[Free] 2017(Sep) EnsurePass Pass4sure GIAC GSNA Dumps with VCE and PDF 101-110

Ensurepass.com : Ensure you pass the IT Exams
2017 Sep GIAC Official New Released GSNA
100% Free Download! 100% Pass Guaranteed!

GIAC Systems and Network Auditor

Question No: 101 – (Topic 2)

You work as a Network Administrator for NTY Inc. The company has a secure wireless network. While auditing the network for maintaining security, you find an unknown node. You want to locate that node. Which tool will you use to pinpoint the actual physical location of the node?

  1. Kismet

  2. Ekahau

  3. WEPCrack

  4. AirSnort

Answer: B

Explanation: Ekahau is an easy-to-use powerful and comprehensive tool for network site surveys and optimization. It is an auditing tool that can be used to pinpoint the actual physical location of wireless devices in the network. This tool can be used to make a map of the office and then perform the survey of the office. In the process, if one finds an unknown node, ekahau can be used to locate that node. Answer: D is incorrect. AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys.

Answer: A is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks: To identify networks by passively collecting packets To detect standard named networks To detect masked networks To collect the presence of non-beaconing networks via data traffic Answer: C is incorrect. WEPcrack is a wireless network cracking tool that exploits the vulnerabilities in the RC4 Algorithm, which comprises the WEP security parameters. It mainly consists of three tools, which are as follows: WeakIVGen: It allows a user to emulate the encryption output of 802.11 networks to weaken the secret key used to encrypt the network traffic. Prism-getIV: It analyzes packets of information until ultimately matching patterns to the one known to decrypt the secret key. WEPcrack: It pulls the all beneficial data of WeakIVGen and Prism-getIV to

decipher the network encryption.

Question No: 102 – (Topic 2)

You work as a Software Developer for Cinera Softwares Inc. You create a DHTML page that contains ten TextBox controls to get information from the users who use your application. You want all the components placed on the DHTML page to be repositioned dynamically, when a user resizes the browser window. Which of the following will you use for this?

  1. Use the position attribute of the Cascading Style Sheet.

  2. Use the OnResize event for the DHTML page object.

  3. Use the Resize event of the Document object.

  4. Use the OnResize event of the Cascading Style Sheet.

Answer: A

Explanation: position attribute of the Cascading Style Sheet. The DHTML page object modal gives access to styles and style sheets. Therefore, you can easily set and change the position of an element. Reference: MSDN, Index quot;Dynamic HTML(DHTML), in DHTML Applicationsquot;, quot;Elements Positioning in DHTML Applicationquot;, Search quot;Positioningquot;, quot;Dynamic HTMLquot;

Question No: 103 – (Topic 2)

You are concerned about rogue wireless access points being connected to your network. What is the best way to detect and prevent these?

  1. Network anti-spyware software

  2. Network anti-virus software

  3. Protocol analyzers

  4. Site surveys

Answer: D

Explanation: Routinely doing site surveys (or better still, having them automatically

conducted frequently) is the only way to know what is connected to your network. And it will reveal any rogue access points. Answer: B is incorrect. While anti virus software is always a good idea, it will do nothing to prevent rogue access points. Answer: A is incorrect. While anti-spyware software is always a good idea, it will do nothing to prevent rogue access points. Answer: C is incorrect. A protocol analyzer will help you analyze the specific traffic on a given node, but won#39;t be much help in directly detecting rogue access points.

Question No: 104 – (Topic 2)

You want to repeat the last command you entered in the bash shell. Which of the following commands will you use?

  1. history ##

  2. history !#

  3. history !!

  4. history !1

Answer: C Explanation:

The history !! command shows the previously entered command in the bash shell. In the bash shell, the history command is used to view the recently executed commands. History is on by default. A user can turn off history using the command set o history and turn it on using set -o history. An environment variable HISTSIZE is used to inform bash about how many history lines should be kept. The following commands are frequently used to view and manipulate history:

Ensurepass 2017 PDF and VCE

C:\Documents and Settings\user-nwz\Desktop\1.JPG

Answer: B is incorrect. The history !# command shows the entire command line typed. Answer: D is incorrect. The history !n command shows the nth command typed. Since n is

equal to 1 in this command, the first command will be shown. Answer: A is incorrect. It is not a valid command.

Question No: 105 – (Topic 2)

You have been assigned a project to develop a Web site for a construction company. You have to develop a Web site and want to get more control over the appearance and presentation of your Web pages. You also want to increase the ability to precisely specify the location and appearance of the elements on a page and create special effects. You plan to use Cascading style sheets (CSS). You want to apply the same style consistently throughout your Web site. Which type of style sheet will you use?

  1. Internal Style Sheet

  2. External Style Sheet

  3. Inline Style Sheet

  4. Embedded Style Sheet

Answer: B

Explanation: To apply the same style consistently throughout your Web site you should use external style sheet. Cascading style sheets (CSS) are used so that the Web site authors can exercise greater control on the appearance and presentation of their Web pages. And also because they increase the ability to precisely point to the location and look of elements on a Web page and help in creating special effects. Cascading Style Sheets have codes, which are interpreteA, Dpplied by the browser on to the Web pages and their elements. There are three types of cascading style sheets. External Style Sheets Embedded Style Sheets Inline Style Sheets External Style Sheets are used whenever consistency in style is required throughout a Web site. A typical external style sheet uses a

.css file extension, which can be edited using a text editor such as a Notepad. Embedded Style Sheets are used for defining styles for an active page.

Inline Style Sheets are used for defining individual elements of a page. Reference: TechNet, Contents: Microsoft Knowledgebase, February 2000 issue PSS ID Number: Q179628

Question No: 106 – (Topic 2)

Which of the following can be the countermeasures to prevent NetBIOS NULL session enumeration in Windows 2000 operating systems?

  1. Denying all unauthorized inbound connections to TCP port 53

  2. Disabling SMB services entirely on individual hosts by unbinding WINS Client TCP/IP from the interface

  3. Editing the registry key HKLM\SYSTEM\CurrentControlSet\LSA and adding the value RestrictAnonymous

  4. Disabling TCP port 139/445

Answer: B,C,D

Explanation: NetBIOS NULL session vulnerabilities are hard to prevent, especially if NetBIOS is needed as part of the infrastructure. One or more of the following steps can be taken to limit NetBIOS NULL session vulnerabilities: 1.Null sessions require access to the TCP 139 or TCP 445 port, which can be disabled by a Network Administrator. 2. A Network Administrator can also disable SMB services entirely on individual hosts by unbinding WINS Client TCP/IP from the interface. 3. A Network Administrator can also restrict the anonymous user by editing the registry values: a.Open regedit32, and go to HKLM\SYSTEM\CurrentControlSet\LSA. b.Choose edit gt; add value. Value name: RestrictAnonymous Data Type: REG_WORD Value: 2 Answer: A is incorrect. TCP port 53 is the default port for DNS zone transfer. Although disabling it can help restrict DNS zone transfer enumeration, it is not useful as a countermeasure against the NetBIOS NULL session enumeration.

Question No: 107 – (Topic 2)

From an auditing perspective, database security can be broken down into four key categories: Server Security Database Connections Table Access Control Restricting Database Access Which of the following categories leads to the process of limiting access to the database server?

  1. Table access control

  2. Database connections

  3. Restricting database access

  4. Server security

Answer: D

Explanation: Server security is the process of limiting access to the database server. This

is one of the most basic and most important components of database security. It is imperative that an organization not let their database server be visible to the world. If an organization#39;s database server is supplying information to a web server, then it should be configured to allow connections only from that web server. Also, every server should be configured to allow only trusted IP addresses. Answer: B is incorrect. With regard to database connections, system administrators should not allow immediate unauthenticated updates to a database. If users are allowed to make updates to a database via a web page, the system administrator should validate all updates to make sure that they are warranted and safe. Also, the system administrator should not allow users to use their designation of quot;saquot; when accessing the database. This gives employees complete access to all of the data stored on the database regardless of whether or not they are authenticated to have such access. Answer: A is incorrect. Table access control is related to an access control list, which is a table that tells a computer operating system which access rights each user has to a particular system object. Table access control has been referred to as one of the most overlooked forms of database security. This is primarily because it is so difficult to apply. In order to properly use table access control, the system administrator and the database developer need to collaborate with each other. Answer: C is incorrect. Restricting database access is important especially for the companies that have their databases uploaded on the Internet. Internet-based databases have been the most recent targets of attacks, due to their open access or open ports. It is very easy for criminals to conduct a quot;port scanquot; to look for ports that are open that popular database systems are using by default. The ports that are used by default can be changed, thus throwing off a criminal looking for open ports set by default. Following are the security measures that can be implemented to prevent open access from the Internet: Trusted IP addresses: Servers can be configured to answer pings from a list of trusted hosts only. Server account disabling: The server ID can be suspended after three password attempts. Special tools: Products can be used to send an alert when an external server is attempting to breach the system#39;s security. One such example is RealSecure by ISS.

Question No: 108 – (Topic 2)

John works as a Network Auditor for XYZ CORP. The company has a Windows-based network. John wants to conduct risk analysis for the company. Which of the following can be the purpose of this analysis? (Choose three)

  1. To ensure absolute safety during the audit

  2. To analyze exposure to risk in order to support better decision-making and proper

    management of those risks

  3. To try to quantify the possible impact or loss of a threat

  4. To assist the auditor in identifying the risks and threats

Answer: B,C,D

Explanation: There are many purposes of conducting risk analysis, which are as follows: To try to quantify the possible impact or loss of a threat To analyze exposure to risk in order to support better decision-making and proper management of those risks To support risk-based audit decisions To assist the auditor in determining the audit objectives To assist the auditor in identifying the risks and threats Answer: A is incorrect. The analysis of risk does not ensure absolute safety. The main purpose of using a risk-based audit strategy is to ensure that the audit adds value with meaningful information.

Question No: 109 – (Topic 2)

Which of the following methods is used to get a cookie from a client? Note: Here, request is a reference of type HttpServletRequest, and response is a reference of type HttpServletResponse.

  1. Cookie [] cookies = request.getCookies();

  2. Cookie [] cookies = request.getCookie(String str)

  3. Cookie [] cookies = response.getCookie(String str)

  4. Cookie [] cookies = response.getCookies()

Answer: A

Explanation: The getCookies() method of the HttpServletRequest interface is used to get the cookies from a client. This method returns an array of cookies. Answer: B, C are incorrect. The getCookie(String str) method does not exist. Answer: D is incorrect. The getCookies() method is present in the HttpServletRequest interface and not in the HttpServletResponse interface.

Question No: 110 – (Topic 2)

You work as a Software Developer for UcTech Inc. You build an online book shop, so that

users can purchase books using their credit cards. You want to ensure that only the administrator can access the credit card information sent by users. Which security mechanism will you use to accomplish the task?

  1. Confidentiality

  2. Data integrity

  3. Authentication

  4. Authorization

Answer: A

Explanation: Confidentiality is a mechanism that ensures that only the intendeA, Duthorized recipients are able to read data. The data is so encrypted that even if an unauthorized user gets access to it, he will not get any meaning out of it. Answer: D is incorrect. Authorization is a process that verifies whether a user has permission to access a Web resource. A Web server can restrict access to some of its resources to only those clients that log in using a recognized username and password. To be authorized, a user must first be authenticated. Answer: C is incorrect. Authentication is the process of verifying the identity of a user. This is usually done using a user name and password. This process compares the provided user name and password with those stored in the database of an authentication server. Answer: B is incorrect. Data integrity is a mechanism that ensures that the data is not modified during transmission from source to destination. This means that the data received at the destination should be exactly the same as that sent from the source.

100% Ensurepass Free Download!
Download Free Demo:GSNA Demo PDF
100% Ensurepass Free Guaranteed!
Download 2017 EnsurePass GSNA Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE