GIAC Systems and Network Auditor
Question No: 51 – (Topic 1)
Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?
Single Loss Expectancy (SLE)
Annualized Rate of Occurrence (ARO)
Exposure Factor (EF)
Explanation: The Annualized Rate of Occurrence (ARO) is a number that represents the estimated frequency at which a threat is expected to occur. It is calculated based upon the probability of the event occurring and the number of employees that could make that event occur. Answer: C is incorrect. The Exposure Factor (EF) represents the % of assets loss caused by a threat. The EF is required to calculate the Single Loss Expectancy (SLE).
Answer: A is incorrect. The Single Loss Expectancy (SLE) is the value in dollars that is assigned to a single event. SLE = Asset Value ($) X Exposure Factor (EF) Answer: D is incorrect. Safeguard acts as a countermeasure for reducing the risk associated with a specific threat or a group of threats.
Question No: 52 – (Topic 1)
An executive in your company reports odd behavior on her PDA. After investigation you discover that a trusted device is actually copying data off the PDA. The executive tells you that the behavior started shortly after accepting an e-business card from an unknown person. What type of attack is this?
Explanation: Bluesnarfing is a rare attack in which an attacker takes control of a bluetooth enabled device. One way to do this is to get your PDA to accept the attacker#39;s device as a trusted device.
Question No: 53 – (Topic 1)
You work as the Project Engineer for XYZ CORP. The company has a Unix-based network. Your office consists of one server, seventy client computers, and one print device. You raise a request for printing a confidential page. After 30 minutes, you find that your print request job is not processed and is at the seventh position in the printer queue. You
analyze that it shall take another one hour to print. You decide to remove your job from the printer queue and get your page printed outside the office. Which of the following Unix commands can you use to remove your job from the printer queue?
Explanation: The basic Unix printing commands are as follows: banner: It is used to print a large banner on a printer. lpr: It is used to submit a job to the printer. lpc: It enables one to check the status of the printer and set its state. lpq: It shows the contents of a spool directory for a given printer. lprm: It is used to remove a job from the printer queue. gs: It works as a PostScript interpreter. pr: It is used to print a file. tunelp: It is used to set various parameters for the lp device.
Question No: 54 – (Topic 1)
You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to run a command that forces all the unwritten blocks in the buffer cache to be written to the disk. Which of the following Unix commands can you use to accomplish the task?
Explanation: The sync command is used to flush filesystem buffers. It ensures that all disk writes have been completed before the processor is halted or rebooted. Generally, it is preferable to use reboot or halt to shut down a system, as they may perform additional actions such as resynchronizing the hardware clock and flushing internal caches before performing a final sync. Answer: B is incorrect. In Unix, the tune2fs command is used to adjust tunable filesystem parameters on the second extended filesystems. Answer: A is incorrect. In Unix, the swapon command is used to activate a swap partition. Answer: C is incorrect. In Unix, the swapoff command is used to de-activate a swap partition.
Question No: 55 – (Topic 1)
You work as a Network Administrator for Infonet Inc. The company#39;s network has an FTP server. You want to secure the server so that only authorized users can access it. What will you do to accomplish this?
Disable anonymous authentication.
Stop the FTP service on the server.
Disable the network adapter on the server.
Enable anonymous authentication.
Explanation: You will have to disable anonymous authentication. This will prevent unauthorized users from accessing the FTP server. Anonymous authentication (anonymous access) is a method of authentication for Websites. Using this method, a user can establish a Web connection to the IIS server without providing a username and password. Hence, this is an insecure method of authentication. This method is generally used to permit unknown users to access the Web or FTP server directories. Answer: D is incorrect. Enabling anonymous authentication will allow all the users to access the server. Answer: B is incorrect. Stopping the FTP service on the server will prevent all the users from accessing the FTP server. Answer: C is incorrect. Disabling the network adapter on the FTP server will disconnect the server from the network.
Question No: 56 – (Topic 1)
Which of the following statements about a perimeter network are true? (Choose three)
It has a connection to the Internet through an external firewall and a connection to an internal network through an interior firewall.
It has a connection to a private network through an external firewall and a connection to an internal network through an interior firewall.
It is also known as a demilitarized zone or DMZ.
It prevents access to the internal corporate network for outside users.
Explanation: A perimeter network, also known as a demilitarized zone or DMZ, is a small network that lies in between the Internet and a private network. It has a connection to the Internet through an external firewall and a connection to the internal network through an interior firewall. It allows outside users access to the specific servers located in the perimeter network while preventing access to the internal corporate network. Servers, routers, and switches that maintain security by preventing the internal network from being exposed on the Internet are placed in a perimeter network. A perimeter network is commonly used for deploying e-mail and Web servers for a company.
Question No: 57 – (Topic 1)
John works as a Network Administrator for We-are-secure Inc. The We-are-secure server is based on Windows Server 2003. One day, while analyzing the network security, he receives an error message that Kernel32.exe is encountering a problem. Which of the following steps should John take as a countermeasure to this situation?
He should download the latest patches for Windows Server 2003 from the Microsoft site, so that he can repair the kernel.
He should restore his Windows settings.
He should observe the process viewer (Task Manager) to see whether any new process is running on the computer or not. If any new malicious process is running, he should kill that process.
He should upgrade his antivirus program.
Explanation: In such a situation, when John receives an error message revealing that Kernel32.exe is encountering a problem, he needs to come to the conclusion that his antivirus program needs to be updated, because Kernel32.exe is not a Microsoft file (It is a Kernel32.DLL file.). Although such viruses normally run on stealth mode, he should examine the process viewer (Task Manager) to see whether any new process is running on the computer or not. If any new process (malicious) is running on the server, he should exterminate that process. Answer: A, B are incorrect. Since kernel.exe is not a real kernel file of Windows, there is no need to repair or download any patch for Windows Server 2003 from the Microsoft site to repair the kernel. Note: Such error messages can be received if the computer is infected with malware, such as Worm_Badtrans.b, Backdoor.G_Door, Glacier Backdoor, Win32.Badtrans.29020, etc.
Question No: 58 – (Topic 1)
In addition to denying and granting access, what other services does a firewall support?
Network Access Translation (NAT)
Control Internet access based on keyword restriction
Explanation: A firewall is a tool to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Firewalls often have network address translation (NAT) functionality. The hosts protected behind a firewall commonly have addresses in the private address range. Firewalls have such functionality to hide the true address of protected hosts. Firewalls are used by administrators to control Internet access based on keyword restriction. Some proxy firewalls can cache data so that clients can access frequently requested data from the local cache instead of using the Internet connection to request it. This is convenient for cutting down on unnecessary bandwidth consumption.
Answer: B is incorrect. It is an area where a firewall faces difficulty in securing the network. It is the area where employees make alternate connections to the Internet for their personal use, resulting in useless rendering of the firewall.
Question No: 59 – (Topic 1)
Which of the following are the goals of risk management? (Choose three)
Identifying the risk
Assessing the impact of potential threats
Finding an economic balance between the impact of the risk and the cost of the countermeasure
Identifying the accused
Explanation: There are three goals of risk management as follows: Identifying the risk Assessing the impact of potential threats Finding an economic balance between the impact of the risk and the cost of the countermeasure Answer: D is incorrect. Identifying the accused does not come under the scope of risk management.
Question No: 60 – (Topic 1)
Ryan wants to create an ad hoc wireless network so that he can share some important files with another employee of his company. Which of the following wireless security protocols should he choose for setting up an ad hoc wireless network?
Explanation: Ryan can either choose WEP or WPA-PSK wireless protocol to set an ad hoc wireless network.
Answer: A is incorrect. WPA2-EAP cannot be chosen for an ad hoc wireless network, as it requires RADIUS (Remote Authentication Dial- In User Service) server for authentication. Answer: D is incorrect. WPA-EAP cannot be chosen for an ad hoc wireless network, as it requires RADIUS (Remote Authentication Dial-In User Service) server for authentication.
100% Ensurepass Free Download!
–Download Free Demo:GSNA Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2017 EnsurePass GSNA Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|