Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home GIAC GSNA

GIAC GSNA Exam Practice Questions (P. 2)

  • Full Access (416 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #11
You work as a Network Administrator for XYZ CORP. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company's management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks: The wireless network communication should be secured. The laptop users should be able to use smart cards for getting authenticated. In order to accomplish the tasks, you take the following steps: Configure 802.1x and WEP for the wireless connections. Configure the PEAP-MS-CHAP v2 protocol for authentication.
What will happen after you have taken these steps?
  1. A
    Both tasks will be accomplished.
  2. B
    The laptop users will be able to use smart cards for getting authenticated.
  3. C
    The wireless network communication will be secured.
  4. D
    None of the tasks will be accomplished.

Correct Answer:
C
As 802.1xand WEP are configured, this step will enable the secure wireless network communication. For authentication, you have configured the PEAP-MS-
CHAP v2 protocol. This protocol can be used for authentication on wireless networks, but it cannot use a public key infrastructure (PKI). No certificate can be issued without a PKI. Smart cards cannot be used for authentication without certificates. Hence, the laptop users will not be able to use smart cards for getting authenticated.

Question #12
You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to print the super block and block the group information for the filesystem present on a system.
Which of the following Unix commands can you use to accomplish the task?
  1. A
    e2fsck
  2. B
    dump
  3. C
    dumpe2fs
  4. D
    e2label

Correct Answer:
Answer: B is incorrect. In Unix, the dump command is used to back up an ext2 filesystem.
In Unix, the dumpe2fs command dumps the filesystem superblock and blocks the group information.
Answer A is incorrect. The e2fsck command is used to check the second extended file system (E2FS) of a Linux computer. Syntax: e2fsck [options] <device>
Where, <device> is the file name of a mounted storage device (for example, /dev/hda1). Several options are used with the e2fsck command. Following is a list of some important options:

Question #13
Which of the following is a wireless auditing tool that is used to pinpoint the actual physical location of wireless devices in the network?
  1. A
    KisMAC
  2. B
    Ekahau
  3. C
    Kismet
  4. D
    AirSnort

Correct Answer:
Answer: D is incorrect. AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring
Ekahau is an easy-to-use powerful and comprehensive tool for network site surveys and optimization. Itis an auditing tool that can be used to pinpoint the actual physical location of wireless devices in the network. This tool can be used to make a map of the office and then perform the survey of the office. In the process, if one finds an unknown node, ekahau can be used to locate that node. transmissions. It uses Ciphertext Only Attack and captures approximately5 to 10 million packets to decrypt the WEP keys. raw monitoring (rfmon) mode. Kismet can sniff802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks:
✑ To identify networks by passively collecting packets
To detect standard named networks

✑ To detect masked networks
✑ To collect the presence of non-beaconing networks via data traffic namesake and far exceeding those of NetStumbler, its closest equivalent on Windows. The program is geared toward network security professionals, and is not as novice-friendly as similar applications. KisMAC will scan for networks passively on supported cards - including Apple's AirPort, and AirPort Extreme, and many third-party cards, and actively on any card supported by Mac OS X itself. Cracking of WEP and WPA keys, both by brute force, and exploiting flaws such as weak scheduling and badly generated keys is supported when a card capable of monitor mode is used, and packet reinjection can be done with a supported card. GPS mapping can be performed when an NMEA compatible GPS receiver is attached. Data can also be saved in pcap format and loaded into programs such as
Wireshark.

Question #14
Which of the following tools works both as an encryption-cracking tool and as a keylogger?
  1. A
    Magic Lantern
  2. B
    KeyGhost Keylogger
  3. C
    Alchemy Remote Executor
  4. D
    SocketShield

Correct Answer:
Answer: C is incorrect. Alchemy Remote Executor is a system management tool that allows Network Administrators to execute programs on remote network
Magic Lantern works both as an encryption-cracking tool and as a keylogger. computers without leaving their workplace. From the hacker's point of view, it can be useful for installing keyloggers, spyware, Trojans, Windows rootkits and such.
One necessary condition for using the Alchemy Remote Executor is that the user/attacker must have the administrative passwords of the remote computers on which the malware is to be installed. keyboard cable. Once the KeyGhost keylogger is attached to the computer, it quietly logs every key pressed on the keyboard into its own internal Flash memory
(just as with smart cards). When the log becomes full, it overwrites the oldest keystrokes with the newest ones.
SocketShield provides protection at the following two levels:
1. Blocking: In this level, SocketShield uses a list of IP addresses that are known as purveyor of exploits. All http requests for any page in these domains are simply blocked.
2.Shielding: In this level, SocketShield blocks all the current and past IP addresses that are the cause of unauthorized access.

Question #15
You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to set some terminal characteristics and environment variables.
Which of the following Unix configuration files can you use to accomplish the task?
  1. A
    /etc/sysconfig/routed
  2. B
    /proc/net
  3. C
    /etc/sysconfig/network-scripts/ifcfg-interface
  4. D
    /etc/sysconfig/init

Correct Answer:
Answer: B is incorrect. In Unix, the /proc/net file contains status information about the network protocols.
In Unix, the /etc/sysconfig/init file is used to set terminal characteristics and environment variables.

Question #16
You work as a Network Auditor for XYZ CORP. The company has a Windows-based network. While auditing the company's network, you are facing problems in searching the faults and other entities that belong to it.
Which of the following risks may occur due to the existence of these problems?
  1. A
    Residual risk
  2. B
    Inherent risk
  3. C
    Secondary risk
  4. D
    Detection risk

Correct Answer:
Answer: A is incorrect. Residual risk is the risk or danger of an action or an event, a method or a (technical) process that, although being abreast with science, still
Detection risks are the risks that an auditor will not be able to find what they are looking to detect. Hence, it becomes tedious to report negative results when material conditions (faults) actually exist. Detection risk includes two types of risk:
Sampling risk: This risk occurs when an auditor falsely accepts or erroneously rejects an audit sample.
Nonsampling risk: This risk occurs when an auditor fails to detect a condition because of not applying the appropriate procedure or using procedures inconsistent with the audit objectives (detection faults). conceives these dangers, even if all theoretically possible safety measures would be applied (scientifically conceivable measures). The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). In the economic context, residual means "the quantity left over at the end of a process; a remainder". due to error or fraud. The assessment of inherent risk depends on the professional judgment of the auditor, and it is done after assessing the business environment of the entity being audited. dealing with the original risk. Secondary risks are not as rigorous or important as primary risks, but can turn out to be so if not estimated and planned properly.

Question #17
Which of the following statements are true about locating rogue access points using WLAN discovery software such as NetStumbler, Kismet, or MacStumbler if you are using a Laptop integrated with Wi-Fi compliant MiniPCI card? (Choose two)
  1. A
    These tools can determine the rogue access point even when it is attached to a wired network.
  2. B
    These tools can determine the authorization status of an access point.
  3. C
    These tools cannot detect rogue access points if the victim is using data encryption.
  4. D
    These tools detect rogue access points if the victim is using IEEE 802.11 frequency bands.

Correct Answer:
Answer: A, C are incorrect. The WLAN software such as NetStumbler, Kismet, or MacStumbler can search rogue access points even when the victim is using data
WLAN discovery software such as NetStumbler, Kismet, or MacStumbler can be used to detect rogue access points if the victim is using IEEE 802 frequency bands. However, if the victim is using non-IEEE 802.11 frequency bands or unpopular modulations, these tools might not detect rogue access. NetStumbler, kismet, or MacStumbler also gives the authorization status of an access point. A Rogue access point (AP) is set up by the attackers in an Enterprise's network.
The attacker captures packets in the existing wireless LAN (WLAN) and finds the SSID and security keys (by cracking). Then the attacker sets up his own AP using the same SSID and security keys. The network clients unknowingly use this AP and the attacker captures their usernames and passwords. This can help the attacker to intrude the security and have access to the Enterprise data. encryption. However, these tools cannot determine the rogue access point even when it is attached to a wired network.

Question #18
A Web developer with your company wants to have wireless access for contractors that come in to work on various projects. The process of getting this approved takes time. So rather than wait, he has put his own wireless router attached to one of the network ports in his department.
What security risk does this present?
  1. A
    None, adding a wireless access point is a common task and not a security risk.
  2. B
    It is likely to increase network traffic and slow down network performance.
  3. C
    This circumvents network intrusion detection.
  4. D
    An unauthorized WAP is one way for hackers to get into a network.

Correct Answer:
D
Any unauthorized Wireless Access Point (WAP) is a serious security breach. Its configuration might be very unsecure. For example, it might not use encryption or
MAC filtering, thus allowing anyone in range to get on the network.

Question #19
Which of the following allows the use of multiple virtual servers using different DNS names resolved by the same IP address?
  1. A
    HTTP 1.1
  2. B
    JAVA
  3. C
    HTML
  4. D
    VPN

Correct Answer:
sites can be hosted on a single computer. It means that there is no need to allocate different computers and software packages for each site. Answer: D is
HTTP 1.1 allows the use of multiple virtual servers, all using different DNS names resolved by the same IP address. The WWW service supports a concept called virtual server. A virtual server can be used to host multiple domain names on the same physical Web server. Using virtual servers, multiple FTP sites and Web incorrect. VPN stands for virtual private network. It allows users to use the Internet as a secure pipeline to their corporate local area networks (LANs). Remote users can dial-in to any local Internet Service Provider (ISP) and initiate a VPN session to connect to their corporate LAN over the Internet. Companies using
VPNs significantly reduce long-distance dial-upcharges. VPNs also provide remote employees with an inexpensive way of remaining connected to their company's
LAN for extended periods.
executables. Java source code files are compiled into a format known as bytecode (files with .class extension). Java supports programming for the Internet in the form of Java applets. Java applets can be executed on a computer having a Java interpreter and a run-time environment known as Java Virtual Machine (JVM).
Java Virtual Machines (JVMs) are available for most operating systems, including UNIX, Macintosh OS, and Windows. specifications. The markup tells the Web browser how to display the content of the Web page.

Question #20
Which of the following is Microsoft's implementation of the file and application server for the Internet and private intranets?
  1. A
    Internet Server Service (ISS)
  2. B
    Internet Server (IS)
  3. C
    WWW Server (WWWS)
  4. D
    Internet Information Server (IIS)

Correct Answer:
D
Microsoft Internet Information Server (IIS)is a Web Application server for the Internet and private intranets. IIS receives requests from users on the network using the World Wide Web (WWW) service and transmits information using the Hypertext Transport Protocol (HTTP). IIS uses Microsoft Transaction Server (MTS) to provide security, performance, and scalability with server side packages.

Previous Questions Next Questions

All Pages