[Free] 2017(Sep) EnsurePass Pass4sure GIAC GSNA Dumps with VCE and PDF 241-250

EnsurePass
2017 Sep GIAC Official New Released GSNA
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/GSNA.html

GIAC Systems and Network Auditor

Question No: 241 – (Topic 3)

Which of the following types of attack is described in the statement below? quot;It is a technique employed to compromise the security of network switches. In this attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table.quot;

  1. Man-in-the-middle

  2. Blind spoofing

  3. Dictionary

  4. MAC flooding

Answer: D

Explanation: MAC flooding is a technique employed to compromise the security of network switches. In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table. The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. A malicious user could then use a packet sniffer (such as Wireshark) running in promiscuous mode to capture sensitive data from other computers (such as unencrypted passwords, e-mail and instant messaging conversations), which would not be accessible were the switch operating normally. Answer: B is incorrect. Blind spoofing is a type of IP spoofing attack. This attack occurs when the attacker is on a different subnet as the destination host. Therefore, it is more difficult to obtain correct TCP sequence number and acknowledgement number of the data frames. In blind spoofing attack, an attacker sends several packets to the target computer so that he can easily obtain sequence number of each data frame. If the attacker is successful in compromising the sequence number of the data frames, the data is successfully sent to the target computer. Answer: C is incorrect. Dictionary attack is a type of password guessing attack. This type of attack uses a dictionary of common words to find out the password of a user. It can also use common words in either upper or lower case to find a password. There are many programs available on the Internet to automate and execute dictionary attacks.

Answer: A is incorrect. Man-in-the-middle attacks occur when an attacker successfully inserts an intermediary software or program between two communicating hosts. The intermediary software or program allows attackers to listen to and modify the communication packets passing between the two hosts. The software intercepts the communication packets and then sends the information to the receiving host. The receiving host responds to the software, presuming it to be the legitimate client.

Question No: 242 – (Topic 3)

Network mapping provides a security testing team with a blueprint of the organization. Which of the following steps is NOT a part of manual network mapping?

  1. Gathering private and public IP addresses

  2. Collecting employees information

  3. Performing Neotracerouting

  4. Banner grabbing

Answer: C

Explanation: Using automated tools, such as NeoTraceroute, for mapping a network is a part of automated network mapping. part of manual network mapping. Network mapping is the process of providing a blueprint of the organization to a security testing team. There are two ways of performing network mapping: Manual Mapping: In manual mapping, a hacker gathers information to create a matrix that contains the domain name information, IP addresses of the network, DNS servers, employee information, company location, phone numbers, yearly earnings, recently acquired organizations, email addresses, publicly available IP address ranges, open ports, wireless access points, modem lines, and banner grabbing details. Automated Mapping: In automated mapping, a hacker uses any automated tool to gather information about the network. There are many tools for this purpose, such as NeoTrace, Visual traceroute, Cheops, Cheops-ng, etc. The only advantage of automated mapping is that it is very fast and hence it may generate erroneous results.

Question No: 243 – (Topic 3)

Which of the following methods can be helpful to eliminate social engineering threat? (Choose three)

  1. Data encryption

  2. Data classification

  3. Password policies

  4. Vulnerability assessments

Answer: B,C,D

Explanation: The following methods can be helpful to eliminate social engineering threat: Password policies Vulnerability assessments Data classification Password policy should specify that how the password can be shared. Company should implement periodic penetration and vulnerability assessments. These assessments usually consist of using known hacker tools and common hacker techniques to breach a network security. Social engineering should also be used for an accurate assessment. Since social engineers use the knowledge of others to attain information, it is essential to have a data classification

model in place that all employees know and follow. Data classification assigns level of sensitivity of company information. Each classification level specifies that who can view and edit data, and how it can be shared.

Question No: 244 – (Topic 3)

You work as a Network Administrator for Net World International. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. There are ten Sales Managers in the company. The company has recently provided laptops to all its Sales Managers. All the laptops run Windows XP Professional. These laptops will be connected to the company#39;s network through wireless connections. The company#39;s management wants to implement Shared Key authentication for these laptops. When you try to configure the network interface card of one of the laptops for Shared Key authentication, you find no such option. What will you do to enable Shared Key authentication?

  1. Install PEAP-MS-CHAP v2

  2. Enable WEP

  3. Install Service Pack 1

  4. Install EAP-TLS.

Answer: B

Explanation: Shared Key authentication requires the use of the Wired Equivalent Privacy (WEP) algorithm. If the WEP is not implemented, then the option for Shared Key authentication is not available. In order to accomplish the task, you will have to enable the WEP on all the laptops.

Question No: 245 – (Topic 3)

Which of the following tools hides information about IIS Webservers so that they can be prevented from various attacks performed by an attacker?

  1. httprint

  2. ServerMask

  3. Whisker

  4. WinSSLMiM

Answer: B

Explanation: ServerMask is a tool that is used to hide information about IIS Webservers. Since IIS Webservers are vulnerable to various attacks, such as, code red worm, iis unicode exploit, etc., to mitigate such attacks, ServerMask removes all unnecessary HTTP headers amp; response data, and file extensions like .asp or .aspx, which are clear indicators that a site is running on a Microsoft server. Besides this, ServerMask modifies the ASP session ID cookies values, default messages, pages and scripts of all kinds to misguide an attacker. Answer: A is incorrect. httprint is a fingerprinting tool that is based on Web server characteristics to accurately identify Web servers. It works even when Web server may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. Answer: C is incorrect. Whisker is an HTTP/Web vulnerability scanner that is written in the PERL language. Whisker runs on both the Windows and UNIX environments. It provides functions for testing HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Answer: D is incorrect. WinSSLMiM is an HTTPS Man in the Middle attacking tool. It includes FakeCert, a tool used to make fake certificates. It can be used to exploit the Certificate Chain vulnerability in Internet Explorer. The tool works under Windows 9x/2000.

Question No: 246 – (Topic 3)

Sarah works as a Web Developer for XYZ CORP. She develops a Web site for the company. She uses tables in the Web site. Sarah embeds three tables within a table. What is the technique of embedding tables within a table known as?

  1. Nesting tables

  2. Stacking tables

  3. CSS tables

  4. Horned tables

Answer: A

Explanation: In general, nesting means embedding a construct inside another. Nesting tables is a technique in which one or more tables are embedded within a table. Answer: B, C, D are incorrect. There are no techniques such as stacking tables, horned tables, or CSS tables.

Question No: 247 – (Topic 3)

John works as a Network Administrator for Perfect Solutions Inc. The company has a

Linux-based network. John is working as a root user on the Linux operating system. He has recently backed up his entire Linux hard drive into the my_backup.tgz file. The size of the my_backup.tgz file is 800MB. Now, he wants to break this file into two files in which the size of the first file named my_backup.tgz.aa should be 600MB and that of the second file named my_backup.tgz.ab should be 200MB. Which of the following commands will John use to accomplish his task?

  1. split -verbose -b 200m my_backup.tgz my_backup.tgz

  2. split -verbose -b 200m my_backup.tgz my_backup.tgz

  3. split -verbose -b 600m my_backup.tgz my_backup.tgz

  4. split -verbose -b 600m my_backup.tgz my_backup.tgz

Answer: D

Explanation: According to the scenario, John wants to break the my_backup.tgz file into two files in which the size of the first file named my_backup.tgz.aa should be 600MB and that of the second file named my_backup.tgz.ab should be 200MB. Hence, he will use the the split -verbose -b 600 my_backup.tgz my_backup.tgz. command, which will automatically break the first file into 600MB named my_backup.tgz.aa, and the rest of the data (200MB) will be assigned to the second file named my_backup.tgz.ab. The reason behind the names is that the split command provides suffixes as #39;aa#39;, #39;ab#39;, #39;ac#39;, …, #39;az#39;, #39;ba#39;, #39;bb#39;, etc. in the broken file names by default. Hence, both conditions, the file names as well as the file sizes, match with this command. Note: If the size of the tar file my_backup.tgz is 1300MB, the command split -verbose -b 600 my_backup.tgz my_backup.tgz. breaks the my_backup.tgz file into three files, i.e., my_backup.tgz.aa of size 600MB, my_backup.tgz.ab of size 600MB, and my_backup.tgz.ac of size 100MB.

Question No: 248 – (Topic 3)

Which of the following statements are true about the Enum tool?

  1. It uses NULL and User sessions to retrieve user lists, machine lists, LSA policy

    information, etc.

  2. It is capable of performing brute force and dictionary attacks on individual accounts of Windows NT/2000.

  3. One of the countermeasures against the Enum tool is to disable TCP port 139/445.

  4. It is a console-based Win32 information enumeration utility.

Answer: A,B,C,D

Explanation: Enum is a console-based Win32 information enumeration utility. It uses null sessions to retrieve user lists, machine lists, share lists, name lists, group and member lists, passwords, and LSA policy information. It is also capable of performing brute force and dictionary attacks on individual accounts. Since the Enum tool works on the NetBIOS NULL sessions, disabling the NetBIOS port can be a good countermeasure against the Enum tool.

Question No: 249 – (Topic 3)

Which of the following processes is described in the statement below? quot;This is the process of numerically analyzing the effect of identified risks on overall project objectives.quot;

  1. Perform Quantitative Risk Analysis

  2. Monitor and Control Risks

  3. Perform Qualitative Risk Analysis

  4. Identify Risks

Answer: A

Explanation: Perform Quantitative Risk Analysis is the process of numerically analyzing the effect of identified risks on overall project objectives. This process generally follows the Perform Qualitative Risk Analysis process. It is performed on risks that have been prioritized by the Perform Qualitative Risk Analysis process as potentially and substantially impacting the project#39;s competing demands. The Perform Quantitative Risk Analysis should be repeated after Plan Risk Responses, as well as part of Monitor and Control Risks, to determine if the overall project risk has been decreased. Answer: C is incorrect. This is the process of prioritizing risks for further analysis or action by accessing and combining their probability of occurrence and impact. Answer: D is incorrect. This is the process of determiningbb which risks may affect the project and documenting their characteristics.

Answer: B is incorrect. This is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness through the project.

Question No: 250 – (Topic 3)

Which of the following statements are true about MS-CHAPv2?

  1. It is a connectionless protocol.

  2. It provides an authenticator-controlled password change mechanism.

  3. It is subject to offline dictionary attacks.

  4. It can be replaced with EAP-TLS as the authentication mechanism for PPTP.

Answer: B,C,D

Explanation: MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet. MS-CHAPv2 has various features such as: It is enabled by negotiating CHAP Algorithm 0x80 (0x81 for MS-CHAPv2) in LCP option 3, Authentication Protocol. It provides an authenticator-controlled password change mechanism. It provides an authenticator- controlled authentication retry mechanism. It defines failure codes returned in the Failure packet message field. With weak passwords, MS-CHAPv2 is subject to offline dictionary attacks; hence, it can be replaced with EAP-TLS as the authentication mechanism for PPTP.

100% Free Download!
Download Free Demo:GSNA Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass GSNA Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE