GIAC Systems and Network Auditor
Question No: 61 – (Topic 1)
Which of the following mechanisms is closely related to authorization?
Sending secret data such as credit card information.
Allowing access to a particular resource.
Verifying username and password.
Sending data so that no one can alter it on the way.
Explanation: Authorization is a process that verifies whether a user has permission to access a Web resource. A Web server can restrict access to some of its resources to only those clients that log in using a recognized username and password. To be authorized, a user must first be authenticated. Answer: C is incorrect. Verifying username and password describes the mechanism of authentication. Authentication is the process of verifying the identity of a user. This is usually done using a user name and password. This process compares the provided user name and password with those stored in the database of an authentication server. Answer: D is incorrect. Sending data so that no one can alter it on the way describes the mechanism of data integrity. Data integrity is a mechanism that ensures that the data is not modified during transmission from source to destination. This means that the data received at the destination should be exactly the same as that sent from the source. Answer: A is incorrect. Sending secret data such as credit card information describes the mechanism of confidentiality. Confidentiality is a mechanism that ensures that only the intendeA, Duthorized recipients are able to read data. The data is so encrypted that even if an unauthorized user gets access to it, he will not get any meaning out of it.
Question No: 62 – (Topic 1)
An auditor assesses the database environment before beginning the audit. This includes various key tasks that should be performed by an auditor to identify and prioritize the users, data, activities, and applications to be monitored. Which of the following tasks need to be performed by the auditor manually?
Classifying data risk within the database systems
Monitoring data changes and modifications to the database structure, permission and user changes, and data viewing activities
Analyzing access authority
Archiving, analyzing, reviewing, and reporting of audit information
Explanation: The Internal Audit Association lists the following as key components of a database audit: Create an inventory of all database systems and use classifications. This should include production and test data. Keep it up-to-date. Classify data risk within the
database systems. Monitoring should be prioritized for high, medium, and low risk data. Implement an access request process that requires database owners to authorize the quot;rolesquot; granted to database accounts (roles as in Role Based Access and not the native database roles). Analyze access authority. Users with higher degrees of access permission should be under higher scrutiny, and any account for which access has been suspended should be monitored to ensure access is denieA, Dttempts are identified. Assess application coverage. Determine what applications have built-in controls, and prioritize database auditing accordingly. All privileged user access must have audit priority. Legacy and custom applications are the next highest priority to consider, followed by the packaged applications. Ensure technical safeguards. Make sure access controls are set properly.
Audit the activities. Monitor data changes and modifications to the database structure, permission and user changes, and data viewing activities. Consider using network-based database activity monitoring appliances instead of native database audit trails. Archive, analyze, review, and report audit information. Reports to auditors and IT managers must communicate relevant audit information, which can be analyzed and reviewed to determine if corrective action is required. Organizations that must retain audit data for long-term use should archive this information with the ability to retrieve relevant data when needed. The first five steps listed are to be performed by the auditor manually. Answer: B, D are incorrect. These tasks are best achieved by using an automated solution.
Question No: 63 – (Topic 1)
Which of the following statements about session tracking is true?
When using cookies for session tracking, there is no restriction on the name of the session tracking cookie.
When using cookies for session tracking, the name of the session tracking cookie must be jsessionid.
A server cannot use cookie as the basis for session tracking.
A server cannot use URL rewriting as the basis for session tracking.
Answer: B Explanation:
If you are using cookies for session tracking, the name of the session tracking cookie must be jsessionid. A jsessionid can be placed only inside a cookie header. You can use HTTP cookies to store information about a session. The servlet container takes responsibility of generating the session ID, making a new cookie object, associating the session ID into the
cookie, and setting the cookie as part of response.
Question No: 64 – (Topic 1)
The SALES folder has a file named XFILE.DOC that contains critical information about your company. This folder resides on an NTFS volume. The company#39;s Senior Sales Manager asks you to provide security for that file. You make a backup of that file and keep it in a locked cupboard, and then you deny access on the file for the Sales group. John, a member of the Sales group, accidentally deletes that file. You have verified that John is not a member of any other group. Although you restore the file from backup, you are confused how John was able to delete the file despite having no access to that file. What is the most likely cause?
The Sales group has the Full Control permission on the SALES folder.
The Deny Access permission does not restrict the deletion of files.
John is a member of another group having the Full Control permission on that file.
The Deny Access permission does not work on files.
Explanation: Although NTFS provides access controls to individual files and folders, users can perform certain actions even if permissions are set on a file or folder to prevent access. If a user has been denied access to any file and he has Full Control rights in the folder on which it resides, he will be able to delete the file, as Full Control rights in the folder allow the user to delete the contents of the folder. Answer: C is incorrect. In the event of any permission conflict, the most restrictive one prevails. Moreover, the question clearly states that John is not a member of any other group. Answer: B, D are incorrect. The Deny Access permission works on files.
Question No: 65 – (Topic 1)
Adam works on a Linux system. He is using Sendmail as the primary application to transmit e-mails. Linux uses Syslog to maintain logs of what has occurred on the system. Which of the following log files contains e-mail information such as source and destination IP addresses, date and time stamps etc?
Explanation: /var/log/mailog ?le generally contains the source and destination IP addresses, date and time stamps, and other information that may be used to check the information contained within an e-mail header. Linux uses Syslog to maintain logs of what has occurred on the system. The configuration file /etc/syslog.conf is used to determine where the Syslog service (Syslogd) sends its logs. Sendmail can create event messages and is usually configured to record the basic information such as the source and destination addresses, the sender and recipient addresses, and the message ID of e-mail. The syslog.conf will display the location of the log file for e-mail. Answer: B, C, D are incorrect. All these files are not valid log files.
Question No: 66 – (Topic 1)
You work as a Java Programmer for JavaSkills Inc. You are working with the Linux operating system. Nowadays, when you start your computer, you notice that your OS is taking more time to boot than usual. You discuss this with your Network Administrator. He suggests that you mail him your Linux bootup report. Which of the following commands will you use to create the Linux bootup report?
dmesg gt; bootup_report.txt
dmesg | wc
Explanation: According to the scenario, you can use dmesg gt; bootup_report.txt to create the bootup file. With this command, the bootup messages will be displayed and will be redirected towards bootup_report.txt using the gt; command.
Question No: 67 – (Topic 1)
You work as a Network Administrator for Tech Perfect Inc. For security issues, the company requires you to harden its routers. You therefore write the following code: Router#config terminal Router(config) #no ip bootp server Router(config) #no ip name- server Router(config) #no ntp server Router(config) #no snmp server Router(config) #no ip http server Router(config) #^Z Router# What services will be disabled by using this configuration fragment?
DNS function Explanation:
Explanation: The above configuration fragment will disable the following services from the router: The BootP service The DNS function The Network Time Protocol The Simple Network Management Protocol Hyper Text Transfer Protocol
Question No: 68 – (Topic 1)
Which of the following attacks allows the bypassing of access control lists on servers or routers, and helps an attacker to hide? (Choose two)
DNS cache poisoning
IP spoofing attack
Explanation: Either IP spoofing or MAC spoofing attacks can be performed to hide the identity in the network. MAC spoofing is a hacking technique of changing an assigned Media Access Control (MAC) address of a networked device to a different one. The changing of the assigned MAC address may allow the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer. MAC spoofing is the activity of altering the MAC address of a network card. Answer: A is incorrect. DNS cache poisoning is a maliciously created or unintended situation that provides data to a caching name server that did not originate from authoritative Domain Name System (DNS) sources. Once a DNS server has received such non-authentic datA, Caches it for future performance increase, it is considered poisoned,
supplying the non-authentic data to the clients of the server. To perform a cache poisoning attack, the attacker exploits a flaw in the DNS software. If the server does not correctly validate DNS responses to ensure that they are from an authoritative source, the server will end up caching the incorrect entries locally and serve them to other users that make the same request. Answer: B is incorrect. In a distributed denial of service (DDOS) attack, an attacker uses multiple computers throughout the network that has been previously infected. Such computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. TFN, TRIN00, etc. are tools used for a DDoS attack.
Question No: 69 – (Topic 1)
You work as a Network Administrator for XYZ CORP. The company has a Windows-based network. You have been assigned the task to design the authentication system for the remote users of the company. For security purposes, you want to issue security tokens to the remote users. The token should work on the one-time password principle and so once used, the next password gets generated. Which of the following security tokens should you issue to accomplish the task?
Single sign-on software tokens
Explanation: An event-based token, by its nature, has a long life span. They work on the one-time password principle and so once used, the next password is generated. Often the user has a button to press to receive this new code via either a token or via an SMS message. All CRYPTOCard#39;s tokens are event-based rather than time-based. Answer: C is incorrect. Bluetooth tokens are often combined with a USB token, and hence work in both a connecteA, D disconnected state. Bluetooth authentication works when closer than 32 feet (10 meters). If the Bluetooth is not available, the token must be inserted into a USB input device to function. Answer: A is incorrect. Virtual tokens are a new concept in multi-factor authentication first introduced in 2005 by security company Sestus. Virtual tokens work by sharing the token generation process between the Internet website and the user#39;s
computer and have the advantage of not requiring the distribution of additional hardware or software. In addition, since the user#39;s device is communicating directly with the authenticating website, the solution is resistant to man-in-the-middle attacks and similar forms of online fraud. Answer: D is incorrect. Single sign-on software tokens are used by the multiple, related, but independent software systems. Some types of single sign-on (SSO) solutions, like enterprise single sign-on, use this token to store software that allows for seamless authentication and password filling. As the passwords are stored on the token, users need not remember their passwords and therefore can select more secure passwords, or have more secure passwords assigned.
Question No: 70 – (Topic 1)
Which of the following is the default port for Hypertext Transfer Protocol (HTTP)?
Explanation: Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port. Answer: B is incorrect. Port 443 is the default port for Hypertext Transfer Protocol Secure (HTTPS) and Secure Socket Layer (SSL). Answer: A, D are incorrect. By default, FTP server uses TCP port 20 for data transfer and TCP port 21 for session control.
100% Free Download!
–Download Free Demo:GSNA Demo PDF
100% Pass Guaranteed!
–Download 2017 EnsurePass GSNA Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|