New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

GSNA GIAC Systems and Network Auditor Questions and Answers

Questions 4

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He wants to break a dat a.txt file, 200MB in size, into two files in which the size of the first file named data.txt.aa should be 150MB and that of the second file named data.txt.ab should be 50MB. To accomplish his task and to further delete the data.txt file, he enters the following command: split --verbose -b 150m data.txt data.txt. ; rm -vf data.txt Which of the following commands can John use to join the splitted files into a new data.txt file?

Options:

A.

vi data.txt.* > data.txt

B.

less data.txt.* > data.txt

C.

vi data.txt.*

D.

cat data.txt.* > data.txt

Buy Now
Questions 5

Mike works as a Network Engineer for XYZ CORP. The company has a multi-platform network. Recently, the company faced lots of blended threat issues that lead to several drastic attacks. Mike has been assigned a project to manage the resources and services of the company through both Intranet and Internet to protect the company from these attacks. Mike needs a system that provides auto-discovering and network topology building features to allow him to keep an intuitive view of the IT infrastructure. What will Mike use to meet the requirement of the project?

Options:

A.

eBox

B.

dopplerVUe

C.

David system

D.

EM7

Buy Now
Questions 6

Which of the following statements about the /etc/profile file are true?

Options:

A.

It allows a system administrator to create a default home directory for all new users on a computer.

B.

A user can change the settings of the /etc/profile file, but he cannot delete the file. It can only be deleted by the root user.

C.

It can change the default umask value.

D.

It is used to configure and control system-wide default variables.

Buy Now
Questions 7

Peter works as a Web Developer for XYZ CORP. He is developing a Web site for the company. In one of the Web pages, Peter wants to ensure that certain information is consistent and visible while the other information changes. Which of the following will he use to accomplish this?

Options:

A.

Tables

B.

Navigation links

C.

Data elements

D.

Frames

Buy Now
Questions 8

Which of the following methods is used to get a cookie from a client? Note: Here, request is a reference of type HttpServletRequest, and response is a reference of type HttpServletResponse.

Options:

A.

Cookie [] cookies = request.getCookies();

B.

Cookie [] cookies = request.getCookie(String str)

C.

Cookie [] cookies = response.getCookie(String str)

D.

Cookie [] cookies = response.getCookies()

Buy Now
Questions 9

John works as a Network Auditor for XYZ CORP. The company has a Windows-based network. John wants to conduct risk analysis for the company. Which of the following can be the purpose of this analysis? (Choose three)

Options:

A.

To ensure absolute safety during the audit

B.

To analyze exposure to risk in order to support better decision-making and proper management of those risks

C.

To try to quantify the possible impact or loss of a threat

D.

To assist the auditor in identifying the risks and threats

Buy Now
Questions 10

Which of the following key combinations in the vi editor is used to copy the current line?

Options:

A.

dk

B.

yy

C.

d$

D.

dl

Buy Now
Questions 11

You work as an Exchange Administrator for XYZ CORP. The network design of the company is given below:

Employees are required to use Microsoft Outlook Web Access to access their emails remotely. You are required to accomplish the following goals: Ensure fault tolerance amongst the servers. Ensure the highest level of security and encryption for the Outlook Web Access clients. What will you do to accomplish these goals?

Options:

A.

Install one front-end Exchange 2000 server and continue to run Microsoft Outlook Web Access on the existing server. Place the new server on the perimeter network. Configure unique URLs for each server. Configure Certificate Services. Create a rule on the firewall to direct port 443 to the servers.

B.

Install two front-end Exchange 2000 servers. Place the new servers on the internal network and configure load balancing between them. Configure Certificate Services. Create a rule on the firewall to redirect port 443 to the servers.

C.

Install two front-end Exchange 2000 servers. Place the new servers on the perimeter network and configure load balancing between them. Configure Certificate Services. Create a rule on the firewall to redirect port 443 to the servers.

D.

Install two Exchange 2000 servers. Place the new servers on the perimeter network. Configure unique URLs for each server. Configure Certificate Services. Create a rule on the firewall to direct port 443 to the servers.

Buy Now
Questions 12

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to see the list of the filesystems mounted automatically at startup by the mount -a command in the /etc/rc startup file. Which of the following Unix configuration files can you use to accomplish the task?

Options:

A.

/etc/named.conf

B.

/etc/groups

C.

/etc/mtab

D.

/etc/fstab

Buy Now
Questions 13

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to perform a stealth scan to discover open ports and applications running on the We-are-secure server. For this purpose, he wants to initiate scanning with the IP address of any third party. Which of the following scanning techniques will John use to accomplish his task?

Options:

A.

UDP

B.

RPC

C.

IDLE

D.

TCP SYN/ACK

Buy Now
Questions 14

You are concerned about war driving bringing hackers attention to your wireless network. What is the most basic step you can take to mitigate this risk?

Options:

A.

Implement WPA

B.

Implement WEP

C.

Don't broadcast SSID

D.

Implement MAC filtering

Buy Now
Questions 15

Victor wants to use Wireless Zero Configuration (WZC) to establish a wireless network connection using his computer running on Windows XP operating system. Which of the following are the most likely threats to his computer? (Choose two)

Options:

A.

Information of probing for networks can be viewed using a wireless analyzer and may be used to gain access.

B.

Attacker can use the Ping Flood DoS attack if WZC is used.

C.

Attacker by creating a fake wireless network with high power antenna cause Victor's computer to associate with his network to gain access.

D.

It will not allow the configuration of encryption and MAC filtering. Sending information is not secure on wireless network.

Buy Now
Questions 16

You work as an IT Technician for XYZ CORP. You have to take security measures for the wireless network of the company. You want to prevent other computers from accessing the company's wireless network. On the basis of the hardware address, which of the following will you use as the best possible method to accomplish the task?

Options:

A.

RAS

B.

MAC Filtering

C.

SSID

D.

WEP

Buy Now
Questions 17

Which of the following tools is used for port scanning?

Options:

A.

L0phtcrack

B.

NSLOOKUP

C.

NETSH

D.

Nmap

Buy Now
Questions 18

You work as a Database Administrator for XYZ CORP. The company has a multi-platform network. The company requires fast processing of the data in the database of the company so that answers to queries can be generated quickly. To provide fast processing, you have a conceptual idea of representing the dimensions of data available to a user in the data cube format. Which of the following systems can you use to implement your idea?

Options:

A.

SYSDBA

B.

MDDBMS

C.

Federated database system

D.

Hierarchical database system

Buy Now
Questions 19

Which of the following wireless security standards supported by Windows Vista provides the highest level of security?

Options:

A.

WPA-EAP

B.

WEP

C.

WPA-PSK

D.

WPA2

Buy Now
Questions 20

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to check the status of the printer and set its state. Which of the following Unix commands can you use to accomplish the task?

Options:

A.

banner

B.

lpq

C.

lpc

D.

lpr

Buy Now
Questions 21

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He has recently backed up his entire Linux hard drive into the my_backup.tgz file. The size of the my_backup.tgz file is 800MB. Now, he wants to break this file into two files in which the size of the first file named my_backup.tgz.aa should be 600MB and that of the second file named my_backup.tgz.ab should be 200MB. Which of the following commands will John use to accomplish his task?

Options:

A.

split --verbose -b 200m my_backup.tgz my_backup.tgz

B.

split --verbose -b 200m my_backup.tgz my_backup.tgz

C.

split --verbose -b 600m my_backup.tgz my_backup.tgz

D.

split --verbose -b 600m my_backup.tgz my_backup.tgz

Buy Now
Questions 22

Which of the following are the countermeasures against WEP cracking?

Options:

A.

Using the longest key supported by hardware.

B.

Changing keys often.

C.

Using a non-obvious key.

D.

Using a 16 bit SSID.

Buy Now
Questions 23

You work as the Network Technician for XYZ CORP. The company has a Linux-based network. You are working on the Red Hat operating system. You want to view only the last 4 lines of a file named /var/log/cron. Which of the following commands should you use to accomplish the task?

Options:

A.

tail -n 4 /var/log/cron

B.

tail /var/log/cron

C.

cat /var/log/cron

D.

head /var/log/cron

Buy Now
Questions 24

Web mining allows a user to look for patterns in data through content mining, structure mining, and usage mining. What is the function of structure mining?

Options:

A.

To examine data collected by search engines

B.

To examine data collected by Web spiders

C.

To examine data related to the structure of a particular Web site

D.

To examine data related to a particular user's browser

Buy Now
Questions 25

What is the purpose of Cellpadding attribute of

tag?

Options:

A.

Cellpadding is used to set the width of cell border and its content.

B.

Cellpadding is used to set the width of a table.

C.

Cellpadding is used to set the space between the cell border and its content.

D.

Cellpadding is used to set the space between two cells in a table.

Buy Now
Questions 26

You have been assigned a project to develop a Web site for a construction company. You have to develop a Web site and want to get more control over the appearance and presentation of your Web pages. You also want to increase the ability to precisely specify the location and appearance of the elements on a page and create special effects. You plan to use Cascading style sheets (CSS). You want to apply the same style consistently throughout your Web site. Which type of style sheet will you use?

Options:

A.

Internal Style Sheet

B.

External Style Sheet

C.

Inline Style Sheet

D.

Embedded Style Sheet

Buy Now
Questions 27

In the DNS Zone transfer enumeration, an attacker attempts to retrieve a copy of the entire zone file for a domain from a DNS server. The information provided by the DNS zone can help an attacker gather user names, passwords, and other valuable information. To attempt a zone transfer, an attacker must be connected to a DNS server that is the authoritative server for that zone. Besides this, an attacker can launch a Denial of Service attack against the zone's DNS servers by flooding them with a lot of requests. Which of the following tools can an attacker use to perform a DNS zone transfer?

Options:

A.

DSniff

B.

Dig

C.

Host

D.

NSLookup

Buy Now
Questions 28

Which of the following commands can be used to find out where commands are located?

Options:

A.

type

B.

which

C.

env

D.

ls

Buy Now
Questions 29

John works as a Security Professional. He is assigned a project to test the security of www.we-are-secure.com. John wants to get the information of all network connections and listening ports in the numerical form. Which of the following commands will he use?

Options:

A.

netstat -e

B.

netstat –r

C.

netstat -s

D.

netstat –an

Buy Now
Questions 30

Which of the following tools is used to make fake authentication certificates?

Options:

A.

Obiwan

B.

Netcat

C.

WinSSLMiM

D.

Brutus

Buy Now
Questions 31

You work as a Network Administrator for NetTech Inc. Your computer has the Windows 2000 Server operating system. You want to harden the security of the server. Which of the following changes are required to accomplish this? (Choose two)

Options:

A.

Remove the Administrator account.

B.

Disable the Guest account.

C.

Rename the Administrator account.

D.

Enable the Guest account.

Buy Now
Questions 32

Which of the following statements about a session are true? (Choose two)

Options:

A.

The creation time can be obtained using the getSessionCreationTime() method of the HttpSession.

B.

The getAttribute() method of the HttpSession interface returns a String.

C.

The time for the setMaxInactiveInterval() method of the HttpSession interface is specified in seconds.

D.

The isNew() method is used to identify if the session is new.

Buy Now
Questions 33

Which of the following allows the use of multiple virtual servers using different DNS names resolved by the same IP address?

Options:

A.

HTTP 1.1

B.

JAVA

C.

HTML

D.

VPN

Buy Now
Questions 34

In addition to denying and granting access, what other services does a firewall support?

Options:

A.

Network Access Translation (NAT)

B.

Secondary connections

C.

Control Internet access based on keyword restriction

D.

Data caching

Buy Now
Questions 35

John visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1. Original cookie values: ItemID1=2 ItemPrice1=900 ItemID2=1 ItemPrice2=200 Modified cookie values: ItemID1=2 ItemPrice1=1 ItemID2=1 ItemPrice2=1 Now, he clicks the Buy button, and the prices are sent to the server that calculates the total price. Which of the following hacking techniques is John performing?

Options:

A.

Cross site scripting

B.

Man-in-the-middle attack

C.

Cookie poisoning

D.

Computer-based social engineering

Buy Now
Questions 36

Which of the following are HTML tags, used to create a table?

Options:

A.

B.

C.

D.

E.

F.

Buy Now
, , and
tags. The tag designs the table layout, the tag is used to create a row, and the
tag is used to create a column. For example, the following code generates a table with two rows and two columns:

Cell 1 Cell 2
Cell 3 Cell 4

Answer: C, E, and D are incorrect. There are no HTML tags such as

, , and .

Questions 37

Which of the following types of attack is described in the statement below? "It is a technique employed to compromise the security of network switches. In this attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table."

Options:

A.

Man-in-the-middle

B.

Blind spoofing

C.

Dictionary

D.

MAC flooding

Buy Now
Questions 38

Which of the following statements is true about COLSPAN attribute?

Options:

A.

COLSPAN is used to create columns in a table.

B.

COLSPAN is used to divide one column into many columns.

C.

COLSPAN is used to span one column across many rows.

D.

COLSPAN is used to span one column across many columns.

Buy Now
and tags that allow a single column in a table to take space that is occupied by several columns. If the specified COLSPAN value is greater than the number of columns in the table, then a new column is created at the end of the row. Reference: MSDN, Contents: COLSPAN

Questions 39

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to do RARP mapping from hardware mapping addresses to IP addresses. Which of the following Unix configuration files can you use to accomplish the task?

Options:

A.

/etc/dhcpd.conf

B.

/etc/motd

C.

/etc/exports

D.

/etc/ethers

Buy Now
Questions 40

Which of the following statements are true about the Enum tool?

Options:

A.

It uses NULL and User sessions to retrieve user lists, machine lists, LSA policy information, etc.

B.

It is capable of performing brute force and dictionary attacks on individual accounts of Windows NT/2000.

C.

One of the countermeasures against the Enum tool is to disable TCP port 139/445.

D.

It is a console-based Win32 information enumeration utility.

Buy Now
Questions 41

You work as the Network Administrator for XYZ CORP. The company has a Linux-based network. You are a root user on the Red Hat operating system. You want to see first five lines of the file /etc/passwd. Which of the following commands should you use to accomplish the task?

Options:

A.

head -n 5 /etc/passwd

B.

head 5 -n /etc/passwd

C.

tail -n 5 /etc/passwd

D.

head /etc/passwd

Buy Now
Questions 42

You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company has recently provided laptops to its sales team members. You have configured access points in the network to enable a wireless network. The company's security policy states that all users using laptops must use smart cards for authentication. Which of the following authentication techniques will you use to implement the security policy of the company?

Options:

A.

IEEE 802.1X using EAP-TLS

B.

IEEE 802.1X using PEAP-MS-CHAP

C.

Pre-shared key

D.

Open system

Buy Now
Questions 43

Which of the following statements are true about KisMAC?

Options:

A.

It scans for networks passively on supported cards.

B.

It cracks WEP and WPA keys by Rainbow attack or by dictionary attack.

C.

It is a wireless network discovery tool for Mac OS X.

D.

Data generated by KisMAC can also be saved in pcap format. \

Buy Now
Questions 44

Sam works as a Web Developer for McRobert Inc. He creates a Web site. He wants to include the following table in the Web site:

He writes the following HTML code to create the table:

1.

2.

3.

4.

5.

6.

7.

9.

11.

13.

14.

15.

17.

19.

21.

22.

8.

10.

12.

16.

18.

20.

Which of the following tags will Sam place at lines 3 and 4 to create the table?

Options:

A.

at line 3 at line 4

B.

at line 3 at line 4

C.

at line 4 at line

D.

at line 3 at line 4

Buy Now
Questions 45

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint. Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?

Options:

A.

nmap -sS

B.

nmap -sU -p

C.

nmap -O -p

D.

nmap -sT Explanation:

Buy Now
Questions 46

Which of the following is the default port for Hypertext Transfer Protocol (HTTP)?

Options:

A.

20

B.

443

C.

80

D.

21

Buy Now
Questions 47

Which of the following statements are true about data aggregation?

Options:

A.

A common aggregation purpose is to get more information about particular groups based on specific variables.

B.

Data aggregation cannot be user-based.

C.

Data aggregation is any process in which information is gathered and expressed in a summary form.

D.

Online analytic processing (OLAP) is a simple type of data aggregation.

Buy Now
Questions 48

Which of the following is a wireless auditing tool that is used to pinpoint the actual physical location of wireless devices in the network?

Options:

A.

KisMAC

B.

Ekahau

C.

Kismet

D.

AirSnort

Buy Now
Questions 49

Which of the following tools can be used to perform ICMP tunneling? (Choose two)

Options:

A.

Itunnel

B.

Ptunnel

C.

WinTunnel

D.

Ethereal

Buy Now
Questions 50

The employees of CCN Inc. require remote access to the company's proxy servers. In order to provide solid wireless security, the company uses LEAP as the authentication protocol. Which of the following is supported by the LEAP protocol?

Options:

A.

Dynamic key encryption

B.

Public key certificate for server authentication

C.

Strongest security level

D.

Password hash for client authentication

Buy Now
Questions 51

Mark works as the Network Administrator for XYZ CORP. The company has a Unix-based network. Mark wants to scan one of the Unix systems to detect security vulnerabilities. To accomplish this, he uses TARA as a system scanner. What can be the reasons that made Mark use TARA?

Options:

A.

It has a very specific function of seeking paths to root.

B.

It is composed mostly of bash scripts

C.

It works on a wide variety of platforms.

D.

It is very modular.

Buy Now
Questions 52

Which of the following statements are true about MS-CHAPv2?

Options:

A.

It is a connectionless protocol.

B.

It provides an authenticator-controlled password change mechanism.

C.

It is subject to offline dictionary attacks.

D.

It can be replaced with EAP-TLS as the authentication mechanism for PPTP.

Buy Now
Questions 53

Mark is an attacker. He wants to discover wireless LANs by listening to beacons or sending probe requests and thereby provide a launch point for further attacks. Which of the following tools can he use to accomplish the task?

Options:

A.

DStumbler

B.

Wellenreiter

C.

KisMAC

D.

Airmon-ng

Buy Now
Questions 54

Which of the following Web attacks is performed by manipulating codes of programming languages such as SQL, Perl, Java present in the Web pages?

Options:

A.

Command injection attack

B.

Code injection attack

C.

Cross-Site Scripting attack

D.

Cross-Site Request Forgery

Buy Now
Exam Code: GSNA
Exam Name: GIAC Systems and Network Auditor
Last Update: Dec 27, 2024
Questions: 368
GSNA pdf

GSNA PDF

$25.5  $84.99
GSNA Engine

GSNA Testing Engine

$30  $99.99
GSNA PDF + Engine

GSNA PDF + Testing Engine

$40.5  $134.99