GIAC Systems and Network Auditor
Question No: 71 – (Topic 1)
You work as a Network Administrator for XYZ CORP. The company has a Windows-based network. You are concerned about the vulnerabilities existing in the network of the company. Which of the following can be a cause for making the network vulnerable? (Choose two)
Use of well-known code
Use of uncommon code
Use of uncommon software
Use of more physical connections
Explanation: In computer security, the term vulnerability is a weakness which allows an attacker to reduce a system#39;s Information Assurance. A computer or a network can be vulnerable due to the following reasons: Complexity: Large, complex systems increase the probability of flaws and unintended access points. Familiarity: Using common, well-known code, software, operating systems, and/or hardware increases the probability an attacker has or can find the knowledge and tools to exploit the flaw. Connectivity: More physical connections, privileges, ports, protocols, and services and time each of those are accessible increase vulnerability. Password management flaws: The computer user uses weak passwords that could be discovered by brute force. The computer user stores the password on the computer where a program can access it. Users re-use passwords between many programs and websites. Fundamental operating system design flaws: The operating system designer chooses to enforce sub optimal policies on user/program management. For example, operating systems with policies such as default permit grant every program and every user full access to the entire computer. This operating system flaw allows viruses and malware to execute commands on behalf of the administrator.
Internet Website Browsing: Some Internet websites may contain harmful Spyware or Adware that can be installed automatically on the computer systems. After visiting those websites, the computer systems become infected and personal information will be collected and passed on to third party individuals. Software bugs: The programmer leaves an exploitable bug in a software program. The software bug may allow an attacker to misuse an application. Unchecked user input: The program assumes that all user input is safe.
Programs that do not check user input can allow unintended direct execution of commands or SQL statements (known as Buffer overflows, SQL injection or other non-validated inputs).
Answer: B, C are incorrect. Use of common software and common code can make a network vulnerable.
Question No: 72 – (Topic 1)
You are the security manager of Microliss Inc. Your enterprise uses a wireless network infrastructure with access points ranging 150-350 feet. The employees using the network complain that their passwords and important official information have been traced. You discover the following clues: The information has proved beneficial to an other company. The other company is located about 340 feet away from your office. The other company is also using wireless network. The bandwidth of your network has degraded to a great extent. Which of the following methods of attack has been used?
A piggybacking attack has been performed.
A DOS attack has been performed.
The information is traced using Bluebugging.
A worm has exported the information.
Explanation: Piggybacking refers to access of a wireless Internet connection by bringing one#39;s own computer within the range of another#39;s wireless connection, and using that service without the subscriber#39;s explicit permission or knowledge. It is a legally and ethically controversial practice, with laws that vary in jurisdictions around the world. While completely outlawed in some jurisdictions, it is permitted in others. The process of sending data along with the acknowledgment is called piggybacking. Answer: C is incorrect.
Bluebugging is an attack used only in a Bluetooth network. Bluebugging is a form of bluetooth attack often caused by a lack of awareness. Bluebugging tools allow attacker to quot;take controlquot; of the victim#39;s phone via the usage of the victim#39;s Bluetooth phone headset. It does this by pretending to be the users bluetooth headset and therefore quot;trickingquot; the phone to obey its call commands. Answer: D is incorrect. A worm is a software program that uses computer networks and security holes to replicate itself from one computer to another. It usually performs malicious actions, such as using the resources of computers as well as shutting down computers. Answer: B is incorrect. A Denial-of-Service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network. It is also known as a network saturation attack or bandwidth consumption attack. Attackers perform DoS attacks by sending a large number of protocol packets to the network. The effects of a DoS attack are as follows: Saturates network resources Disrupts connections between two computers, thereby preventing communications between services Disrupts services to a specific computer Causes failure to access a Web site Results in an increase in the amount of spam A Denial-of-Service attack is very common on the Internet because it is much easier to accomplish. Most of the DoS attacks rely on the weaknesses in the TCP/IP protocol.
Question No: 73 – (Topic 1)
Anonymizers are the services that help make a user#39;s own Web surfing anonymous. An anonymizer removes all the identifying information from a user#39;s computer while the user surfs the Internet. It ensures the privacy of the user in this manner. After the user anonymizes a Web access with an anonymizer prefix, every subsequent link selected is also automatically accessed anonymously. Which of the following are limitations of anonymizers?
Question No: 74 – (Topic 1)
You work as a Network Administrator for XYZ CORP. The company has a Linux-based network. You need to configure a firewall for the company. The firewall should be able to keep track of the state of network connections traveling across the network. Which of the following types of firewalls will you configure to accomplish the task?
A network-based application layer firewall
Host-based application firewall
An application firewall
Answer: D Explanation:
A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected. Answer: B is incorrect. A host-based application firewall can monitor any application input, output, and/or system service calls made from, to, or by an application. This is done by examining information passed through system calls instead of, or in addition to, a network stack. A host-based application firewall can only provide protection to the applications running on the same host. An example of a host-based application firewall that controls system service calls by an application is AppArmor or the Mac OS X application firewall. Host-based application firewalls may also provide network-based application firewalling. Answer: A is incorrect. A network-based application layer firewall, also known as a proxy-based or reverse-proxy firewall, is a computer networking firewall that operates at the application layer of a protocol stack. Application firewalls specific to a particular kind of network traffic may be titled with the service name, such as a Web application firewall. They may be implemented through software running on a host or a stand-alone piece of network hardware. Often, it is a host using various forms of proxy servers to proxy traffic before passing it on to the client or server. Because it acts on the application layer, it may inspect the contents of the traffic, blocking specified content, such as certain websites, viruses, and attempts to exploit known logical flaws in client software. Answer: C is incorrect. An application firewall is a form of firewall that controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls that do not meet the configured policy of the firewall. The application firewall is typically built to monitor one or more specific applications or services (such as a web or database service), unlike a stateful network firewall, which can provide some access controls for nearly any kind of network traffic. There are two primary categories of application firewalls: Network-based application firewalls Host-based application firewalls
Question No: 75 – (Topic 1)
Which of the following Windows processes supports creating and deleting processes and
threads, running 16-bit virtual DOS machine processes, and running console windows?
Explanation: csrss.exe is a process that supports creating and deleting processes and threads, running 16-bit virtual DOS machine processes, and running console windows. Answer: B is incorrect. This process is the Windows Service Controller, which is responsible for starting and stopping system services running in the background. Answer: A is incorrect. This process supports the programs needed to implement the user interface, including the graphics subsystem and the log on processes. Answer: D is incorrect. This process includes most kernel-level threads, which manage the underlying aspects of the operating system.
Question No: 76 – (Topic 1)
Which of the following are HTML tags, used to create a table?
Explanation: In Hypertext Markup Language (HTML), a table is created using the
lt;TABLEgt;, lt;TRgt;, and lt;TDgt; tags. The lt;TABLEgt; tag designs the table layout, the lt;TRgt; tag is used to create a row, and the lt;TDgt; tag is used to create a column. For example, the following code generates a table with two rows and two columns:
lt;TRgt; lt;TDgt;Cell 1lt;/TDgt;
lt;TDgt;Cell 2lt;/TDgt; lt;/TRgt;
lt;TRgt; lt;TDgt;Cell 3lt;/TDgt;
lt;TDgt;Cell 4lt;/TDgt; lt;/TRgt;
Answer: C, E, and D are incorrect. There are no HTML tags such as lt;TABLE SETgt;, lt;TTgt;, and lt;SET TABLEgt;.
Question No: 77 – (Topic 1)
You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company has recently provided fifty laptops to its sales team members. You are required to configure an 802.11 wireless network for the laptops. The sales team members must be able to use their data placed at a server in a cabled network. The planned network should be able to handle the threat of unauthorized access and data interception by an unauthorized user. You are also required to prevent the sales team members from communicating directly to one another. Which of the following actions will you take to accomplish the task?
Implement the open system authentication for the wireless network.
Configure the wireless network to use WEP encryption for the data transmitted over a wireless network.
Using group policies, configure the network to allow the wireless computers to connect to the infrastructure networks only.
Implement the IEEE 802.1X authentication for the wireless network.
Using group policies, configure the network to allow the wireless computers to connect to the ad hoc networks only.
Explanation: In order to enable wireless networking, you have to install access points in various areas of your office building. These access points generate omni directional signals to broadcast network traffic. Unauthorized users can intercept these packets. Hence, security is the major concern for a wireless network. The two primary threats are unauthorized access and data interception. In order to accomplish the task, you will have to take the following steps: Using group policies, configure the network to allow the wireless computers to connect to the infrastructure networks only. This will prevent the sales team members from communicating directly to one another. Implement the IEEE 802.1X authentication for the wireless network. This will allow only authenticated users to access the network data and resources. Configure the wireless network to use WEP encryption for
data transmitted over a wireless network. This will encrypt the network data packets transmitted over wireless connections. Although WEP encryption does not prevent intruders from capturing the packets, it prevents them from reading the data inside.
Question No: 78 – (Topic 1)
You have to move the whole directory /foo to /bar. Which of the following commands will you use to accomplish the task?
mv /bar /foo
mv -R /foo /bar
mv /foo /bar
mv -r /bar /foo
Explanation: You will use the mv /foo /bar command to move the whole directory /foo to
/bar. The mv command moves files and directories from one directory to another or renames a file or directory. mv must always be given at least two arguments. The first argument is given as a source file. The second argument is interpreted as the destination. If destination is an existing directory, the source file is moved to that directory with the same name as the source. If the destination is any other directory, the source file is moved and/or renamed to that destination name. Syntax : mv [options] source destination Some important options used with mv command are as follows:
C:\Documents and Settings\user-nwz\Desktop\1.JPG
Answer: A is incorrect. The mv /bar /foo command will move the whole /bar directory to the
/foo directory. Answer: B, D are incorrect. These are not valid Linux commands.
Question No: 79 – (Topic 1)
What are the different categories of PL/SQL program units?
Explanation: A named block is a PL/SQL block that Oracle stores in the database and can be called by name from any application. A named block is also known as a stored procedure. Named blocks can be called from any PL/SQL block. It has a declaration section, which is known as a header. The header may include the name of a block, type of the block, and parameter. The name and list of formal parameters are known as the signature of a subroutine. Once a named PL/SQL block is compiled, it gets permanently stored as p-code after compilation in the shared pool of the system global area. Therefore, the named block gets compiled only once. An anonymous block is a PL/SQL block that appears in a user#39;s application and is neither named nor stored in the database. This block does not allow any mode of parameter. Anonymous block programs are effective in some situations. They are basically used when building scripts to seed data or perform one-time processing activities. They are also used when a user wants to nest activity in another PL/SQL block#39;s execution section. Anonymous blocks are compiled each time they are executed.
Question No: 80 – (Topic 1)
In which of the following is absolute size of frames expressed?
Explanation: Absolute size of frames is expressed in pixels. Size is expressed in terms of the number of pixels in a frame. Therefore, a change in the screen area of a display device does not affect the absolute frame size of a Web page.
100% Free Download!
–Download Free Demo:GSNA Demo PDF
100% Pass Guaranteed!
–Download 2017 EnsurePass GSNA Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|