GIAC GSNA Exam Practice Questions (P. 3)
- Full Access (416 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #21
Which of the following encryption modes are possible in WEP?
- A128 bit encryption
- BNo encryption
- C256 bit encryption
- D40 bit encryption
Correct Answer:
Answer: C is incorrect. WEP does not support 256 bit encryption.
WEP supports three encryption modes, i.e., no encryption, 40 bit encryption, and 128 bit encryption. Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security, which is equivalent to wired networks, for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. WEP incorporates a checksum in each frame to provide protection against the attacks that attempt to reveal the key stream.
Answer: C is incorrect. WEP does not support 256 bit encryption.
WEP supports three encryption modes, i.e., no encryption, 40 bit encryption, and 128 bit encryption. Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security, which is equivalent to wired networks, for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. WEP incorporates a checksum in each frame to provide protection against the attacks that attempt to reveal the key stream.
send
light_mode
delete
Question #22
Which of the following responsibilities does not come under the audit process?
- AReporting all facts and circumstances of their regular and illegal acts.
- BPlanning the IT audit engagement based on the assessed level of risk.
- CReviewing the results of the audit procedures.
- DApplying security policies.
Correct Answer:
Answer: D is incorrect. The auditor is not responsible for applying security policies.
According to the standards of ISACA, an auditor should hold the following responsibilities: Planning the IT audit engagement based on an assessed level of risk.
Designing audit procedures of irregular and illegal acts. Reviewing the results of the audit procedures. Assuming that acts are not isolated. Determining why the internal control system failed for that act. Conducting additional audit procedures. Evaluating the results of the expanded audit procedures. Reporting all facts and circumstances of the irregular and illegal acts. Distributing the report to the appropriate internal parties, such as managers.
Answer: D is incorrect. The auditor is not responsible for applying security policies.
According to the standards of ISACA, an auditor should hold the following responsibilities: Planning the IT audit engagement based on an assessed level of risk.
Designing audit procedures of irregular and illegal acts. Reviewing the results of the audit procedures. Assuming that acts are not isolated. Determining why the internal control system failed for that act. Conducting additional audit procedures. Evaluating the results of the expanded audit procedures. Reporting all facts and circumstances of the irregular and illegal acts. Distributing the report to the appropriate internal parties, such as managers.
send
light_mode
delete
Question #23
You are responsible for a large network that has its own DNS servers. You periodically check the log to see if there are any problems.
Which of the following are likely errors you might encounter in the log? (Choose three)
Which of the following are likely errors you might encounter in the log? (Choose three)
- AThe DNS server could not create FTP socket for address [IP address of server]
- BThe DNS server could not create an SMTP socket
- CActive Directory Errors
- DThe DNS server could not create a Transmission Control Protocol (TCP) socket
- EThe DNS server could not initialize the Remote Procedure Call (RPC) service
Correct Answer:
Answer: B is incorrect. DNS Servers do not create FTP connections.
There are a number of errors one could find in a Windows Server 2003 DNS log. They are as follows: The DNS server could not create a Transmission Control
Protocol. The DNS server could not open socket for address. The DNS server could not initialize the Remote Procedure Call (RPC) service. The DNS server could not bind the main datagram socket. The DNS Server service relies on Active Directory to store and retrieve information for Active Directory-integrated zones. And several active directory errors are possible.
Answer: B is incorrect. DNS Servers do not create FTP connections.
There are a number of errors one could find in a Windows Server 2003 DNS log. They are as follows: The DNS server could not create a Transmission Control
Protocol. The DNS server could not open socket for address. The DNS server could not initialize the Remote Procedure Call (RPC) service. The DNS server could not bind the main datagram socket. The DNS Server service relies on Active Directory to store and retrieve information for Active Directory-integrated zones. And several active directory errors are possible.
send
light_mode
delete
Question #24
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint.
Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?
Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?
- Anmap -sS
- Bnmap -sU -p
- Cnmap -O -p
- Dnmap -sT
Correct Answer:
Answer: B is incorrect. The nmap -sU -p switch can be used to perform UDP port scanning.
The nmap -O -p switch can be used to perform TCP/IP stack fingerprinting. Nmap is a free open-source utility for network exploration and security auditing. It is used to discover computers and services on a computer network, thus creating a "map" of the network. Just like many simple port scanners, Nmap is capable of discovering passive services. In addition, Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows etc.
TCP connection is never opened.
Answer: B is incorrect. The nmap -sU -p switch can be used to perform UDP port scanning.
The nmap -O -p switch can be used to perform TCP/IP stack fingerprinting. Nmap is a free open-source utility for network exploration and security auditing. It is used to discover computers and services on a computer network, thus creating a "map" of the network. Just like many simple port scanners, Nmap is capable of discovering passive services. In addition, Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows etc.
TCP connection is never opened.
send
light_mode
delete
Question #25
You work as a Network Administrator for XYZ CORP. The company has a Linux-based network. The company needs to provide secure network access. You have configured a firewall to prevent certain ports and applications from forwarding the packets to the company's intranet.
What does a firewall check to prevent these ports and applications from forwarding the packets to the intranet?
What does a firewall check to prevent these ports and applications from forwarding the packets to the intranet?
- AThe network layer headers and the session layer port numbers
- BThe application layer port numbers and the transport layer headers
- CThe transport layer port numbers and the application layer headers
- DThe presentation layer headers and the session layer port numbers
Correct Answer:
Answer: D, A, and B are incorrect. These are not checked by a firewall.
A firewall stops delivery of packets that are not marked safe by the Network Administrator. It checks the transport layer port numbers and the application layer headers to prevent certain ports and applications from forwarding the packets to an intranet.
Answer: D, A, and B are incorrect. These are not checked by a firewall.
A firewall stops delivery of packets that are not marked safe by the Network Administrator. It checks the transport layer port numbers and the application layer headers to prevent certain ports and applications from forwarding the packets to an intranet.
send
light_mode
delete
Question #26
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. You want to run two programs, foo and bar. You also want to ensure that bar is executed if and only if foo has executed successfully.
Which of the following command sequences will John use to accomplish the task?
Which of the following command sequences will John use to accomplish the task?
- Afoo; bar;
- Bfoo || bar;
- Cfoo | bar;
- Dfoo && bar;
Correct Answer:
Answer: A is incorrect. The foo; bar; command sequence will run foo and bar in a sequential manner, but the successful completion of the first command does not
According to the scenario, John will execute the foo && bar; command. Because of the && operator, bar will execute if and only if foo completes successfully. matter.
Answer: A is incorrect. The foo; bar; command sequence will run foo and bar in a sequential manner, but the successful completion of the first command does not
According to the scenario, John will execute the foo && bar; command. Because of the && operator, bar will execute if and only if foo completes successfully. matter.
send
light_mode
delete
Question #27
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He is configuring the Apache Web server settings. He does not want the commands being used in the settings to be stored in the history.
Which of the following commands can he use to disable history?
Which of the following commands can he use to disable history?
- Ahistory !!
- Bset +o history
- Chistory !N
- Dset -o history
Correct Answer:
Answer: D is incorrect. John cannot use the set -o history command to accomplish his task. This command is used to enable disabled history.
According to the scenario, John can use the set +o history command to disable history.
Answer: D is incorrect. John cannot use the set -o history command to accomplish his task. This command is used to enable disabled history.
According to the scenario, John can use the set +o history command to disable history.
send
light_mode
delete
Question #28
You are the Network Administrator for a software development company. Your company creates various utilities and tools. You have noticed that some of the files your company creates are getting deleted from systems. When one is deleted, it seems to be deleted from all the computers on your network.
Where would you first look to try and diagnose this problem?
Where would you first look to try and diagnose this problem?
- AAntivirus log
- BIDS log
- CSystem log
- DFirewall log
Correct Answer:
Answer: D is incorrect. The firewall log can help you identify traffic entering or leaving your network, but won't help with files being deleted.
Check the antivirus log and see if it is detecting your file as a virus and deleting it. All antivirus programs have a certain rate of false positives. Since the file is being deleted from all computers, it seems likely that your antivirus has mistakenly identified that file as a virus.
Answer: D is incorrect. The firewall log can help you identify traffic entering or leaving your network, but won't help with files being deleted.
Check the antivirus log and see if it is detecting your file as a virus and deleting it. All antivirus programs have a certain rate of false positives. Since the file is being deleted from all computers, it seems likely that your antivirus has mistakenly identified that file as a virus.
send
light_mode
delete
Question #29
Which of the following statements about a screened host is true?
- AIt facilitates a more efficient use of the Internet connection bandwidth and hides the real IP addresses of computers located behind the proxy.
- BIt is a small network that lies in between the Internet and a private network.
- CIt provides added security by using Internet access to deny or permit certain traffic from the Bastion Host.
- DIt provides a physical connection between computers within a network.
Correct Answer:
Answer: D is incorrect. A network interface card provides a physical connection between computers within a network.
A screened host provides added security by using Internet access to deny or permit certain traffic from the Bastion Host. between the Internet and an internal network, usually a combination of firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a large enterprise network or corporate network the ability to use the Internet while still maintaining its security. behind the proxy.
Answer: D is incorrect. A network interface card provides a physical connection between computers within a network.
A screened host provides added security by using Internet access to deny or permit certain traffic from the Bastion Host. between the Internet and an internal network, usually a combination of firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a large enterprise network or corporate network the ability to use the Internet while still maintaining its security. behind the proxy.
send
light_mode
delete
Question #30
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He notices that UDP port 137 of the We-are-secure server is open. Assuming that the Network Administrator of We-are-secure Inc. has not changed the default port values of the services.
Which of the following services is running on UDP port 137?
Which of the following services is running on UDP port 137?
- AHTTP
- BTELNET
- CNetBIOS
- DHTTPS
Correct Answer:
Answer: A is incorrect. Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup
NetBIOS is a Microsoft service that enables applications on different computers to communicate within a LAN. NetBIOS systems identify themselves with a 15- character unique name and use Server Message Block, which allows Remote directory, file and printer sharing, etc. The default port value of NetBIOS Name
Resolution Service is 137/UDP.
Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port.
Locater (URL) address line to connect to a secure site. If a site has been made secure by using the Secure Sockets Layer (SSL) then HTTPS, instead of HTTP protocol, should be used as a protocol type in the URL. allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. The TELNET utility uses the Telnet protocol for connecting to a remote computer running the Telnet server software, to access files. It uses TCP port 23 by default.
Answer: A is incorrect. Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup
NetBIOS is a Microsoft service that enables applications on different computers to communicate within a LAN. NetBIOS systems identify themselves with a 15- character unique name and use Server Message Block, which allows Remote directory, file and printer sharing, etc. The default port value of NetBIOS Name
Resolution Service is 137/UDP.
Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port.
Locater (URL) address line to connect to a secure site. If a site has been made secure by using the Secure Sockets Layer (SSL) then HTTPS, instead of HTTP protocol, should be used as a protocol type in the URL. allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. The TELNET utility uses the Telnet protocol for connecting to a remote computer running the Telnet server software, to access files. It uses TCP port 23 by default.
send
light_mode
delete
All Pages