FLYDUMPS Certified Professionals update its FLYDUMPS GIAC GSNA exam sample questions regularly to maintain accuracy and high quality. We have always been providing updated and accurate FLYDUMPS GIAC GSNA exam sample questions to hundreds of now successful. FLYDUMPS is the best source to prepare for your GIAC GSNA exam and help you pass this exam easily. FLYDUMPS Certified Professionals update its FLYDUMPS GIAC GSNA exam sample questions regularly to maintain accuracy and high quality. Candidates involving GIAC GSNA exam sample questions is going to be increasing together with current solutions involving Juniper goods and also using its remedies and as such the particular candidates usually are sure together with excellent work.
QUESTION NO: 1
Sarah works as a Web Developer for XYZ CORP. She is creating a Web site for her company. Sarah wants greater control over the appearance and presentation of Web pages. She wants the ability to precisely specify the display attributes and the appearance of elements on the Web pages. How will she accomplish this?
A. Use the Database Design wizard.
B. Make two templates, one for the index page and the other for all other pages.
C. Use Cascading Style Sheet (CSS).
D. Make a template and use it to create each Web page.
Answer: C Explanation: Sarah should use the Cascading Style Sheet (CSS) while creating Web pages. This will give her greater control over the appearance and presentation of the Web pages and will also enable her to precisely specify the display attributes and the appearance of elements on the Web pages.
QUESTION NO: 2
You work as a Network Administrator for XYZ CORP. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest single domain network. You have installed a Windows Server 2008 computer. You have configured auditing on this server. The client computers of the company use the Windows XP Professional operating system. You want to audit each event that is related to a user managing an account in the user database on the computer where the auditing is configured. To accomplish the task, you have enabled the Audit account management option on the server. Which of the following events can be audited by enabling this audit option?
A. Access to an Active Directory object
B. Change of password for a user account
C. Addition of a user account to a group
D. Creation of a user account
Answer: B,C,D Explanation: Audit account management is one of the nine audit settings that can be configured on a Windows computer. This option is enabled to audit each event that is related to a user managing an account in the user database on the computer where the auditing is configured. These events include the following: Creating a user account Adding a user account to a group
Renaming a user account Changing password for a user account This option is also used to audit
the changes to the domain account of the domain controllers.
QUESTION NO: 3
John works as a contract Ethical Hacker. He has recently got a project to do security checking for www.we-are-secure.com. He wants to find out the operating system of the we-are-secure server in the information gathering step. Which of the following commands will he use to accomplish the task? (Choose two)
A. nc 126.96.36.199 23
B. nmap -v -O www.we-are-secure.com
C. nc -v -n 188.8.131.52 80
D. nmap -v -O 184.108.40.206
Answer: B,D Explanation: According to the scenario, John will use “nmap -v -O 220.127.116.11” to detect the operating system of the we-are-secure server. Here, -v is used for verbose and -O is used for TCP/IP fingerprinting to guess the remote operating system. John may also use the DNS name of we-are-secure instead of using the IP address of the we-are-secure server. So, he can also use the nmap command “nmap -v -O www.we-are-secure.com “. Answer: C is incorrect. “nc -v -n
18.104.22.168 80” is a Netcat command, which is used to banner grab for getting information about the
QUESTION NO: 4
You check performance logs and note that there has been a recent dramatic increase in the amount of broadcast traffic. What is this most likely to be an indicator of?
A. Misconfigured router
B. DoS attack
C. Syn flood
Answer: B Explanation: There are several denial of service (DoS) attacks that specifically use broadcast traffic to flood a targeted computer. Seeing an unexplained spike in broadcast traffic could be an indicator of an attempted denial of service attack. Answer: D is incorrect. Viruses can cause an increase in network traffic, and it is possible for that to be broadcast traffic. However, a DoS attack is more likely than a virus to cause this particular problem. Answer: C is incorrect. A syn flood does not cause increased broadcast traffic. Answer: A is incorrect. A misconfigured router could possibly cause an increase in broadcast traffic. However, this a recent problem, the router is unlikely to be the issue.
QUESTION NO: 5
You run the wc -c file1.txt command. If this command displays any error message, you want to store the error message in the error.txt file. Which of the following commands will you use to accomplish the task?
A. wc -c file1.txt >>error.txt
B. wc -c file1.txt 1>error.txt
C. wc -c file1.txt 2>error.txt
D. wc -c file1.txt >error.txt
Explanation: According to the scenario, you will use the wc -c file1.txt 2>error.txt command to
accomplish the task. The 2> operator is an error redirector, which, while running a command,
redirects the error (if it exists) on the specified file. Answer: B, D are incorrect. The > or 1>
redirector can be used to redirect the output of the wc -c file1.txt file to the error.txt file; however,
you want to write the errors in the error.txt file, not the whole output. Answer: A is incorrect. The >>
operator will redirect the output of the command in the same manner as the > or 1> operator.
Although the >> operator will not overwrite the error.txt file, it will append the error.txt file.
QUESTION NO: 6
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He wants to forward all the kernel messages to the remote host having IP address 192.168.0.1. Which of the following changes will he perform in the syslog.conf file to accomplish the task?
A. kern.* @192.168.0.1
B. !*.* @192.168.0.1
C. !kern.* @192.168.0.1
D. *.* @192.168.0.1
Answer: A Explanation: According to the scenario, John will make the following entry in the syslog.conf file to forward all the kernel messages to the remote host having IP address 192.168.0.1: kern.* @192.168.0.1 Answer: D is incorrect. This entry will forward all the messages to the remote host having IP address 192.168.0.1. Answer: B is incorrect. This entry will not forward any message to the remote host having IP address 192.168.0.1. Answer: C is incorrect. This entry will not forward any kernel message to the remote host having IP address 192.168.0.1.
QUESTION NO: 7
John works as a Security Professional. He is assigned a project to test the security of www.we- are-secure.com. John wants to get the information of all network connections and listening ports in the numerical form. Which of the following commands will he use?
A. netstat -e
B. netstat –r
C. netstat -s
D. netstat –an
Answer: D Explanation: According to the scenario, John will use the netstat -an command to accomplish the task. The netstat -an command is used to get the information of all network connections and listening ports in the numerical form. The netstat command displays protocol-related statistics and the state of current TCP/IP connections. It is used to get information about the open connections on a computer, incoming and outgoing data, as well as the ports of remote computers to which the computer is connected. The netstat command gets all this networking information by reading the kernel routing tables in the memory. Answer: A is incorrect. The netstat -e command displays the Ethernet information. Answer: B is incorrect. The netstat -r command displays the routing table information. Answer: C is incorrect. The netstat -s command displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP.
QUESTION NO: 8
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to use Kismet as a wireless sniffer to sniff the We- are-secure network. Which of the following IEEE-based traffic can be sniffed with Kismet?
Answer: A,B,C,D Explanation: Kismet can sniff IEEE 802.11a, 802.11b, 802.11g, and 802.11n-based wireless network traffic.
QUESTION NO: 9
Which of the following statements about the traceroute utility are true?
A. It uses ICMP echo packets to display the Fully Qualified Domain Name (FQDN) and the IP address of each gateway along the route to the remote host.
B. It records the time taken for a round trip for each packet at each router.
C. It is an online tool that performs polymorphic shell code attacks.
D. It generates a buffer overflow exploit by transforming an attack shell code so that the new attack shell code cannot be recognized by any Intrusion Detection Systems.
Answer: A,B Explanation: Traceroute is a route-tracing utility that displays the path an IP packet takes to reach its destination. It uses ICMP echo packets to display the Fully Qualified Domain Name (FQDN) and the IP address of each gateway along the route to the remote host. This tool also records the time taken for a round trip for each packet at each router that can be used to find any faulty router along the path. Answer: C, D are incorrect. Traceroute does not perform polymorphic shell code attacks. Attacking tools such as ADMutate areused to perform polymorphic shell code attacks.
QUESTION NO: 10
George works as an office assistant in Soft Well Inc. The company uses the Windows Vista operating system. He wants to disable a program running on a computer. Which of the following Windows Defender tools will he use to accomplish the task?
A. Allowed items
B. Quarantined items
D. Software Explorer
Answer: D Explanation:
Software Explorer is used to remove, enable, or disable a program running on a computer. Answer: A is incorrect. Allowed items contains a list of all the programs that a user has chosen not to monitor with Windows Defender. Answer: C is incorrect. Options is used to choose how Windows Defender should monitor all the programs running on a computer. Answer: B is incorrect. Quarantined items is used to remove or restore a program blocked by Windows Defender.
QUESTION NO: 11
You work as a Network Administrator for XYZ CORP. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company’s management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks: The wireless network communication should be secured. The laptop users should be able to use smart cards for getting authenticated. In order to accomplish the tasks, you take the following steps: Configure 802.1x and WEP for the wireless connections. Configure the PEAP-MS-CHAP v2 protocol for authentication. What will happen after you have taken these steps?
A. Both tasks will be accomplished.
B. The laptop users will be able to use smart cards for getting authenticated.
C. The wireless network communication will be secured.
D. None of the tasks will be accomplished.
Answer: C Explanation: As 802.1x and WEP are configured, this step will enable the secure wireless network communication. For authentication, you have configured the PEAP-MS-CHAP v2 protocol. This protocol can be used for authentication on wireless networks, but it cannot use a public key infrastructure (PKI). No certificate can be issued without a PKI. Smart cards cannot be used for authentication without certificates. Hence, the laptop users will not be able to use smart cards for getting authenticated.
QUESTION NO: 12
You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to print the super block and block the group information for the filesystem present on a system. Which of the following Unix commands can you use to accomplish the task?
Answer: C Explanation: In Unix, the dumpe2fs command dumps the filesystem superblock and blocks the group information. Answer: B is incorrect. In Unix, the dump command is used to back up an ext2 filesystem. Answer: A is incorrect. The e2fsck command is used to check the second extended file system (E2FS) of a Linux computer. Syntax: e2fsck [options] <device> Where, <device> is the file name of a mounted storage device (for example, /dev/hda1). Several options are used with the e2fsck command. Following is a list of some important options:
C:\Documents and Settings\user-nwz\Desktop\1.JPG
Answer: D is incorrect. In Unix, the e2label command is used to change the label of an ext2 filesystem.
QUESTION NO: 13
Which of the following is a wireless auditing tool that is used to pinpoint the actual physical location of wireless devices in the network?
Answer: B Explanation: Ekahau is an easy-to-use powerful and comprehensive tool for network site surveys and optimization. It is an auditing tool that can be used to pinpoint the actual physical location of wireless devices in the network. This tool can be used to make a map of the office and then perform the survey of the office. In the process, if one finds an unknown node, ekahau can be used to locate that node. Answer: D is incorrect. AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys. Answer: C is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks: To identify networks by passively collecting packets To detect standard named networks To detect masked networks To collect the presence of non-beaconing networks via data traffic Answer: A is incorrect. KisMAC is a wireless network discovery tool for Mac OS X. It has a wide range of features, similar to those of Kismet, its Linux/BSD namesake and far exceeding those of NetStumbler, its closest equivalent on Windows. The program is geared toward network security professionals, and is not as novice- friendly as similar applications. KisMAC will scan for networks passively on supported cards – including Apple’s AirPort, and AirPort Extreme, and many third-party cards, and actively on any card supported by Mac OS X itself. Cracking of WEP and WPA keys, both by brute force, and exploiting flaws such as weak scheduling and badly generated keys is supported when a card capable of monitor mode is used, and packet reinjection can be done with a supported card. GPS mapping can be performed when an NMEA compatible GPS receiver is attached. Data can also be saved in pcap format and loaded into programs such as Wireshark.
QUESTION NO: 14
Which of the following tools works both as an encryption-cracking tool and as a keylogger?
A. Magic Lantern
B. KeyGhost Keylogger
C. Alchemy Remote Executor
Answer: A Explanation: Magic Lantern works both as an encryption-cracking tool and as a keylogger. Answer: C is incorrect. Alchemy Remote Executor is a system management tool that allows Network Administrators to execute programs on remote network computers without leaving their workplace. From the hacker’s point of view, it can be useful for installing keyloggers, spyware, Trojans, Windows rootkits and such. One necessary condition for using the Alchemy Remote Executor is that the user/attacker must have the administrative passwords of the remote computers on which the malware is to be installed. Answer: B is incorrect. The KeyGhost keylogger is a hardware keylogger that is used to log all keystrokes on a computer. It is a tiny device that clips onto the keyboard cable. Once the KeyGhost keylogger is attached to the computer, it quietly logs every key pressed on the keyboard into its own internal Flash memory (just as with smart cards). When the log becomes full, it overwrites the oldest keystrokes with the newest ones. Answer: D is incorrect. SocketShield provides a protection shield to a computer system against malware, viruses, spyware, and various types of keyloggers. SocketShield provides protection at the following two levels: 1.Blocking: In this level, SocketShield uses a list of IP addresses that are known as purveyor of exploits. All http requests for any page in these domains are simply blocked. 2.Shielding: In this level, SocketShield blocks all the current and past IP addresses that are the cause of unauthorized access.
QUESTION NO: 15
You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to set some terminal characteristics and environment variables. Which of the following Unix configuration files can you use to accomplish the task?
Answer: D Explanation: In Unix, the /etc/sysconfig/init file is used to set terminal characteristics and environment variables. Answer: B is incorrect. In Unix, the /proc/net file contains status information about the network protocols. Answer: C is incorrect. In Unix, the /etc/sysconfig/network- scripts/ifcfg-interface file is the configuration file used to define a network interface. Answer: A is incorrect. In Unix, the /etc/sysconfig/routed file is used to set up the dynamic routing policies.
QUESTION NO: 16
You work as a Network Auditor for XYZ CORP. The company has a Windows-based network. While auditing the company’s network, you are facing problems in searching the faults and other entities that belong to it. Which of the following risks may occur due to the existence of these problems?
A. Residual risk
B. Inherent risk
C. Secondary risk
D. Detection risk
Answer: D Explanation: Detection risks are the risks that an auditor will not be able to find what they are looking to detect. Hence, it becomes tedious to report negative results when material conditions (faults) actually exist. Detection risk includes two types of risk: Sampling risk: This risk occurs when an auditor falsely accepts or erroneously rejects an audit sample. Nonsampling risk: This risk occurs when an auditor fails to detect a condition because of not applying the appropriate procedure or using procedures inconsistent with the audit objectives (detection faults). Answer: A is incorrect. Residual risk is the risk or danger of an action or an event, a method or a (technical) process that, although being abreast with science, still conceives these dangers, even if all theoretically possible safety measures would be applied (scientifically conceivable measures). The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). In the economic context, residual means “the quantity left over at the end of a process; a remainder”. Answer: B is incorrect. Inherent risk, in auditing, is the risk that the account or section being audited is materially misstated without considering internal controls due to error or fraud. The assessment of inherent risk depends on the professional judgment of the auditor, and it is done after assessing the business environment of the entity being audited. Answer: C is incorrect. A secondary risk is a risk that arises as a straight consequence of implementing a risk response. The secondary risk is an outcome of dealing with the original risk. Secondary risks are not as rigorous or important as primary risks, but can turn out to be so if not estimated and planned properly.
QUESTION NO: 17
Which of the following statements are true about locating rogue access points using WLAN discovery software such as NetStumbler, Kismet, or MacStumbler if you are using a Laptop integrated with Wi-Fi compliant MiniPCI card? (Choose two)
A. These tools can determine the rogue access point even when it is attached to a wired network.
B. These tools can determine the authorization status of an access point.
C. These tools cannot detect rogue access points if the victim is using data encryption.
D. These tools detect rogue access points if the victim is using IEEE 802.11 frequency bands.
Answer: B,D Explanation: WLAN discovery software such as NetStumbler, Kismet, or MacStumbler can be used to detect rogue access points if the victim is using IEEE 802 frequency bands. However, if the victim is using non-IEEE 802.11 frequency bands or unpopular modulations, these tools might not detect rogue access. NetStumbler, kismet, or MacStumbler also gives the authorization status of an access point. A Rogue access point (AP) is set up by the attackers in an Enterprise’s network. The attacker captures packets in the existing wireless LAN (WLAN) and finds the SSID and security keys (by cracking). Then the attacker sets up his own AP using the same SSID and security keys. The network clients unknowingly use this AP and the attacker captures their usernames and passwords. This can help the attacker to intrude the security and have access to the Enterprise data. Answer: A, C are incorrect. The WLAN software such as NetStumbler, Kismet, or MacStumbler can search rogue access points even when the victim is using data encryption. However, these tools cannot determine the rogue access point even when it is attached to a wired network.
QUESTION NO: 18
A Web developer with your company wants to have wireless access for contractors that come in to work on various projects. The process of getting this approved takes time. So rather than wait, he has put his own wireless router attached to one of the network ports in his department. What security risk does this present?
A. None, adding a wireless access point is a common task and not a security risk.
B. It is likely to increase network traffic and slow down network performance.
C. This circumvents network intrusion detection.
D. An unauthorized WAP is one way for hackers to get into a network.
Explanation: Any unauthorized Wireless Access Point (WAP) is a serious security breach. Its
configuration might be very unsecure. For example it might not use encryption or MAC filtering,
thus allowing anyone in range to get on the network.
QUESTION NO: 19
Which of the following allows the use of multiple virtual servers using different DNS names resolved by the same IP address?
A. HTTP 1.1
Explanation: HTTP 1.1 allows the use of multiple virtual servers, all using different DNS names resolved by the same IP address. The WWW service supports a concept called virtual server. A virtual server can be used to host multiple domain names on the same physical Web server. Using virtual servers, multiple FTP sites and Web sites can be hosted on a single computer. It means that there is no need to allocate different computers and software packages for each site. Answer: D is incorrect. VPN stands for virtual private network. It allows users to use the Internet as a secure pipeline to their corporate local area networks (LANs). Remote users can dial-in to any local Internet Service Provider (ISP) and initiate a VPN session to connect to their corporate LAN over the Internet. Companies using VPNs significantly reduce long-distance dial-up charges. VPNs also provide remote employees with an inexpensive way of remaining connected to their company’s LAN for extended periods. Answer: B is incorrect. Java is an object oriented programming language developed by Sun Microsystems. It allows the creation of platform independent executables. Java source code files are compiled into a format known as bytecode (files with .class extension). Java supports programming for the Internet in the form of Java applets. Java applets can be executed on a computer having a Java interpreter and a run-time environment known as Java Virtual Machine (JVM). Java Virtual Machines (JVMs) are available for most operating systems, including UNIX, Macintosh OS, and Windows. Answer: C is incorrect. HTML stands for Hypertext Markup Language. It is a set of markup symbols or codes used to create Web pages and define formatting specifications. The markup tells the Web browser how to display the content of the Web page.
QUESTION NO: 20
Which of the following is Microsoft’s implementation of the file and application server for the Internet and private intranets?
A. Internet Server Service (ISS)
B. Internet Server (IS)
C. WWW Server (WWWS)
D. Internet Information Server (IIS)
Answer: D Explanation: Microsoft Internet Information Server (IIS) is a WeA, Bpplication server for the Internet and private intranets. IIS receives requests from users on the network using the World Wide Web (WWW) service and transmits information using the Hypertext Transport Protocol (HTTP). IIS uses Microsoft Transaction Server (MTS) to provide security, performance, and scalability with server side packages.
QUESTION NO: 21
Which of the following encryption modes are possible in WEP?
A. 128 bit encryption
B. No encryption
C. 256 bit encryption
D. 40 bit encryption
Answer: A,B,D Explanation: WEP supports three encryption modes, i.e., no encryption, 40 bit encryption, and 128 bit encryption. Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security, which is equivalent to wired networks, for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. WEP incorporates a checksum in each frame to provide protection against the attacks that attempt to reveal the key stream. Answer: C is incorrect. WEP does not support 256 bit encryption.
QUESTION NO: 22
Which of the following responsibilities does not come under the audit process?
A. Reporting all facts and circumstances of the irregular and illegal acts.
B. Planning the IT audit engagement based on the assessed level of risk.
C. Reviewing the results of the audit procedures.
D. Applying security policies.
Answer: A,B,C Explanation: According to the standards of ISACA, an auditor should hold the following responsibilities: Planning the IT audit engagement based on an assessed level of risk. Designing audit procedures of irregular and illegal acts. Reviewing the results of the audit procedures. Assuming that acts are not isolated. Determining why the internal control system failed for that act. Conducting additional audit procedures. Evaluating the results of the expanded audit procedures. Reporting all facts and circumstances of the irregular and illegal acts. Distributing the report to the appropriate internal parties, such as managers. Answer: D is incorrect. The auditor is not responsible for applying security policies.
QUESTION NO: 23
You are responsible for a large network that has its own DNS servers. You periodically check the log to see if there are any problems. Which of the following are likely errors you might encounter in the log? (Choose three)
A. The DNS server could not create FTP socket for address [IP address of server]
B. The DNS server could not create an SMTP socket
C. Active Directory Errors
D. The DNS server could not create a Transmission Control Protocol (TCP) socket
E. The DNS server could not initialize the Remote Procedure Call (RPC) service
Answer: C,D,E Explanation: There are a number of errors one could find in a Windows Server 2003 DNS log. They are as follows: The DNS server could not create a Transmission Control Protocol. The DNS server could not open socket for address. The DNS server could not initialize the Remote Procedure Call (RPC) service. The DNS server could not bind the main datagram socket. The DNS Server service relies on Active Directory to store and retrieve information for Active Directory- integrated zones. And several active directory errors are possible. Answer: B is incorrect. DNS Servers do not create FTP connections. Answer: A is incorrect. DNS Servers do not create SMTP connections.
QUESTION NO: 24
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint. Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?
A. nmap -sS
B. nmap -sU -p
C. nmap -O -p
D. nmap -sT Explanation:
Answer: C Explanation: The nmap -O -p switch can be used to perform TCP/IP stack fingerprinting. Nmap is a free open-source utility for network exploration and security auditing. It is used to discover computers and services on a computer network, thus creating a “map” of the network. Just like many simple port scanners, Nmap is capable of discovering passive services. In addition, Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows etc. Answer: B is incorrect. The nmap -sU -p switch can be used to perform UDP port scanning. Answer: A is incorrect. The nmap -sS switch is used to perform a TCP half scan. TCP SYN scanning is also known as half-open scanning because in this a full TCP connection is never opened. Answer: D is incorrect. The nmap -sT switch is used to perform a TCP full scan.
QUESTION NO: 25
You work as a Network Administrator for XYZ CORP. The company has a Linux-based network. The company needs to provide secure network access. You have configured a firewall to prevent certain ports and applications from forwarding the packets to the company’s intranet. What does a firewall check to prevent these ports and applications from forwarding the packets to the intranet?
A. The network layer headers and the session layer port numbers
B. The application layer port numbers and the transport layer headers
C. The transport layer port numbers and the application layer headers
D. The presentation layer headers and the session layer port numbers
Answer: C Explanation:
A firewall stops delivery of packets that are not marked safe by the Network Administrator. It checks the transport layer port numbers and the application layer headers to prevent certain ports and applications from forwarding the packets to an intranet. Answer: D, A, and B are incorrect. These are not checked by a firewall.
QUESTION NO: 26
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. You want to run two programs, foo and bar. You also want to ensure that bar is executed if and only if foo has executed successfully. Which of the following command sequences will John use to accomplish the task?
A. foo; bar;
B. foo || bar;
C. foo | bar;
D. foo && bar;
Answer: D Explanation: According to the scenario, John will execute the foo && bar; command. Because of the && operator, bar will execute if and only if foo completes successfully. Answer: A is incorrect. The foo; bar; command sequence will run foo and bar in a sequential manner, but the successful completion of the first command does not matter. Answer: B is incorrect. The foo || bar; command sequence will run the bar if and only if foo fails to complete successfully. Answer: C is incorrect. In the foo | bar; command sequence, the output of the foo command will be the input for the bar command.
QUESTION NO: 27
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He is configuring the Apache Web server settings. He does not want the commands being used in the settings to be stored in the history. Which of the following commands can he use to disable history?
A. history !!
B. set +o history
C. history !N
D. set -o history
Answer: B Explanation: According to the scenario, John can use the set +o history command to disable history. Answer: D is incorrect. John cannot use the set -o history command to accomplish his task. This command is used to enable disabled history. Answer: A is incorrect. John cannot use the history !! command to accomplish his task. This command is used to see the most recently typed command. Answer: C is incorrect. John cannot use the history !N command to accomplish his task. This command is used to display the Nth history command.
QUESTION NO: 28
You are the Network Administrator for a software development company. Your company creates
various utilities and tools. You have noticed that some of the files your company creates are getting deleted from systems. When one is deleted, it seems to be deleted from all the computers on your network. Where would you first look to try and diagnose this problem?
A. Antivirus log
B. IDS log
C. System log
D. Firewall log
Explanation: Check the antivirus log and see if it is detecting your file as a virus and deleting it.
All antivirus programs have a certain rate of false positives. Since the file is being deleted from all
computers, it seems likely that your antivirus has mistakenly identified that file as a virus. Answer:
D is incorrect. The firewall log can help you identify traffic entering or leaving your network, but
won’t help with files being deleted. Answer: B is incorrect. An IDS log would help you identify
possible attacks, but this scenario is unlikely to be from an external attack. Answer: C is incorrect.
Your system log can only tell you what is happening on that individual computer.
QUESTION NO: 29
Which of the following statements about a screened host is true?
A. It facilitates a more efficient use of the Internet connection bandwidth and hides the real IP addresses of computers located behind the proxy.
B. It is a small network that lies in between the Internet and a private network.
C. It provides added security by using Internet access to deny or permit certain traffic from the Bastion Host.
D. It provides a physical connection between computers within a network.
Answer: C Explanation: A screened host provides added security by using Internet access to deny or permit certain traffic from the Bastion Host. Answer: D is incorrect. A network interface card provides a physical connection between computers within a network. Answer: B is incorrect. Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a private network. It is the boundary between the Internet and an internal network, usually a combination of firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a large enterprise network or corporate network the ability to use the Internet while still maintaining its security. Answer: A is incorrect. A proxy server facilitates a more efficient use of the Internet connection bandwidth and hides the real IP addresses of computers located behind the proxy.
QUESTION NO: 30
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He notices that UDP port 137 of the We-are-secure server is open. Assuming that the Network Administrator of We-are-secure Inc. has not changed the default port values of the services, which of the following services is running on UDP port 137?
Answer: C Explanation: NetBIOS is a Microsoft service that enables applications on different computers to communicate within a LAN. NetBIOS systems identify themselves with a 15-character unique name and use Server Message Block, which allows Remote directory, file and printer sharing, etc. The default port value of NetBIOS Name Resolution Service is 137/UDP. Answer: A is incorrect. Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port. Answer: D is incorrect. The default port of HTTPS is TCP/443. Hypertext Transfer Protocol Secure (HTTPS) protocol is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site. If a site has been made secure by using the Secure Sockets Layer (SSL) then HTTPS, instead of HTTP protocol, should be used as a protocol type in the URL. Answer: B is incorrect. TELNET is a command-line connectivity tool that starts terminal emulation with a remote host running the telnet server service. TELNET allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. The TELNET utility uses the Telnet protocol for connecting to a remote computer running the Telnet server software, to access files. It uses TCP port 23 by default.
Flydumps team use their experience and knowledge to study the examinations of past years and finally have developed the best training materials about GIAC GSNA exam. Our GIAC GSNA exam training materials are very popular among customers and this is the result of Flydumps’s expert team industrious labor. The simulation test and the answer of their research have a high quality and have 95% similarity with the true examination questions. FLYDUMPS is well worthful for you to rely on. If you use Flydumps’s training tool, you can 100% pass your first time to attend GIAC GSNA exam.