FRAMESET> tag specifies a frameset used to organize multiple frames and nested framesets in an HTML document. It defines the location, size, and orientation of frames. An HTML document can either contain a <FRAMESET> tag or a <BODY> tag. Answer A, B, C are incorrect. There are no HTML tags such as <TABLESET>,
<FRAMEWINDOW>, and <REGION>.

NEW QUESTION 6

You work as the Network Administrator for a company. You configure a Windows 2000- based computer as the Routing and Remote Access server, so that users can access the company's network, remotely. You want to log a record of all the users who access the network by using Routing and Remote Access. What will you do to log all the logon activities?

  • A. On the Routing and Remote Access server, enable log authentication requests in auditing, and define the path for the log file in Remote Access Logging.
  • B. On the Routing and Remote Access server, enable log authentication requests in Remote Access Logging.
  • C. On the Routing and Remote Access server, enable log authentication requests in auditing.
  • D. Do nothing as the Windows 2000-based Routing and Remote Access server automatically creates a log record for each connection attempt.

Answer: B

Explanation:

The Routing and Remote Access service can log all the records of authentication and accounting information for connection attempts when Windows authentication or accounting is enabled. This can be done by enabling the log authentication requests in the properties of the Remote Access Logging folder, in the Routing and Remote Access snap-in , where you can configure the type of activity to log, i.e., accounting or authentication activity and log file settings. This information is stored in the form of a log file in '%SystemRoot%System32LogFiles' folder. For each authentication attempt, the name of the remote access policy , that either accepted or rejected the connection attempt, is recorded. The logged information is useful to track remote access usage, and authentication attempts.

NEW QUESTION 7

The routing algorithm uses certain variables to create a metric of a path. It is the metric that actually determines the routing path. In a metric, which of the following variables is used to define the 'largest size' of a message that can be routed?

  • A. Load
  • B. MTU
  • C. Hop count
  • D. Bandwidth

Answer: B

Explanation:

The routing algorithm uses certain variables to create a metric of a path. It is the metric that is actually used for path determination. Variables that are used to create a metric of a path are as follows: Hop count: It is the total number of routers that a data packet goes through to reach its destination. Cost: It is determined by the administrator or calculated by the router. Bandwidth: It is defined as the bandwidth that the link provides. Maximum transmission unit (MTU): It is the largest message size that a link can route. Load: It states the amount of work the CPU has to perform and the number of packets the CPU needs to analyze and make calculations on.

NEW QUESTION 8

Which of the following tools monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools?

  • A. Snort
  • B. IDS
  • C. Firewall
  • D. WIPS

Answer: D

Explanation:

Wireless intrusion prevention system (WIPS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices. Rogue
devices can spoof MAC address of an authorized network device as their own. WIPS uses fingerprinting approach to weed out devices with spoofed MAC addresses. The idea is to compare the unique signatures exhibited by the signals emitted by each wireless device against the known signatures of pre-authorized, known wireless devices.
Answer B is incorrect. An Intrusion detection system (IDS) is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet. It can detect several types of attacks and malicious behaviors that can compromise the security of a network and computers. This includes network attacks against vulnerable services, unauthorized logins and access to sensitive data, and malware (e.g. viruses, worms, etc.). An IDS also detects attacks that originate from within a system. In most cases, an IDS has three main components: Sensors, Console, and Engine. Sensors generate security events. A console is used to alert and control sensors and to monitor events. An engine is used to record events and to generate security alerts based on received security events. In many IDS implementations, these three components are combined into a single device. Basically, following two types of IDS are used : Network- based IDS Host-based IDS Answer A is incorrect. Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP). The three main modes in which Snort can be configured are as follows: Sniffer mode: It reads the packets of the network and displays them in a continuous stream on the console. Packet logger mode: It logs the packets to the disk. Network intrusion detection mode: It is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user-defined rule set. Answer C is incorrect. A firewall is a tool to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports.

NEW QUESTION 9

You have made a program secure.c to display which ports are open and what types of services are running on these ports. You want to write the program's output to standard output and simultaneously copy it into a specified file. Which of the following commands will you use to accomplish the task?

  • A. cat
  • B. more
  • C. less
  • D. tee

Answer: D

Explanation:

You will use the tee command to write its content to standard output and simultaneously copy it into the specified file. The tee command is used to split the output of a program so that it can be seen on the display and also be saved in a file. It can also be used to capture intermediate output before the data is altered by another command or program. The tee command reads standard input, then writes its content to standard output, and simultaneously copies it into the specified file(s) or variables. The syntax of the tee command is as follows: tee [-a] [-i] [File] where, the -a option appends the output to the end of File instead of writing over it and the -i option is used to ignore interrupts. Answer A is incorrect. The concatenate (cat) command is used to display or print the contents of a file. Syntax: cat filename For example, the following command will display the contents of the /var/log/dmesg file: cat /var/log/dmesg Note: The more command is used in conjunction with the cat command to prevent scrolling of the screen while displaying the contents of a file. Answer C is incorrect. The less command is used to view (but not change) the contents of a text file, one screen at a time. It is similar to the more command. However, it has the extended capability of allowing both forwarB, Dackward navigation through the file. Unlike most Unix text editors/viewers, less does not need to read the entire file before starting; therefore, it has faster load times with large files. The command syntax of the less command is as follows: less [options] file_name Where,
GSNA dumps exhibit
Answer B is incorrect. The more command is used to view (but not modify) the contents of a text file on the terminal screen at a time. The syntax of the more command is as follows: more [options] file_name Where,
GSNA dumps exhibit

NEW QUESTION 10

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to see the list of the filesystems mounted automatically at startup by the mount -a command in the /etc/rc startup file. Which of the following Unix configuration files can you use to accomplish the task?

  • A. /etc/named.conf
  • B. /etc/groups
  • C. /etc/mtab
  • D. /etc/fstab

Answer: D

Explanation:

In Unix, the /etc/fstab file is used by system administrators to list the filesystems that are mounted automatically at startup by the mount –a command (in /etc/rc or its equivalent startup file). Answer C is incorrect. In Unix, the /etc/mtab file contains a list of the currently mounted file systems. This is set up by the boot scripts and updated by the mount command. Answer A is incorrect. In Unix, the /etc/named.conf file is used for domain name servers. Answer B is incorrect. In Unix, the /etc/groups file contains passwords to let a user join a group.

NEW QUESTION 11

You work as a Database Administrator for XYZ CORP. The company has a multi-platform network. The company requires a database that can receive data from various types of operating systems. You want to design a multidimensional database to accomplish the task. Which of the following statements are true about a multidimensional database?

  • A. It is used to optimize Online Analytical Processing (OLAP) applications.
  • B. It is used to optimize data warehouse.
  • C. It is rarely created using input from existing relational databases.
  • D. It allows users to ask questions that are related to summarizing business operations and trends.

Answer: ABD

Explanation:

A multidimensional database (MDB) is a type of database that is optimized for data warehouse and Online Analytical Processing (OLAP) applications. Multidimensional databases are frequently created using input from existing relational databases. Whereas a relational database is typically accessed using a Structured Query Language (SQL) query, a multidimensional database allows a user to ask questions like "How many Aptivas have been sold in Nebraska so far this year?" and similar questions related to summarizing business operations and trends. An OLAP application that accesses data from a multidimensional database is known as a MOLAP (multidimensional OLAP) application. Answer C is incorrect. A multidimensional database is frequently created using input from existing relational databases.

NEW QUESTION 12

You work as a Network Administrator for XYZ CORP. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory- based single forest single domain network. You have installed a Windows Server 2008 computer. You have configured auditing on this server. The client computers of the company use the Windows XP Professional operating system. You want to audit each event that is related to a user managing an account in the user database on the computer
where the auditing is configured. To accomplish the task, you have enabled the Audit account management option on the server. Which of the following events can be audited by enabling this audit option?

  • A. Access to an Active Directory object
  • B. Change of password for a user account
  • C. Addition of a user account to a group
  • D. Creation of a user account

Answer: BCD

Explanation:

Audit account management is one of the nine audit settings that can be configured on a Windows computer. This option is enabled to audit each event that is related to a user managing an account in the user database on the computer where the auditing is configured. These events include the following: Creating a user account Adding a user account to a group Renaming a user account Changing password for a user account This option is also used to audit the changes to the domain account of the domain controllers.

NEW QUESTION 13

You work as a Web Deployer for UcTech Inc. You write the <security constraint> element for an application in which you write the <auth-constraint> sub-element as follows: <auth- constraint> <role-name>*</role-name> </auth-constraint> Who will have access to the application?

  • A. Only the administrator
  • B. No user
  • C. All users
  • D. It depends on the application.

Answer: C

Explanation:

The <auth-constraint> element is a sub-element of the <security-constraint> element. It defines the roles that are allowed to access the Web resources specified by the
<web-resource-collection> sub-elements. The <auth-constraint> element is written in the deployment descriptor as follows: <security-constraint> <web-resource-collection> -----------
----- </web-resource-collection> <auth-constraint> <role-name>Administrator</role-name>
</auth-constraint> </security-constraint> Writing Administrator within the <role-name> element will allow only the administrator to have access to the resource defined within the
<web-resource-collection> element.

NEW QUESTION 14

You work as an IT Technician for XYZ CORP. You have to take security measures for the wireless network of the company. You want to prevent other computers from accessing the company's wireless network. On the basis of the hardware address, which of the following will you use as the best possible method to accomplish the task?

  • A. RAS
  • B. MAC Filtering
  • C. SSID
  • D. WEP

Answer: B

Explanation:

MAC filtering is a security access control technique that allows specific network devices to access, or prevents them from accessing, the network. MAC filtering can also be used on a wireless network to prevent certain network devices from accessing the wireless network. MAC addresses are allocated only to hardware devices, not to persons.

NEW QUESTION 15

Which of the following Windows processes supports creating and deleting processes and threads, running 16-bit virtual DOS machine processes, and running console windows?

  • A. smss.exe
  • B. services.exe
  • C. csrss.exe
  • D. System

Answer: C

Explanation:

csrss.exe is a process that supports creating and deleting processes and threads, running 16-bit virtual DOS machine processes, and running console windows. Answer B is incorrect. This process is the Windows Service Controller, which is responsible for starting and stopping system services running in the background. Answer A is incorrect. This process supports the programs needed to implement the user interface, including the graphics subsystem and the log on processes. Answer D is incorrect. This process includes most kernel-level threads, which manage the underlying aspects of the operating system.

NEW QUESTION 16

Which of the following is a technique for creating Internet maps? (Choose two)

  • A. AS PATH Inference
  • B. Object Relational Mapping
  • C. Active Probing
  • D. Network Quota

Answer: AC

Explanation:

There are two prominent techniques used today for creating Internet maps: Active probing: It is the first works on the data plane of the Internet and is called active probing. It is used to infer Internet topology based on router adjacencies. AS PATH Inference: It is the second works on the control plane and infers autonomous system connectivity based on BGP data.

NEW QUESTION 17

You work as a Network Administrator for XYZ CORP. The company has a Linux-based network. The company needs to provide secure network access. You have configured a firewall to prevent certain ports and applications from forwarding the packets to the company's intranet. What does a firewall check to prevent these ports and applications
from forwarding the packets to the intranet?

  • A. The network layer headers and the session layer port numbers
  • B. The application layer port numbers and the transport layer headers
  • C. The transport layer port numbers and the application layer headers
  • D. The presentation layer headers and the session layer port numbers

Answer: C

Explanation:
A firewall stops delivery of packets that are not marked safe by the Network Administrator. It checks the transport layer port numbers and the application layer headers to prevent certain ports and applications from forwarding the packets to an intranet. Answer D, A, and B are incorrect. These are not checked by a firewall.

NEW QUESTION 18

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP based switched network. A root bridge has been elected in the switched network. You have installed a new switch with a lower bridge ID than the existing root bridge. What will happen?

  • A. The new switch starts advertising itself as the root bridge.
  • B. The new switch divides the network into two broadcast domains.
  • C. The new switch works as DR or BDR.
  • D. The new switch blocks all advertisements.

Answer: A

Explanation:

The new switch starts advertising itself as the root bridge. It acts as it is the only bridge on the network. It has a lower Bridge ID than the existing root, so it is elected as the root bridge after the BPDUs converge and when all switches know about the new switch that it is the better choice. Answer B, C, D are incorrect. All these are not valid options, according to the given scenario.

NEW QUESTION 19

Which of the following attacks allows the bypassing of access control lists on servers or routers, and helps an attacker to hide? (Choose two)

  • A. DNS cache poisoning
  • B. DDoS attack
  • C. IP spoofing attack
  • D. MAC spoofing

Answer: CD

Explanation:

Either IP spoofing or MAC spoofing attacks can be performed to hide the identity in the network. MAC spoofing is a hacking technique of changing an assigned Media Access Control (MAC) address of a networked device to a different one. The changing of the assigned MAC address may allow the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer. MAC spoofing is the activity of altering the MAC address of a network card. Answer A is incorrect. DNS cache poisoning is a maliciously created or unintended situation that provides data to a caching name server that did not originate from authoritative Domain Name System (DNS) sources. Once a DNS server has received such non-authentic datA, Caches it for future performance increase, it is considered poisoned, supplying the non-authentic data to the clients of the server. To perform a cache poisoning attack, the attacker exploits a flaw in the DNS software. If the server does not correctly validate DNS responses to ensure that they are from an authoritative source, the server will end up caching the incorrect entries locally and serve them to other users that make the same request. Answer B is incorrect. In a distributed denial of service (DDOS) attack, an attacker uses multiple computers throughout the network that has been previously infected. Such computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. TFN, TRIN00, etc. are tools used for a DDoS attack.

NEW QUESTION 20
......

100% Valid and Newest Version GSNA Questions & Answers shared by Certleader, Get Full Dumps HERE: https://www.certleader.com/GSNA-dumps.html (New 368 Q&As)