GIAC GSNA Exams, High Pass Rate GIAC GSNA Certification With New Discount

FLYDUMPS also provide you with GIAC GSNA exam sample questions, may expects the authentication of the problem about answer. FLYDUMPS also provides you with convenient GIAC GSNA exam sample questions download. FLYDUMPS GIAC GSNA exam sample questions testing engine format is a simulator of real exam. FLYDUMPS GIAC GSNA exam sample questions will have experience with the Android family and hands on experience in helping you pass GIAC GSNA exam easily. GIAC GSNA exam sample questions provides the real GIAC GSNA exam test. FLYDUMPS GIAC GSNA exam sample questions provides the exam question with verified answers that reflect the actual exam. So candidates can pass the GIAC GSNA exam for first try if they use GIAC GSNA exam sample questions.

QUESTION NO: 50
You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to see the list of the filesystems mounted automatically at startup by the mount -a command in the /etc/rc startup file. Which of the following Unix configuration files can you use to accomplish the task?
A. /etc/named.conf
B. /etc/groups
C. /etc/mtab
D. /etc/fstab
Answer: D Explanation: In Unix, the /etc/fstab file is used by system administrators to list the filesystems that are mounted automatically at startup by the mount –a command (in /etc/rc or its equivalent startup file). Answer: C is incorrect. In Unix, the /etc/mtab file contains a list of the currently mounted file systems. This is set up by the boot scripts and updated by the mount command. Answer: A is incorrect. In Unix, the /etc/named.conf file is used for domain name servers. Answer: B is incorrect. In Unix, the /etc/groups file contains passwords to let a user join a group.

QUESTION NO: 51
Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?
A. Single Loss Expectancy (SLE)
B. Annualized Rate of Occurrence (ARO)
C. Exposure Factor (EF)
D. Safeguard
Answer: B Explanation: The Annualized Rate of Occurrence (ARO) is a number that represents the estimated frequency at which a threat is expected to occur. It is calculated based upon the probability of the event occurring and the number of employees that could make that event occur. Answer: C is incorrect. The Exposure Factor (EF) represents the % of assets loss caused by a threat. The EF is required to calculate the Single Loss Expectancy (SLE). Answer: A is incorrect. The Single Loss Expectancy (SLE) is the value in dollars that is assigned to a single event. SLE = Asset Value ($) X Exposure Factor (EF) Answer: D is incorrect. Safeguard acts as a countermeasure for reducing the risk associated with a specific threat or a group of threats.
QUESTION NO: 52

An executive in your company reports odd behavior on her PDA. After investigation you discover that a trusted device is actually copying data off the PDA. The executive tells you that the behavior started shortly after accepting an e-business card from an unknown person. What type of attack is this?
A. Session Hijacking
B. Bluesnarfing
C. Privilege Escalation
D. PDA Hijacking
Answer: B Explanation: Bluesnarfing is a rare attack in which an attacker takes control of a bluetooth enabled device. One way to do this is to get your PDA to accept the attacker’s device as a trusted device.

QUESTION NO: 53
You work as the Project Engineer for XYZ CORP. The company has a Unix-based network. Your office consists of one server, seventy client computers, and one print device. You raise a request for printing a confidential page. After 30 minutes, you find that your print request job is not processed and is at the seventh position in the printer queue. You analyze that it shall take another one hour to print. You decide to remove your job from the printer queue and get your page printed outside the office. Which of the following Unix commands can you use to remove your job from the printer queue?
A. tunelp
B. pr
C. lprm
D. gs
Answer: C Explanation: The basic Unix printing commands are as follows: banner: It is used to print a large banner on a printer. lpr: It is used to submit a job to the printer. lpc: It enables one to check the status of the printer and set its state. lpq: It shows the contents of a spool directory for a given printer. lprm: It is used to remove a job from the printer queue. gs: It works as a PostScript interpreter. pr: It is used to print a file. tunelp: It is used to set various parameters for the lp device.

QUESTION NO: 54
You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to run a command that forces all the unwritten blocks in the buffer cache to be written to the disk. Which of the following Unix commands can you use to accomplish the task?
A. swapon
B. tune2fs
C. swapoff
D. sync
Answer: D Explanation: The sync command is used to flush filesystem buffers. It ensures that all disk writes have been completed before the processor is halted or rebooted. Generally, it is preferable to use reboot or halt to shut down a system, as they may perform additional actions such as resynchronizing the hardware clock and flushing internal caches before performing a final sync. Answer: B is incorrect. In Unix, the tune2fs command is used to adjust tunable filesystem parameters on the second extended filesystems. Answer: A is incorrect. In Unix, the swapon command is used to activate a swap partition. Answer: C is incorrect. In Unix, the swapoff command is used to de-activate a swap partition.

QUESTION NO: 55
You work as a Network Administrator for Infonet Inc. The company’s network has an FTP server. You want to secure the server so that only authorized users can access it. What will you do to accomplish this?
A. Disable anonymous authentication.
B. Stop the FTP service on the server.
C. Disable the network adapter on the server.
D. Enable anonymous authentication.
Answer: A Explanation: You will have to disable anonymous authentication. This will prevent unauthorized users from accessing the FTP server. Anonymous authentication (anonymous access) is a method of authentication for Websites. Using this method, a user can establish a Web connection to the IIS server without providing a username and password. Hence, this is an insecure method of authentication. This method is generally used to permit unknown users to access the Web or FTP server directories. Answer: D is incorrect. Enabling anonymous authentication will allow all the users to access the server. Answer: B is incorrect. Stopping the FTP service on the server will

prevent all the users from accessing the FTP server. Answer: C is incorrect. Disabling the network
adapter on the FTP server will disconnect the server from the network.

QUESTION NO: 56
Which of the following statements about a perimeter network are true? (Choose three)
A. It has a connection to the Internet through an external firewall and a connection to an internal network through an interior firewall.
B. It has a connection to a private network through an external firewall and a connection to an internal network through an interior firewall.
C. It is also known as a demilitarized zone or DMZ.
D. It prevents access to the internal corporate network for outside users.
Answer: A,C,D Explanation: A perimeter network, also known as a demilitarized zone or DMZ, is a small network that lies in between the Internet and a private network. It has a connection to the Internet through an external firewall and a connection to the internal network through an interior firewall. It allows outside users access to the specific servers located in the perimeter network while preventing access to the internal corporate network. Servers, routers, and switches that maintain security by preventing the internal network from being exposed on the Internet are placed in a perimeter network. A perimeter network is commonly used for deploying e-mail and Web servers for a company.

QUESTION NO: 57
John works as a Network Administrator for We-are-secure Inc. The We-are-secure server is based on Windows Server 2003. One day, while analyzing the network security, he receives an error message that Kernel32.exe is encountering a problem. Which of the following steps should John take as a countermeasure to this situation?
A. He should download the latest patches for Windows Server 2003 from the Microsoft site, so that he can repair the kernel.
B. He should restore his Windows settings.
C. He should observe the process viewer (Task Manager) to see whether any new process is running on the computer or not. If any new malicious process is running, he should kill that process.
D. He should upgrade his antivirus program.

Answer: C,D Explanation: In such a situation, when John receives an error message revealing that Kernel32.exe is encountering a problem, he needs to come to the conclusion that his antivirus program needs to be updated, because Kernel32.exe is not a Microsoft file (It is a Kernel32.DLL file.). Although such viruses normally run on stealth mode, he should examine the process viewer (Task Manager) to see whether any new process is running on the computer or not. If any new process (malicious) is running on the server, he should exterminate that process. Answer: A, B are incorrect. Since kernel.exe is not a real kernel file of Windows, there is no need to repair or download any patch for Windows Server 2003 from the Microsoft site to repair the kernel. Note: Such error messages can be received if the computer is infected with malware, such as Worm_Badtrans.b, Backdoor.G_Door, Glacier Backdoor, Win32.Badtrans.29020, etc.

QUESTION NO: 58
In addition to denying and granting access, what other services does a firewall support?
A. Network Access Translation (NAT)
B. Secondary connections
C. Control Internet access based on keyword restriction
D. Data caching
Answer: A,C,D Explanation: A firewall is a tool to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Firewalls often have network address translation (NAT) functionality. The hosts protected behind a firewall commonly have addresses in the private address range. Firewalls have such functionality to hide the true address of protected hosts. Firewalls are used by administrators to control Internet access based on keyword restriction. Some proxy firewalls can cache data so that clients can access frequently requested data from the local cache instead of using the Internet connection to request it. This is convenient for cutting down on unnecessary bandwidth consumption. Answer: B is incorrect. It is an area where a firewall faces difficulty in securing the network. It is the area where employees make alternate connections to the Internet for their personal use, resulting in useless rendering of the firewall.
QUESTION NO: 59

Which of the following are the goals of risk management? (Choose three)
A. Identifying the risk
B. Assessing the impact of potential threats
C. Finding an economic balance between the impact of the risk and the cost of the countermeasure
D. Identifying the accused
Answer: A,B,C Explanation: There are three goals of risk management as follows: Identifying the risk Assessing the impact of potential threats Finding an economic balance between the impact of the risk and the cost of the countermeasure Answer: D is incorrect. Identifying the accused does not come under the scope of risk management.

QUESTION NO: 60
Ryan wants to create an ad hoc wireless network so that he can share some important files with another employee of his company. Which of the following wireless security protocols should he choose for setting up an ad hoc wireless network?
(Choose two)
A. WPA2 -EAP
B. WPA-PSK
C. WEP
D. WPA-EAP
Answer: B,C Explanation: Ryan can either choose WEP or WPA-PSK wireless protocol to set an ad hoc wireless network. Answer: A is incorrect. WPA2-EAP cannot be chosen for an ad hoc wireless network, as it requires RADIUS (Remote Authentication Dial- In User Service) server for authentication. Answer: D is incorrect. WPA-EAP cannot be chosen for an ad hoc wireless network, as it requires RADIUS (Remote Authentication Dial-In User Service) server for authentication.
QUESTION NO: 61
Which of the following mechanisms is closely related to authorization?
A. Sending secret data such as credit card information.
B. Allowing access to a particular resource.
C. Verifying username and password.
D. Sending data so that no one can alter it on the way.
Answer: B Explanation: Authorization is a process that verifies whether a user has permission to access a Web resource. A Web server can restrict access to some of its resources to only those clients that log in using a recognized username and password. To be authorized, a user must first be authenticated. Answer: C is incorrect. Verifying username and password describes the mechanism of authentication. Authentication is the process of verifying the identity of a user. This is usually done using a user name and password. This process compares the provided user name and password with those stored in the database of an authentication server. Answer: D is incorrect. Sending data so that no one can alter it on the way describes the mechanism of data integrity. Data integrity is a mechanism that ensures that the data is not modified during transmission from source to destination. This means that the data received at the destination should be exactly the same as that sent from the source. Answer: A is incorrect. Sending secret data such as credit card information describes the mechanism of confidentiality. Confidentiality is a mechanism that ensures that only the intendeA, Duthorized recipients are able to read data. The data is so encrypted that even if an unauthorized user gets access to it, he will not get any meaning out of it.

QUESTION NO: 62
An auditor assesses the database environment before beginning the audit. This includes various key tasks that should be performed by an auditor to identify and prioritize the users, data, activities, and applications to be monitored. Which of the following tasks need to be performed by the auditor manually?
A. Classifying data risk within the database systems
B. Monitoring data changes and modifications to the database structure, permission and user changes, and data viewing activities
C. Analyzing access authority
D. Archiving, analyzing, reviewing, and reporting of audit information
Answer: A,C Explanation: The Internal Audit Association lists the following as key components of a database audit: Create an inventory of all database systems and use classifications. This should include production and test data. Keep it up-to-date. Classify data risk within the database systems. Monitoring should be prioritized for high, medium, and low risk data. Implement an access request process that requires database owners to authorize the “roles” granted to database accounts (roles as in Role Based Access and not the native database roles). Analyze access authority. Users with higher degrees of access permission should be under higher scrutiny, and any account for which access has been suspended should be monitored to ensure access is denieA, Dttempts are identified. Assess application coverage. Determine what applications have built-in controls, and prioritize database auditing accordingly. All privileged user access must have audit priority. Legacy and custom applications are the next highest priority to consider, followed by the packaged applications. Ensure technical safeguards. Make sure access controls are set properly. Audit the activities. Monitor data changes and modifications to the database structure, permission and user changes, and data viewing activities. Consider using network-based database activity monitoring appliances instead of native database audit trails. Archive, analyze, review, and report audit information. Reports to auditors and IT managers must communicate relevant audit information, which can be analyzed and reviewed to determine if corrective action is required. Organizations that must retain audit data for long-term use should archive this information with the ability to retrieve relevant data when needed. The first five steps listed are to be performed by the auditor manually. Answer: B, D are incorrect. These tasks are best achieved by using an automated solution.

With Flydumps.com complete study guide for the GIAC GSNA certification exam you will find questions and answers from previous exams as well as ones that our experts believe will be on the upcoming exams due to upgrades and new releases. This gives you the resources you actually need to pass the exam instead of just studying material without any knowledge of what might be on a test. If you want a career in the IT world, a certification is the only answer to ensure you get your dream job.

GIAC GSNA Study Guide, Free GIAC GSNA PDF Dumps With New Discount

With the help of GIAC GSNA exam sample questions, candidates can measure themselves accurately against the pass requirement, track their progress and know that they’re ready for the exam not only this if you want to know the style of the exam interface and get some other GIAC GSNA test prep help then you can use exam questions. The GIAC GSNA exam materials interface provided by this tool is actually better than the real thing.

QUESTION NO: 30
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He notices that UDP port 137 of the We-are-secure server is open. Assuming that the Network Administrator of We-are-secure Inc. has not changed the default port values of the services, which of the following services is running on UDP port 137?
A. HTTP
B. TELNET
C. NetBIOS
D. HTTPS
Answer: C Explanation: NetBIOS is a Microsoft service that enables applications on different computers to communicate within a LAN. NetBIOS systems identify themselves with a 15-character unique name and use Server Message Block, which allows Remote directory, file and printer sharing, etc. The default port value of NetBIOS Name Resolution Service is 137/UDP. Answer: A is incorrect. Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port. Answer: D is incorrect. The default port of HTTPS is TCP/443. Hypertext Transfer Protocol Secure (HTTPS) protocol is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site. If a site has been made secure by using the Secure Sockets Layer (SSL) then HTTPS, instead of HTTP protocol, should be used as a protocol type in the URL. Answer: B is incorrect. TELNET is a command-line connectivity tool that starts terminal emulation with a remote host running the telnet server service. TELNET allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. The TELNET utility uses the Telnet protocol for connecting to a remote computer running the Telnet server software, to access files. It uses TCP port 23 by default.

QUESTION NO: 31
Which of the following statements about a session are true? (Choose two)

A. The creation time can be obtained using the getSessionCreationTime() method of the HttpSession.
B. The getAttribute() method of the HttpSession interface returns a String.
C. The time for the setMaxInactiveInterval() method of the HttpSession interface is specified in seconds.
D. The isNew() method is used to identify if the session is new.
Answer: C,D Explanation: The setMaxInactiveInterval() method sets the maximum time in seconds before a session becomes invalid. The syntax of this method is as follows: public void setMaxInactiveInterval(int interval) Here, interval is specified in seconds. The isNew() method of the HttpSession interface returns true if the client does not yet know about the session, or if the client chooses not to join the session. This method throws an IllegalStateException if called on an invalidated session. Answer: B is incorrect. The getAttribute(String name) method of the HttpSession interface returns the value of the named attribute as an object. It returns a null value if no attribute with the given name is bound to the session. This method throws an IllegalStateException if it is called on an invalidated session. Answer: A is incorrect. The creation time of a session can be obtained using the getCreationTime() method of the HttpSession.

QUESTION NO: 32
Which of the following statements is true about a relational database?
A. It is difficult to extend a relational database.
B. The standard user and application program interface to a relational database is Programming Language (PL).
C. It is a collection of data items organized as a set of formally-described tables.
D. It is a set of tables containing data fitted into runtime defined categories.
Answer: C Explanation: A relational database is a collection of data items organized as a set of formally-described tables from which data can be accessed or reassembled in many different ways without having to reorganize the database tables. Answer: B is incorrect. The standard user and application program interface to a relational database is the structured query language (SQL). Answer: A is incorrect. In addition to being relatively easy to create and access, a relational database has the important advantage of being easy to extend. Answer: D is incorrect. A relational database is a set of tables containing data fitted into predefined categories. Each table (which is sometimes called a relation) contains one or more data categories in columns. Each row contains a unique instance of data for the categories defined by the columns.
QUESTION NO: 33

You work as a Network Administrator for BetaTech Inc. You have been assigned the task of designing the firewall policy for the company. Which of the following statements is unacceptable in the ‘acceptable use statement’ portion of the firewall policy?
A. The computers and their applications should be used for organizational related activities only.
B. Computers may not be left unattended with a user account still logged on.
C. Applications other than those supplied or approved by the company can be installed on any computer.
D. The installed e-mail application can only be used as the authorized e-mail service.
Answer: C Explanation: Applications other than those supplied or approved by the company shall not be installed on any computer. Answer: A, B, D are incorrect. All of these statements stand true in the ‘acceptable use statement’ portion of the firewall policy.

QUESTION NO: 34
You have recently joined as a Network Auditor in XYZ CORP. The company has a Windows- based network. You have been assigned the task to determine whether or not the company’s goal is being achieved. As an auditor, which of the following tasks should you perform before conducting the data center review? Each correct answer represents a complete solution. Choose three.
A. Review the future IT organization chart.
B. Meet with IT management to determine possible areas of concern.
C. Review the company’s IT policies and procedures.
D. Research all operating systems, software applications, and data center equipment operating within the data center.
Answer: B,C,D Explanation: The auditor should be adequately educated about the company and its critical business activities before conducting a data center review. The objective of the data center is to align data center activities with the goals of the business while maintaining the security and integrity of critical information and processes. To adequately determine if whether or not the client’s goal is being achieved, the auditor should perform the following before conducting the review: Meet with IT management to determine possible areas of concern. Review the current IT organization chart. Review job descriptions of data center employees. Research all operating systems, software applications, and data center equipment operating within the data center. Review the company’s IT policies and procedures. Evaluate the company’s IT budget and systems planning documentation. Review the data center’s disaster recovery plan. Answer: A is incorrect. An auditor should review the current organization chart. Reviewing the future organization chart would not help in finding the current threats to the organization.
QUESTION NO: 35
Patricia joins XYZ CORP., as a Web Developer. While reviewing the company’s Web site, she finds that many words including keywords are misspelled. How will this affect the Web site traffic?
A. Leave a bad impression on users.
B. Search engine relevancy may be altered.
C. Link exchange with other sites becomes difficult.
D. The domain name cannot be registered.
Answer: B Explanation: Web site traffic depends upon the number of users who are able to locate a Web site. Search engines are one of the most frequently used tools to locate Web sites. They perform searches on the basis of keywords contained in the Web pages of a Web site. Keywords are simple text strings that are associated with one or more topics of a Web page. Misspelled keywords prevent Web pages from being displayed in the search results.

QUESTION NO: 36
You work as a Network Administrator for ABC Inc. The company uses a secure wireless network. John complains to you that his computer is not working properly. What type of security audit do you need to conduct to resolve the problem?
A. Non-operational audit
B. Dependent audit
C. Independent audit
D. Operational audit
Answer: C Explanation: An independent audit is an audit that is usually conducted by external or outside resources. It is the process of reviewing detailed audit logs for the following purposes: To examine the system activities and access logs To assess the adequacy of system methods To assess the adequacy of system controls To examine compliance with established enterprise network system policies To examine compliance with established enterprise network system procedures To examine effectiveness of enabling, support, and core processes Answer: B is incorrect. It is not a valid type of security audit. Answer: D is incorrect. It is done to examine the operational and ongoing activities within a network. Answer: B is incorrect. It is not a valid type of security audit. Answer: D is incorrect. It is done to examine the operational and ongoing activities within a network. Answer: A is incorrect. It is not a valid type of security audit.
QUESTION NO: 37
You have an online video library. You want to upload a directory of movies. Since this process will take several hours, you want to ensure that the process continues even after the terminal is shut down or session is closed. What will you do to accomplish the task?
A. Use the bg command to run the process at the background.
B. Add the nohup command in front of the process.
C. Add the nohup command at the end of the process.
D. Run the process inside a GNU Screen-style screen multiplexer.
Answer: B,D Explanation: Whenever the nohup command is added in front of any command or process, it makes the command or process run even after the terminal is shut down or session is closed. All processes, except the ‘at’ and batch requests, are killed when a user logs out. If a user wants a background process to continue running even after he logs out, he must use the nohup command to submit that background command. To nohup running processes, press ctrl+z, enter “bg” and enter “disown”. The other way to accomplish the task is to run the command/process inside a GNU Screen-style screen multiplexer, and then detach the screen. GNU Screen maintains the illusion that the user is always logged in, and allows the user to reattach at any time. This has the advantage of being able to continue to interact with the program once reattached (which is impossible with nohup alone). Answer: C is incorrect. The nohup command works when it is added in front of a command. Answer: A is incorrect. The bg command cannot run the command or process after the terminal is shut down or session is closed.

QUESTION NO: 38
You work as a Web Deployer for UcTech Inc. You write the <security constraint> element for an

application in which you write the <auth-constraint> sub-element as follows: <auth-constraint> <role-name>*</role-name> </auth-constraint> Who will have access to the application?
A. Only the administrator
B. No user
C. All users
D. It depends on the application.
Answer: C Explanation: The <auth-constraint> element is a sub-element of the <security-constraint> element. It defines the roles that are allowed to access the Web resources specified by the <web-resource-collection> sub-elements. The <auth-constraint> element is written in the deployment descriptor as follows: <security-constraint> <web-resource-collection> —————- </web- resource-collection> <auth-constraint> <role-name>Administrator</role-name> </auth-constraint> </security-constraint> Writing Administrator within the <role-name> element will allow only the administrator to have access to the resource defined within the <web-resource-collection> element.

QUESTION NO: 39
You work as a Network Administrator for XYZ CORP. The company has a TCP/IP-based network environment. The network contains Cisco switches and a Cisco router. You run the following command for a router interface: show interface serial0 You get the following output: Serial0 is administratively down, line protocol is down What will be your conclusion after viewing this output?
A. There is a physical problem either with the interface or the cable attached to it.
B. The router has no power.
C. There is a problem related to encapsulation.
D. The interface is shut down.
Answer: D Explanation: According to the question, the output displays that the interface is administratively down. Administratively down means that the interface is shut down. In order to up the interface, you will have to open the interface with the no shutdown command. Answer: A is incorrect. Had there been a physical problem with the interface, the output would not have displayed “administratively down”. Instead, the output would be as follows: serial0 is down, line protocol is down Answer: B is incorrect. You cannot run this command on a router that is powered off. Answer: C is incorrect. Encapsulation has nothing to do with the output displayed in the question.
QUESTION NO: 40
Sam works as a Web Developer for McRobert Inc. He creates a Web site. He wants to include the
following table in the Web site:
He writes the following HTML code to create the table:

1.
<TABLE BORDER=”1″ WIDTH=”500″>

2.
<TR>

3.

4.

5.
</TR>

6.
<TR>

7.
<TD>

8.
</TD>

9.
<TD>

10.
</TD>

11.
<TD>

12.
</TD>

13.
</TR>

14.
<TR>

15.
<TD>

16.
</TD>

17.
<TD>

18.
</TD>

19.
<TD>

20.
</TD>

21.
</TR>

22.
</TABLE>

Which of the following tags will Sam place at lines 3 and 4 to create the table?
A. at line 3 at line 4
B. at line 3 at line 4
C. at line 4 at line
D. at line 3 at line 4
Answer: D Explanation: The tag is used to specify each cell of the table. It can be used only within a row in a table. The ROWSPAN attribute of the tag specifies the number of rows that a cell spans over in a table. Since, the first cell of the table spans over three rows, Sam will use . specifies the number of columns that the head row contains. Answer: C is incorrect. Placing the tags given in this option at lines 3 and 4 will create the following table: Answer: A, B are incorrect. There are no attributes such as SPAN and SPANWIDTH for the tag.

QUESTION NO: 41
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using the Linux operating system. He wants to use a wireless sniffer to sniff the We-are-secure network. Which of the following tools will he use to accomplish his task?
A. WEPCrack
B. Kismet
C. Snadboy’s Revelation
D. NetStumbler
Answer: B Explanation: According to the scenario, John will use Kismet. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks: To identify networks by passively collecting packets To detect standard named networks To detect masked networks
To collect the presence of non-beaconing networks via data traffic Answer: D is incorrect. NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. It detects wireless networks and marks their relative position with a GPS. Answer: A is incorrect. WEPCrack is an open source tool that breaks

IEEE 802.11 WEP secret keys. Answer: C is incorrect. Snadboy’s Revelation is not a sniffer. It is
used to see the actual password behind the asterisks.

QUESTION NO: 42
You work as a Network Administrator of a TCP/IP network. You are having DNS resolution problem. Which of the following utilities will you use to diagnose the problem?
A. PING
B. IPCONFIG
C. TRACERT
D. NSLOOKUP
Answer: D Explanation: NSLOOKUP is a tool for diagnosing and troubleshooting Domain Name System (DNS) problems. It performs its function by sending queries to the DNS server and obtaining detailed responses at the command prompt. This information can be useful for diagnosing and resolving name resolution issues, verifying whether or not the resource records are added or updated correctly in a zone, and debugging other server-related problems. This tool is installed along with the TCP/IP protocol through the Control Panel. Answer: A is incorrect. The ping command-line utility is used to test connectivity with a host on a TCP/IP-based network. This is achieved by sending out a series of packets to a specified destination host. On receiving the packets, the destination host responds with a series of replies. These replies can be used to determine whether or not the network is working properly. Answer: B is incorrect. IPCONFIG is a command-line utility used to display current TCP/IP network configuration values and update or release the Dynamic Host Configuration Protocol (DHCP) allocated leases. It is also used to display, register, or flush Domain Name System (DNS) names. Answer: C is incorrect. TRACERT is a route-tracing Windows utility that displays the path an IP packet takes to reach the destination. It shows the Fully Qualified Domain Name (FQDN) and the IP address of each gateway along the route to the remote host.

QUESTION NO: 43
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. He is working on the Linux operating system. He wants to sniff the we- are-secure network and intercept a conversation between two employees of the company through session hijacking. Which of the following tools will John use to accomplish the task?

A. IPChains
B. Tripwire
C. Hunt
D. Ethercap
Answer: C Explanation:
In such a scenario, John will use Hunt which is capable of performing both the hacking techniques, sniffing and session hijacking. Answer: D is incorrect. Ethercap is a network sniffer and packet generator. It may be an option, but John wants to do session hijacking as well. Hence, he will not use Ethercap. Answer: A is incorrect. IPChains is a firewall. Answer: B is incorrect. Tripwire is a file and directory integrity checker.
QUESTION NO: 44
In which of the following CAATs (Computer Assisted Auditing Techniques) does an auditor perform tests on computer files and databases?
A. Parallel Simulation
B. Generalized Audit Software (GAS)
C. Test Data
D. Custom Audit Software (CAS)
Answer: B Explanation: CAATs (Computer Assisted Auditing Techniques) are used to test application controls as well as perform substantive tests on sample items. Following are the types of CAATs: Generalized Audit Software (GAS): It allows the auditor to perform tests on computer files and databases. Custom Audit Software (CAS): It is generally written by auditors for specific audit tasks. CAS is necessary when the organization’s computer system is not compatible with the auditor’s GAS or when the auditor wants to conduct some testing that may not be possible with the GAS. Test Data: The auditor uses test data for testing the application controls in the client’s computer programs. The auditor includes simulated valid and invalid test data, used to test the accuracy of the computer system’s operations. This technique can be used to check data validation controls and error detection routines, processing logic controls, and arithmetic calculations, to name a few. Parallel Simulation: The auditor must construct a computer simulation that mimics the client’s production programs. Integrated Test Facility: The auditor enters test data along with actual data in a normal application run.
QUESTION NO: 45

You are concerned about an attacker being able to get into your network. You want to make sure that you are informed of any network activity that is outside normal parameters. What is the best way to do this?
A. Utilize protocol analyzers.
B. User performance monitors.
C. Implement signature based antivirus.
D. Implement an anomaly based IDS.
Answer: D Explanation: An anomaly based Intrusion Detection System will monitor the network for any activity that is outside normal parameters (i.e. an anomaly) and inform you of it. Answer: C is incorrect. Antivirus software, while important, won’t help detect the activities of intruders. Answer: B is incorrect. Performance monitors are used to measure normal network activity and look for problems such as bottlenecks. Answer: A is incorrect. A protocol analyzer does detect if a given protocol is moving over a particular network segment.

QUESTION NO: 46
Which of the following is a technique for creating Internet maps? (Choose two)
A. AS PATH Inference
B. Object Relational Mapping
C. Active Probing
D. Network Quota
Answer: A,C Explanation: There are two prominent techniques used today for creating Internet maps: Active probing: It is the first works on the data plane of the Internet and is called active probing. It is used to infer Internet topology based on router adjacencies. AS PATH Inference: It is the second works on the control plane and infers autonomous system connectivity based on BGP data.

QUESTION NO: 47
Which of the following statements are true about data aggregation?

A. A common aggregation purpose is to get more information about particular groups based on specific variables.
B. Data aggregation cannot be user-based.
C. Data aggregation is any process in which information is gathered and expressed in a summary form.
D. Online analytic processing (OLAP) is a simple type of data aggregation.
Answer: A,C,D Explanation: Data aggregation is any process in which information is gathered and expressed in a summary form, for purposes such as statistical analysis. A common aggregation purpose is to get more information about particular groups based on specific variables such as age, profession, or income. The information about such groups can then be used for Web site personalization to choose content and advertising likely to appeal to an individual belonging to one or more groups for which data has been collected. For example, a site that sells music CDs might advertise certain CDs based on the age of the user and the data aggregate for their age group. Online analytic processing (OLAP) is a simple type of data aggregation in which the marketer uses an online reporting mechanism to process the information. Answer: B is incorrect. Data aggregation can be user-based. Personal data aggregation services offer the user a single point for collection of their personal information from other Web sites. The customer uses a single master personal identification number (PIN) to give them access to their various accounts (such as those for financial institutions, airlines, book and music clubs, and so on). Performing this type of data aggregation is sometimes referred to as “screen scraping.”

QUESTION NO: 48
You have just installed a Windows 2003 server. What action should you take regarding the default shares?
A. Disable them only if this is a domain server.
B. Disable them.
C. Make them hidden shares.
D. Leave them, as they are needed for Windows Server operations.
Answer: B Explanation: Default shares should be disabled, unless they are absolutely needed. They pose a significant security risk by providing a way for an intruder to enter your machine. Answer: A is incorrect. Whether this is a domain server, a DHCP server, a file server, or database server does not change the issue with shared drives/folders. Answer: C is incorrect. They cannot be hidden. Shared folders are, by definition, not hidden but rather available to users on the network. Answer: D is incorrect. These are not necessary for Windows Server operations.
QUESTION NO: 49
Which of the following controls define the direction and behavior required for technology to function properly?
A. Detailed IS controls
B. General controls
C. Application controls
D. Pervasive IS controls
Answer: D Explanation:
Pervasive IS controls are a subset of general controls that contains some extra definitions focusing on the management of monitoring a specific technology. A pervasive order or control determines the direction and behavior required for technology to function properly. The pervasive control permeates the area by using a greater depth of control integration over a wide area of influence. Answer: B is incorrect. General controls are the parent class of controls that governs all areas of a business. An example of general controls includes the separation duties that prevent employees from writing their own paychecks and creating accurate job descriptions. General controls define the structure of an organization, establish HR policies, monitor workers and the work environment, as well as support budgeting, auditing, and reporting. Answer: A is incorrect. Detailed IS controls are controls used for manipulating the on-going tasks in an organization. Some of the specific tasks require additional detailed controls to ensure that the workers perform their job correctly. These controls refer to some specific tasks or steps to be performed such as: The way system security parameters are set. How input data is verified before being accepted into an application. How to lock a user account after unsuccessful logon attempts. How the department handles acquisitions, security, delivery, implementation, and support of IS services. Answer: C is incorrect. Application controls are embedded in programs. It constitutes the lowest subset in the control family. An activity should be filtered through the general controls, then the pervasive controls and detailed controls, before reaching the application controls level. Controls in the higher level category help in protecting the integrity of the applications and their data. The management is responsible to get applications tested prior to production through a recognized test method. The goal of this test is to provide a technical certificate that each system meets the requirement.

If you can prepare with FLYDUMPS GIAC GSNA exam questions then no need to worry about result because our product always provides the satisfactory result. Once you are through with the GIAC GSNA exam sample questions, you will remarkably enjoy the privileges of acquiring great job opportunities in your life. While talking about the GIAC GSNA test, it is hard to neglect FLYDUMPS reliability and pass ratio. We shape your skills to let you pass GIAC GSNA exam without any fear of failure.

GIAC GSNA Certification Exam, High Pass Rate GIAC GSNA Demo Free Download On Sale

FLYDUMPS Certified Professionals update its FLYDUMPS GIAC GSNA exam sample questions regularly to maintain accuracy and high quality. We have always been providing updated and accurate FLYDUMPS GIAC GSNA exam sample questions to hundreds of now successful. FLYDUMPS is the best source to prepare for your GIAC GSNA exam and help you pass this exam easily. FLYDUMPS Certified Professionals update its FLYDUMPS GIAC GSNA exam sample questions regularly to maintain accuracy and high quality. Candidates involving GIAC GSNA exam sample questions is going to be increasing together with current solutions involving Juniper goods and also using its remedies and as such the particular candidates usually are sure together with excellent work.

QUESTION NO: 1
Sarah works as a Web Developer for XYZ CORP. She is creating a Web site for her company. Sarah wants greater control over the appearance and presentation of Web pages. She wants the ability to precisely specify the display attributes and the appearance of elements on the Web pages. How will she accomplish this?
A. Use the Database Design wizard.
B. Make two templates, one for the index page and the other for all other pages.
C. Use Cascading Style Sheet (CSS).
D. Make a template and use it to create each Web page.
Answer: C Explanation: Sarah should use the Cascading Style Sheet (CSS) while creating Web pages. This will give her greater control over the appearance and presentation of the Web pages and will also enable her to precisely specify the display attributes and the appearance of elements on the Web pages.

QUESTION NO: 2
You work as a Network Administrator for XYZ CORP. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest single domain network. You have installed a Windows Server 2008 computer. You have configured auditing on this server. The client computers of the company use the Windows XP Professional operating system. You want to audit each event that is related to a user managing an account in the user database on the computer where the auditing is configured. To accomplish the task, you have enabled the Audit account management option on the server. Which of the following events can be audited by enabling this audit option?
A. Access to an Active Directory object
B. Change of password for a user account
C. Addition of a user account to a group
D. Creation of a user account
Answer: B,C,D Explanation: Audit account management is one of the nine audit settings that can be configured on a Windows computer. This option is enabled to audit each event that is related to a user managing an account in the user database on the computer where the auditing is configured. These events include the following: Creating a user account Adding a user account to a group

Renaming a user account Changing password for a user account This option is also used to audit
the changes to the domain account of the domain controllers.

QUESTION NO: 3
John works as a contract Ethical Hacker. He has recently got a project to do security checking for www.we-are-secure.com. He wants to find out the operating system of the we-are-secure server in the information gathering step. Which of the following commands will he use to accomplish the task? (Choose two)
A. nc 208.100.2.25 23
B. nmap -v -O www.we-are-secure.com
C. nc -v -n 208.100.2.25 80
D. nmap -v -O 208.100.2.25
Answer: B,D Explanation: According to the scenario, John will use “nmap -v -O 208.100.2.25” to detect the operating system of the we-are-secure server. Here, -v is used for verbose and -O is used for TCP/IP fingerprinting to guess the remote operating system. John may also use the DNS name of we-are-secure instead of using the IP address of the we-are-secure server. So, he can also use the nmap command “nmap -v -O www.we-are-secure.com “. Answer: C is incorrect. “nc -v -n
208.100.2.25 80” is a Netcat command, which is used to banner grab for getting information about the

QUESTION NO: 4
You check performance logs and note that there has been a recent dramatic increase in the amount of broadcast traffic. What is this most likely to be an indicator of?
A. Misconfigured router
B. DoS attack
C. Syn flood
D. Virus
Answer: B Explanation: There are several denial of service (DoS) attacks that specifically use broadcast traffic to flood a targeted computer. Seeing an unexplained spike in broadcast traffic could be an indicator of an attempted denial of service attack. Answer: D is incorrect. Viruses can cause an increase in network traffic, and it is possible for that to be broadcast traffic. However, a DoS attack is more likely than a virus to cause this particular problem. Answer: C is incorrect. A syn flood does not cause increased broadcast traffic. Answer: A is incorrect. A misconfigured router could possibly cause an increase in broadcast traffic. However, this a recent problem, the router is unlikely to be the issue.
QUESTION NO: 5
You run the wc -c file1.txt command. If this command displays any error message, you want to store the error message in the error.txt file. Which of the following commands will you use to accomplish the task?
A. wc -c file1.txt >>error.txt
B. wc -c file1.txt 1>error.txt
C. wc -c file1.txt 2>error.txt
D. wc -c file1.txt >error.txt
Answer: C
Explanation: According to the scenario, you will use the wc -c file1.txt 2>error.txt command to
accomplish the task. The 2> operator is an error redirector, which, while running a command,
redirects the error (if it exists) on the specified file. Answer: B, D are incorrect. The > or 1>
redirector can be used to redirect the output of the wc -c file1.txt file to the error.txt file; however,
you want to write the errors in the error.txt file, not the whole output. Answer: A is incorrect. The >>
operator will redirect the output of the command in the same manner as the > or 1> operator.
Although the >> operator will not overwrite the error.txt file, it will append the error.txt file.
QUESTION NO: 6
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He wants to forward all the kernel messages to the remote host having IP address 192.168.0.1. Which of the following changes will he perform in the syslog.conf file to accomplish the task?
A. kern.* @192.168.0.1
B. !*.* @192.168.0.1
C. !kern.* @192.168.0.1

D. *.* @192.168.0.1

Answer: A Explanation: According to the scenario, John will make the following entry in the syslog.conf file to forward all the kernel messages to the remote host having IP address 192.168.0.1: kern.* @192.168.0.1 Answer: D is incorrect. This entry will forward all the messages to the remote host having IP address 192.168.0.1. Answer: B is incorrect. This entry will not forward any message to the remote host having IP address 192.168.0.1. Answer: C is incorrect. This entry will not forward any kernel message to the remote host having IP address 192.168.0.1.

QUESTION NO: 7
John works as a Security Professional. He is assigned a project to test the security of www.we- are-secure.com. John wants to get the information of all network connections and listening ports in the numerical form. Which of the following commands will he use?
A. netstat -e
B. netstat –r
C. netstat -s
D. netstat –an
Answer: D Explanation: According to the scenario, John will use the netstat -an command to accomplish the task. The netstat -an command is used to get the information of all network connections and listening ports in the numerical form. The netstat command displays protocol-related statistics and the state of current TCP/IP connections. It is used to get information about the open connections on a computer, incoming and outgoing data, as well as the ports of remote computers to which the computer is connected. The netstat command gets all this networking information by reading the kernel routing tables in the memory. Answer: A is incorrect. The netstat -e command displays the Ethernet information. Answer: B is incorrect. The netstat -r command displays the routing table information. Answer: C is incorrect. The netstat -s command displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP.

QUESTION NO: 8
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to use Kismet as a wireless sniffer to sniff the We- are-secure network. Which of the following IEEE-based traffic can be sniffed with Kismet?

A. 802.11g
B. 802.11n
C. 802.11b
D. 802.11a
Answer: A,B,C,D Explanation: Kismet can sniff IEEE 802.11a, 802.11b, 802.11g, and 802.11n-based wireless network traffic.

QUESTION NO: 9
Which of the following statements about the traceroute utility are true?
A. It uses ICMP echo packets to display the Fully Qualified Domain Name (FQDN) and the IP address of each gateway along the route to the remote host.
B. It records the time taken for a round trip for each packet at each router.
C. It is an online tool that performs polymorphic shell code attacks.
D. It generates a buffer overflow exploit by transforming an attack shell code so that the new attack shell code cannot be recognized by any Intrusion Detection Systems.
Answer: A,B Explanation: Traceroute is a route-tracing utility that displays the path an IP packet takes to reach its destination. It uses ICMP echo packets to display the Fully Qualified Domain Name (FQDN) and the IP address of each gateway along the route to the remote host. This tool also records the time taken for a round trip for each packet at each router that can be used to find any faulty router along the path. Answer: C, D are incorrect. Traceroute does not perform polymorphic shell code attacks. Attacking tools such as ADMutate areused to perform polymorphic shell code attacks.

QUESTION NO: 10
George works as an office assistant in Soft Well Inc. The company uses the Windows Vista operating system. He wants to disable a program running on a computer. Which of the following Windows Defender tools will he use to accomplish the task?
A. Allowed items

B. Quarantined items
C. Options
D. Software Explorer
Answer: D Explanation:
Software Explorer is used to remove, enable, or disable a program running on a computer. Answer: A is incorrect. Allowed items contains a list of all the programs that a user has chosen not to monitor with Windows Defender. Answer: C is incorrect. Options is used to choose how Windows Defender should monitor all the programs running on a computer. Answer: B is incorrect. Quarantined items is used to remove or restore a program blocked by Windows Defender.
QUESTION NO: 11
You work as a Network Administrator for XYZ CORP. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company’s management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks: The wireless network communication should be secured. The laptop users should be able to use smart cards for getting authenticated. In order to accomplish the tasks, you take the following steps: Configure 802.1x and WEP for the wireless connections. Configure the PEAP-MS-CHAP v2 protocol for authentication. What will happen after you have taken these steps?
A. Both tasks will be accomplished.
B. The laptop users will be able to use smart cards for getting authenticated.
C. The wireless network communication will be secured.
D. None of the tasks will be accomplished.
Answer: C Explanation: As 802.1x and WEP are configured, this step will enable the secure wireless network communication. For authentication, you have configured the PEAP-MS-CHAP v2 protocol. This protocol can be used for authentication on wireless networks, but it cannot use a public key infrastructure (PKI). No certificate can be issued without a PKI. Smart cards cannot be used for authentication without certificates. Hence, the laptop users will not be able to use smart cards for getting authenticated.

QUESTION NO: 12
You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to print the super block and block the group information for the filesystem present on a system. Which of the following Unix commands can you use to accomplish the task?
A. e2fsck
B. dump
C. dumpe2fs
D. e2label
Answer: C Explanation: In Unix, the dumpe2fs command dumps the filesystem superblock and blocks the group information. Answer: B is incorrect. In Unix, the dump command is used to back up an ext2 filesystem. Answer: A is incorrect. The e2fsck command is used to check the second extended file system (E2FS) of a Linux computer. Syntax: e2fsck [options] <device> Where, <device> is the file name of a mounted storage device (for example, /dev/hda1). Several options are used with the e2fsck command. Following is a list of some important options:

C:\Documents and Settings\user-nwz\Desktop\1.JPG
Answer: D is incorrect. In Unix, the e2label command is used to change the label of an ext2 filesystem.

QUESTION NO: 13
Which of the following is a wireless auditing tool that is used to pinpoint the actual physical location of wireless devices in the network?
A. KisMAC
B. Ekahau
C. Kismet
D. AirSnort
Answer: B Explanation: Ekahau is an easy-to-use powerful and comprehensive tool for network site surveys and optimization. It is an auditing tool that can be used to pinpoint the actual physical location of wireless devices in the network. This tool can be used to make a map of the office and then perform the survey of the office. In the process, if one finds an unknown node, ekahau can be used to locate that node. Answer: D is incorrect. AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys. Answer: C is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks: To identify networks by passively collecting packets To detect standard named networks To detect masked networks To collect the presence of non-beaconing networks via data traffic Answer: A is incorrect. KisMAC is a wireless network discovery tool for Mac OS X. It has a wide range of features, similar to those of Kismet, its Linux/BSD namesake and far exceeding those of NetStumbler, its closest equivalent on Windows. The program is geared toward network security professionals, and is not as novice- friendly as similar applications. KisMAC will scan for networks passively on supported cards – including Apple’s AirPort, and AirPort Extreme, and many third-party cards, and actively on any card supported by Mac OS X itself. Cracking of WEP and WPA keys, both by brute force, and exploiting flaws such as weak scheduling and badly generated keys is supported when a card capable of monitor mode is used, and packet reinjection can be done with a supported card. GPS mapping can be performed when an NMEA compatible GPS receiver is attached. Data can also be saved in pcap format and loaded into programs such as Wireshark.
QUESTION NO: 14
Which of the following tools works both as an encryption-cracking tool and as a keylogger?
A. Magic Lantern
B. KeyGhost Keylogger
C. Alchemy Remote Executor
D. SocketShield
Answer: A Explanation: Magic Lantern works both as an encryption-cracking tool and as a keylogger. Answer: C is incorrect. Alchemy Remote Executor is a system management tool that allows Network Administrators to execute programs on remote network computers without leaving their workplace. From the hacker’s point of view, it can be useful for installing keyloggers, spyware, Trojans, Windows rootkits and such. One necessary condition for using the Alchemy Remote Executor is that the user/attacker must have the administrative passwords of the remote computers on which the malware is to be installed. Answer: B is incorrect. The KeyGhost keylogger is a hardware keylogger that is used to log all keystrokes on a computer. It is a tiny device that clips onto the keyboard cable. Once the KeyGhost keylogger is attached to the computer, it quietly logs every key pressed on the keyboard into its own internal Flash memory (just as with smart cards). When the log becomes full, it overwrites the oldest keystrokes with the newest ones. Answer: D is incorrect. SocketShield provides a protection shield to a computer system against malware, viruses, spyware, and various types of keyloggers. SocketShield provides protection at the following two levels: 1.Blocking: In this level, SocketShield uses a list of IP addresses that are known as purveyor of exploits. All http requests for any page in these domains are simply blocked. 2.Shielding: In this level, SocketShield blocks all the current and past IP addresses that are the cause of unauthorized access.
QUESTION NO: 15
You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to set some terminal characteristics and environment variables. Which of the following Unix configuration files can you use to accomplish the task?
A. /etc/sysconfig/routed
B. /proc/net
C. /etc/sysconfig/network-scripts/ifcfg-interface
D. /etc/sysconfig/init
Answer: D Explanation: In Unix, the /etc/sysconfig/init file is used to set terminal characteristics and environment variables. Answer: B is incorrect. In Unix, the /proc/net file contains status information about the network protocols. Answer: C is incorrect. In Unix, the /etc/sysconfig/network- scripts/ifcfg-interface file is the configuration file used to define a network interface. Answer: A is incorrect. In Unix, the /etc/sysconfig/routed file is used to set up the dynamic routing policies.

QUESTION NO: 16
You work as a Network Auditor for XYZ CORP. The company has a Windows-based network. While auditing the company’s network, you are facing problems in searching the faults and other entities that belong to it. Which of the following risks may occur due to the existence of these problems?
A. Residual risk
B. Inherent risk
C. Secondary risk

D. Detection risk
Answer: D Explanation: Detection risks are the risks that an auditor will not be able to find what they are looking to detect. Hence, it becomes tedious to report negative results when material conditions (faults) actually exist. Detection risk includes two types of risk: Sampling risk: This risk occurs when an auditor falsely accepts or erroneously rejects an audit sample. Nonsampling risk: This risk occurs when an auditor fails to detect a condition because of not applying the appropriate procedure or using procedures inconsistent with the audit objectives (detection faults). Answer: A is incorrect. Residual risk is the risk or danger of an action or an event, a method or a (technical) process that, although being abreast with science, still conceives these dangers, even if all theoretically possible safety measures would be applied (scientifically conceivable measures). The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). In the economic context, residual means “the quantity left over at the end of a process; a remainder”. Answer: B is incorrect. Inherent risk, in auditing, is the risk that the account or section being audited is materially misstated without considering internal controls due to error or fraud. The assessment of inherent risk depends on the professional judgment of the auditor, and it is done after assessing the business environment of the entity being audited. Answer: C is incorrect. A secondary risk is a risk that arises as a straight consequence of implementing a risk response. The secondary risk is an outcome of dealing with the original risk. Secondary risks are not as rigorous or important as primary risks, but can turn out to be so if not estimated and planned properly.

QUESTION NO: 17
Which of the following statements are true about locating rogue access points using WLAN discovery software such as NetStumbler, Kismet, or MacStumbler if you are using a Laptop integrated with Wi-Fi compliant MiniPCI card? (Choose two)
A. These tools can determine the rogue access point even when it is attached to a wired network.
B. These tools can determine the authorization status of an access point.
C. These tools cannot detect rogue access points if the victim is using data encryption.
D. These tools detect rogue access points if the victim is using IEEE 802.11 frequency bands.
Answer: B,D Explanation: WLAN discovery software such as NetStumbler, Kismet, or MacStumbler can be used to detect rogue access points if the victim is using IEEE 802 frequency bands. However, if the victim is using non-IEEE 802.11 frequency bands or unpopular modulations, these tools might not detect rogue access. NetStumbler, kismet, or MacStumbler also gives the authorization status of an access point. A Rogue access point (AP) is set up by the attackers in an Enterprise’s network. The attacker captures packets in the existing wireless LAN (WLAN) and finds the SSID and security keys (by cracking). Then the attacker sets up his own AP using the same SSID and security keys. The network clients unknowingly use this AP and the attacker captures their usernames and passwords. This can help the attacker to intrude the security and have access to the Enterprise data. Answer: A, C are incorrect. The WLAN software such as NetStumbler, Kismet, or MacStumbler can search rogue access points even when the victim is using data encryption. However, these tools cannot determine the rogue access point even when it is attached to a wired network.
QUESTION NO: 18
A Web developer with your company wants to have wireless access for contractors that come in to work on various projects. The process of getting this approved takes time. So rather than wait, he has put his own wireless router attached to one of the network ports in his department. What security risk does this present?
A. None, adding a wireless access point is a common task and not a security risk.
B. It is likely to increase network traffic and slow down network performance.
C. This circumvents network intrusion detection.
D. An unauthorized WAP is one way for hackers to get into a network.
Answer: D
Explanation: Any unauthorized Wireless Access Point (WAP) is a serious security breach. Its
configuration might be very unsecure. For example it might not use encryption or MAC filtering,
thus allowing anyone in range to get on the network.
QUESTION NO: 19
Which of the following allows the use of multiple virtual servers using different DNS names resolved by the same IP address?
A. HTTP 1.1
B. JAVA
C. HTML
D. VPN
Answer: A

Explanation: HTTP 1.1 allows the use of multiple virtual servers, all using different DNS names resolved by the same IP address. The WWW service supports a concept called virtual server. A virtual server can be used to host multiple domain names on the same physical Web server. Using virtual servers, multiple FTP sites and Web sites can be hosted on a single computer. It means that there is no need to allocate different computers and software packages for each site. Answer: D is incorrect. VPN stands for virtual private network. It allows users to use the Internet as a secure pipeline to their corporate local area networks (LANs). Remote users can dial-in to any local Internet Service Provider (ISP) and initiate a VPN session to connect to their corporate LAN over the Internet. Companies using VPNs significantly reduce long-distance dial-up charges. VPNs also provide remote employees with an inexpensive way of remaining connected to their company’s LAN for extended periods. Answer: B is incorrect. Java is an object oriented programming language developed by Sun Microsystems. It allows the creation of platform independent executables. Java source code files are compiled into a format known as bytecode (files with .class extension). Java supports programming for the Internet in the form of Java applets. Java applets can be executed on a computer having a Java interpreter and a run-time environment known as Java Virtual Machine (JVM). Java Virtual Machines (JVMs) are available for most operating systems, including UNIX, Macintosh OS, and Windows. Answer: C is incorrect. HTML stands for Hypertext Markup Language. It is a set of markup symbols or codes used to create Web pages and define formatting specifications. The markup tells the Web browser how to display the content of the Web page.

QUESTION NO: 20
Which of the following is Microsoft’s implementation of the file and application server for the Internet and private intranets?
A. Internet Server Service (ISS)
B. Internet Server (IS)
C. WWW Server (WWWS)
D. Internet Information Server (IIS)
Answer: D Explanation: Microsoft Internet Information Server (IIS) is a WeA, Bpplication server for the Internet and private intranets. IIS receives requests from users on the network using the World Wide Web (WWW) service and transmits information using the Hypertext Transport Protocol (HTTP). IIS uses Microsoft Transaction Server (MTS) to provide security, performance, and scalability with server side packages.
QUESTION NO: 21

Which of the following encryption modes are possible in WEP?
A. 128 bit encryption
B. No encryption
C. 256 bit encryption
D. 40 bit encryption
Answer: A,B,D Explanation: WEP supports three encryption modes, i.e., no encryption, 40 bit encryption, and 128 bit encryption. Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security, which is equivalent to wired networks, for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. WEP incorporates a checksum in each frame to provide protection against the attacks that attempt to reveal the key stream. Answer: C is incorrect. WEP does not support 256 bit encryption.

QUESTION NO: 22
Which of the following responsibilities does not come under the audit process?
A. Reporting all facts and circumstances of the irregular and illegal acts.
B. Planning the IT audit engagement based on the assessed level of risk.
C. Reviewing the results of the audit procedures.
D. Applying security policies.
Answer: A,B,C Explanation: According to the standards of ISACA, an auditor should hold the following responsibilities: Planning the IT audit engagement based on an assessed level of risk. Designing audit procedures of irregular and illegal acts. Reviewing the results of the audit procedures. Assuming that acts are not isolated. Determining why the internal control system failed for that act. Conducting additional audit procedures. Evaluating the results of the expanded audit procedures. Reporting all facts and circumstances of the irregular and illegal acts. Distributing the report to the appropriate internal parties, such as managers. Answer: D is incorrect. The auditor is not responsible for applying security policies.
QUESTION NO: 23
You are responsible for a large network that has its own DNS servers. You periodically check the log to see if there are any problems. Which of the following are likely errors you might encounter in the log? (Choose three)
A. The DNS server could not create FTP socket for address [IP address of server]
B. The DNS server could not create an SMTP socket
C. Active Directory Errors
D. The DNS server could not create a Transmission Control Protocol (TCP) socket
E. The DNS server could not initialize the Remote Procedure Call (RPC) service
Answer: C,D,E Explanation: There are a number of errors one could find in a Windows Server 2003 DNS log. They are as follows: The DNS server could not create a Transmission Control Protocol. The DNS server could not open socket for address. The DNS server could not initialize the Remote Procedure Call (RPC) service. The DNS server could not bind the main datagram socket. The DNS Server service relies on Active Directory to store and retrieve information for Active Directory- integrated zones. And several active directory errors are possible. Answer: B is incorrect. DNS Servers do not create FTP connections. Answer: A is incorrect. DNS Servers do not create SMTP connections.

QUESTION NO: 24
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint. Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?
A. nmap -sS
B. nmap -sU -p
C. nmap -O -p
D. nmap -sT Explanation:
Answer: C Explanation: The nmap -O -p switch can be used to perform TCP/IP stack fingerprinting. Nmap is a free open-source utility for network exploration and security auditing. It is used to discover computers and services on a computer network, thus creating a “map” of the network. Just like many simple port scanners, Nmap is capable of discovering passive services. In addition, Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows etc. Answer: B is incorrect. The nmap -sU -p switch can be used to perform UDP port scanning. Answer: A is incorrect. The nmap -sS switch is used to perform a TCP half scan. TCP SYN scanning is also known as half-open scanning because in this a full TCP connection is never opened. Answer: D is incorrect. The nmap -sT switch is used to perform a TCP full scan.
QUESTION NO: 25
You work as a Network Administrator for XYZ CORP. The company has a Linux-based network. The company needs to provide secure network access. You have configured a firewall to prevent certain ports and applications from forwarding the packets to the company’s intranet. What does a firewall check to prevent these ports and applications from forwarding the packets to the intranet?
A. The network layer headers and the session layer port numbers
B. The application layer port numbers and the transport layer headers
C. The transport layer port numbers and the application layer headers
D. The presentation layer headers and the session layer port numbers
Answer: C Explanation:
A firewall stops delivery of packets that are not marked safe by the Network Administrator. It checks the transport layer port numbers and the application layer headers to prevent certain ports and applications from forwarding the packets to an intranet. Answer: D, A, and B are incorrect. These are not checked by a firewall.
QUESTION NO: 26
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. You want to run two programs, foo and bar. You also want to ensure that bar is executed if and only if foo has executed successfully. Which of the following command sequences will John use to accomplish the task?

A. foo; bar;
B. foo || bar;
C. foo | bar;
D. foo && bar;
Answer: D Explanation: According to the scenario, John will execute the foo && bar; command. Because of the && operator, bar will execute if and only if foo completes successfully. Answer: A is incorrect. The foo; bar; command sequence will run foo and bar in a sequential manner, but the successful completion of the first command does not matter. Answer: B is incorrect. The foo || bar; command sequence will run the bar if and only if foo fails to complete successfully. Answer: C is incorrect. In the foo | bar; command sequence, the output of the foo command will be the input for the bar command.

QUESTION NO: 27
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He is configuring the Apache Web server settings. He does not want the commands being used in the settings to be stored in the history. Which of the following commands can he use to disable history?
A. history !!
B. set +o history
C. history !N
D. set -o history
Answer: B Explanation: According to the scenario, John can use the set +o history command to disable history. Answer: D is incorrect. John cannot use the set -o history command to accomplish his task. This command is used to enable disabled history. Answer: A is incorrect. John cannot use the history !! command to accomplish his task. This command is used to see the most recently typed command. Answer: C is incorrect. John cannot use the history !N command to accomplish his task. This command is used to display the Nth history command.

QUESTION NO: 28
You are the Network Administrator for a software development company. Your company creates

various utilities and tools. You have noticed that some of the files your company creates are getting deleted from systems. When one is deleted, it seems to be deleted from all the computers on your network. Where would you first look to try and diagnose this problem?
A. Antivirus log
B. IDS log
C. System log
D. Firewall log
Answer: A
Explanation: Check the antivirus log and see if it is detecting your file as a virus and deleting it.
All antivirus programs have a certain rate of false positives. Since the file is being deleted from all
computers, it seems likely that your antivirus has mistakenly identified that file as a virus. Answer:
D is incorrect. The firewall log can help you identify traffic entering or leaving your network, but
won’t help with files being deleted. Answer: B is incorrect. An IDS log would help you identify
possible attacks, but this scenario is unlikely to be from an external attack. Answer: C is incorrect.
Your system log can only tell you what is happening on that individual computer.
QUESTION NO: 29
Which of the following statements about a screened host is true?
A. It facilitates a more efficient use of the Internet connection bandwidth and hides the real IP addresses of computers located behind the proxy.
B. It is a small network that lies in between the Internet and a private network.
C. It provides added security by using Internet access to deny or permit certain traffic from the Bastion Host.
D. It provides a physical connection between computers within a network.
Answer: C Explanation: A screened host provides added security by using Internet access to deny or permit certain traffic from the Bastion Host. Answer: D is incorrect. A network interface card provides a physical connection between computers within a network. Answer: B is incorrect. Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a private network. It is the boundary between the Internet and an internal network, usually a combination of firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a large enterprise network or corporate network the ability to use the Internet while still maintaining its security. Answer: A is incorrect. A proxy server facilitates a more efficient use of the Internet connection bandwidth and hides the real IP addresses of computers located behind the proxy.
QUESTION NO: 30
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He notices that UDP port 137 of the We-are-secure server is open. Assuming that the Network Administrator of We-are-secure Inc. has not changed the default port values of the services, which of the following services is running on UDP port 137?
A. HTTP
B. TELNET
C. NetBIOS
D. HTTPS
Answer: C Explanation: NetBIOS is a Microsoft service that enables applications on different computers to communicate within a LAN. NetBIOS systems identify themselves with a 15-character unique name and use Server Message Block, which allows Remote directory, file and printer sharing, etc. The default port value of NetBIOS Name Resolution Service is 137/UDP. Answer: A is incorrect. Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port. Answer: D is incorrect. The default port of HTTPS is TCP/443. Hypertext Transfer Protocol Secure (HTTPS) protocol is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site. If a site has been made secure by using the Secure Sockets Layer (SSL) then HTTPS, instead of HTTP protocol, should be used as a protocol type in the URL. Answer: B is incorrect. TELNET is a command-line connectivity tool that starts terminal emulation with a remote host running the telnet server service. TELNET allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. The TELNET utility uses the Telnet protocol for connecting to a remote computer running the Telnet server software, to access files. It uses TCP port 23 by default.

Flydumps team use their experience and knowledge to study the examinations of past years and finally have developed the best training materials about GIAC GSNA exam. Our GIAC GSNA exam training materials are very popular among customers and this is the result of Flydumps’s expert team industrious labor. The simulation test and the answer of their research have a high quality and have 95% similarity with the true examination questions. FLYDUMPS is well worthful for you to rely on. If you use Flydumps’s training tool, you can 100% pass your first time to attend GIAC GSNA exam.