GIAC Systems and Network Auditor
Question No: 191 – (Topic 2)
Which of the following are attributes of the lt;TABLEgt; tag? (Choose three)
Explanation: The WIDTH attribute of the lt;TABLEgt; tag is used to set the width of a table. Width can be specified in pixels and percentage. For example, if a table of the same width as that of the parent object has to be created, the WIDTH attribute must be set to 100%. The ALIGN attribute aligns the table within the text flow. By default alignment is set to left. The BORDER attribute of the lt;TABLEgt; tag is used to set the width of the table border.
Answer: C is incorrect. lt;TDgt; is not an attribute of the lt;TABLEgt; tag. It is a tag used to specify cells in a table.
Question No: 192 – (Topic 2)
You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to make changes on a per-directory basis. Which of the following Unix configuration files can you use to accomplish the task?
Explanation: In Unix, the $HOME/.htaccess file provides a way to make configuration changes on a per directory basis. Answer: A is incorrect. In Unix, the $HOME/.profile file contains the user#39;s environment stuff and startup programs.
Answer: B is incorrect. In Unix, the $HOME/Xrootenv.0 file contains networking and environment info. Answer: D is incorrect. In Unix, the /var/log/btmp file is used to store information about failed logins.
Question No: 193 – (Topic 2)
Which of the following types of audit constructs a risk profile for existing and new projects?
Technological position audit
Technological innovation process audit
Innovative comparison audit
Client/Server, Telecommunications, Intranets, and Extranets audits
Explanation: Various authorities have created differing taxonomies to distinguish the various types of IT audits. Goodman amp; Lawless state that there are three specific systematic approaches to carry out an IT audit: Technological innovation process audit: This audit constructs a risk profile for existing and new projects. The audit will assess the length and depth of the company#39;s experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization and industry structure. Innovative comparison audit: This audit is an analysis of the innovative abilities of the company being audited in comparison to its competitors. This requires examination of company#39;s research and development facilities, as well as its track record in actually producing new products. Technological position audit: This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either quot;basequot;, quot;keyquot;, quot;pacingquot;, or quot;emergingquot;. Answer: D is incorrect. These are the audits to verify that controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.
Question No: 194 – (Topic 2)
Pervasive IS controls can be used across all the internal departments and external contractors to define the direction and behavior required for the technology to function properly. When these controls are implemented properly, which of the following areas show the reliability improvement? (Choose three)
Explanation: Pervasive IS controls can be used across all the internal departments and external contractors. If the Pervasive IS controls are implemented properly, it improves the reliability of the following: Software development System implementation Overall service
delivery Security administration Disaster recovery Business continuity planning Answer: A is incorrect. Pervasive IS controls do not have any relation with the reliability of the hardware development.
Question No: 195 – (Topic 2)
With reference to the given case study, one of the security goals requires to configure a secure connection between the Boston distribution center and the headquarters. You want to implement IP filter to fulfill the security requirements. How should you implement IP filters at the headquarters? (Click the Exhibit button on the toolbar to see the case study.)
Add source filters for the headquarters for UDP port 1701 and IP protocol 50.
Add destination filters for the Boston distribution center for UDP port 1701 and IP protocol 50.
Add source filters for the Boston distribution center for UDP port 80 and IP protocol 50. Add destination filters for headquarters for UDP port 80 and IP protocol 50.
Add source filters for the headquarters for UDP port 80 and IP protocol 50.
Add destination filters for the Boston distribution center for UDP port 80 and IP protocol 50.
Add source filters for the Boston distribution center for UDP port 1701 and IP protocol 50.
Add destination filters for the headquarters for UDP port 1701 and IP protocol 50.
Explanation: To implement IP filters at the headquarters, add source filters for the Boston distribution center for UDP port 1701 and IP protocol 50. Also, add destination filters for the headquarters for UDP port 1701 and IP protocol 50. The Windows 2000 Router service provides routing services in the LAN and WAN environments, and over the Internet, using secure virtual private network (VPN) connections. The VPN connections are based on the Point-to-Point Tunneling Protocol (PPTP) and the Layer 2 Tunneling Protocol (L2TP) L2TP is very similar to PPTP but uses UDP, and therefore can be used over asynchronous transfer mode (ATM), Frame Relay, and X.25 networks as well. When L2TP is used over IP networks, it uses a UDP port 1701 packet format for both a control channel and a data channel. L2TP can also be used with IPSec to provide a fully secured network link. Further, IP packet filtering provides an ability to restrict the traffic into and out of each interface.
Packet filtering is based on filters defined by the values of source and destination IP addresses, TCP, and UDP port numbers, and IP protocol numbers. Inbound filters that are applied to the receiving traffic allow the receiving computer to match the traffic with the IP Filter List for the source IP address. Similarly, the outbound filters that are applied to the
traffic leaving a computer towards a destination trigger a security negotiation for the destination IP address. That is why, to implement the IP filtering at the headquarters, you have to add a source address for the filters at the Boston center and a destination address for the filters at the headquarters.
Question No: 196 – (Topic 2)
Which of the following are the limitations for the cross site request forgery (CSRF) attack?
The attacker must determine the right values for all the form inputs.
The attacker must target a site that doesn#39;t check the referrer header.
The target site should have limited lifetime authentication cookies.
The target site should authenticate in GET and POST parameters, not only cookies.
Explanation: Following are the limitations of cross site request forgeries to be successful: Explanation: Following are the limitations of cross site request forgeries to be successful:
The attacker must target either a site that doesn#39;t check the Referer header (which is common) or a victim with a browser or plugin bug that allows Referer spoofing (which is rare).
The attacker must find a form submission at the target site that does something useful to the attacker (e.g., transfers money, or changes the victim#39;s e-mail address or password).
The attacker must determine the right values for all the form inputs: if any of them are required to be secret authentication values or IDs that the attacker can#39;t guess, the attack will fail.
The attacker must lure the victim to a Web page with malicious code while the victim is logged in to the target site. Since, the attacker can#39;t see what the target Web site sends back to the victim in response to the forged requests, unless he exploits a cross- site scripting or other bug at the target Web site.
authentication cookies. Requiring a secret, user-specific token in all form submissions prevents CSRF; the attacker#39;s site can#39;t put the right token in its submissions. Individual Web users can do relatively little to prevent cross-site request forgery. Logging out of sites and avoiding their quot;remember mequot; features can mitigate CSRF risk; not displaying external images or not clicking links in quot;spamquot; or unreliable e-mails may also help.
Question No: 197 – (Topic 2)
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He successfully performs a brute force attack on the We-are-secure server. Now, he suggests some countermeasures to avoid such brute force attacks on the We-are-secure server. Which of the following are countermeasures against a brute force attack?
The site should use CAPTCHA after a specific number of failed login attempts.
The site should increase the encryption key length of the password.
The site should restrict the number of login attempts to only three times.
The site should force its users to change their passwords from time to time.
Explanation: Using CAPTCHA or restricting the number of login attempts are good countermeasures against a brute force attack.
Question No: 198 – (Topic 2)
Which of the following types of firewall ensures that the packets are part of the established session?
Stateful inspection firewall
Explanation: The stateful inspection firewall combines the circuit level and the application level firewall techniques. It assures the session or connection between the two parties is valid. It also inspects packets from the session to assure that the packets are part of the established session and not malicious. Answer: C is incorrect. The circuit-level firewall regulates traffic based on whether or not a trusted connection has been established.
Answer: D is incorrect. The application level firewall inspects the contents of packets, rather than the source/destination or connection between the two devices. Answer: B is incorrect. There is no firewall type such as switch-level firewall.
Question No: 199 – (Topic 2)
One of the sales people in your company complains that sometimes he gets a lot of unsolicited messages on his PD A. After asking a few questions, you determine that the issue only occurs in crowded areas like airports. What is the most likely problem?
Explanation: Blue jacking is the process of using another bluetooth device that is within range (about 30#39; or less) and sending unsolicited messages to the target. Answer: B is incorrect. Blue snarfing is a process whereby the attacker actually takes control of the phone. Perhaps copying data or even making calls. Answer: C is incorrect. A virus would not cause unsolicited messages. Adware might, but not a virus. Answer: A is incorrect.
Spam would not be limited to when the person was in a crowded area.
Question No: 200 – (Topic 2)
Which of the following is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines?
Explanation: War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers – hackers that specialize in computer security – for password guessing. Answer: A is incorrect. Warkitting is a combination of wardriving and rootkitting. In a warkitting attack, a hacker replaces the firmware of an attacked router. This allows them to control all traffic for the victim, and could even permit them to disable SSL by replacing HTML content as it is being downloaded. Warkitting was identified by Tsow, Jakobsson, Yang, and Wetzel in 2006.
Their discovery indicated that 10% of the wireless routers were susceptible to WAPjacking (malicious configuring of the firmware settings, but making no modification on the firmware itself) and 4.4% of wireless routers were vulnerable to WAPkitting (subverting the router firmware). Their analysis showed that the volume of credential theft possible through Warkitting exceeded the estimates of credential theft due to phishing. Answer: D is incorrect. In the computer hacking scene of the 1980s, demon dialing was a technique by which a computer is used to repeatedly dial a number (usually to a crowded modem pool) in an attempt to gain access immediately after another user had hung up. The expansion of accessible Internet service provider connectivity since that time more or less rendered the practice obsolete. The term quot;demon dialingquot; derives from the Demon Dialer product from Zoom Telephonics, Inc., a telephone device produced in the 1980s which repeatedly dialed busy telephone numbers under control of an extension phone. Answer: B is incorrect. War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, one needs a vehicle, a computer (which can be a
laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources.
Topic 3, Volume C
100% Free Download!
–Download Free Demo:GSNA Demo PDF
100% Pass Guaranteed!
–Download 2017 EnsurePass GSNA Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|