GSNA | A Review Of Tested GSNA Braindumps

NEW QUESTION 1

Which of the following processes are involved under the COBIT framework?

• A. Managing the IT workforce.
• B. Correcting all risk issues.
• C. Conducting IT risk assessments.
• D. Developing a strategic plan.

Answer: ACD

Explanation:

The Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for information technology (IT) management, which provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company. It has the following 11 processes: Developing a strategic plan. Articulating the information architecture. Finding an optimal stage between the IT and the organization's strategy. Designing the IT function to match the organization's needs. Maximizing the return of the IT investment. Communicating IT policies to the user's community. Managing the IT workforce. Obeying external regulations, laws, and contracts. Conducting IT risk assessments. Maintaining a high-quality systems-development process. Incorporating sound project-management techniques. Answer B is incorrect. Correcting all risk issues does not come under auditing processes.

NEW QUESTION 2

You work as a Java Programmer for JavaSkills Inc. You are working with the Linux operating system. Nowadays, when you start your computer, you notice that your OS is taking more time to boot than usual. You discuss this with your Network Administrator. He suggests that you mail him your Linux bootup report. Which of the following commands will you use to create the Linux bootup report?

• A. touch bootup_report.txt
• B. dmesg > bootup_report.txt
• C. dmesg | wc
• D. man touch

Answer: B

Explanation:

According to the scenario, you can use dmesg > bootup_report.txt to create the bootup file. With this command, the bootup messages will be displayed and will be redirected towards bootup_report.txt using the > command.

NEW QUESTION 3

You are the Security Consultant and have been hired to check security for a client's network. Your client has stated that he has many concerns but the most critical is the security of Web applications on their Web server. What should be your highest priority then in checking his network?

• A. Setting up a honey pot
• B. Vulnerability scanning
• C. Setting up IDS
• D. Port scanning

Answer: B

Explanation:

According to the question, you highest priority is to scan the Web applications for vulnerability.

NEW QUESTION 4

One of the sales people in your company complains that sometimes he gets a lot of unsolicited messages on his PD A. After asking a few questions, you determine that the issue only occurs in crowded areas like airports. What is the most likely problem?

• A. Spam
• B. Blue snarfing
• C. A virus
• D. Blue jacking

Answer: D

Explanation:

Blue jacking is the process of using another bluetooth device that is within range (about 30' or less) and sending unsolicited messages to the target. Answer B is incorrect. Blue snarfing is a process whereby the attacker actually takes control of the phone. Perhaps copying data or even making calls. Answer C is incorrect. A virus would not cause unsolicited messages. Adware might, but not a virus. Answer A is incorrect. Spam would not be limited to when the person was in a crowded area.

NEW QUESTION 5

You want to change the number of characters displaying on the screen while reading a txt file. However, you do not want to change the format of the txt file. Which of the following commands can be used to view (but not modify) the contents of the text file on the terminal screen at a time?

• A. cat
• B. tail
• C. less
• D. more

Answer: D

Explanation:

The more command is used to view (but not modify) the contents of a text file on the terminal screen at a time. The syntax of the more command is as follows: more [options] file_name Where,

Answer A is incorrect. The concatenate (cat) command is used to display or print the contents of a file. Syntax: cat filename For example, the following command will display the contents of the /var/log/dmesg file: cat /var/log/dmesg Note: The more command is used in conjunction with the cat command to prevent scrolling of the screen while displaying the contents of a file. Answer C is incorrect. The less command is used to view (but not change) the contents of a text file, one screen at a time. It is similar to the more command. However, it has the extended capability of allowing both forwarB, Dackward navigation through the file. Unlike most Unix text editors/viewers, less does not need to read the entire file before starting; therefore, it has faster load times with large files. The command syntax of the less command is as follows: less [options] file_name Where,

Answer B is incorrect. The tail command is used to display the last few lines of a text file or piped data.

NEW QUESTION 6

Which of the following is the most secure place to host a server that will be accessed publicly through the Internet?

• A. A DNS Zone
• B. An Intranet
• C. A stub zone
• D. A demilitarized zone (DMZ)

Answer: D

Explanation:

A demilitarized zone (DMZ) is the most secure place to host a server that will be accessed publicly through the Internet. Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a private network. It is the boundary between the Internet and an internal network, usually a combination of firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a large enterprise network or corporate network the ability to use the Internet while still maintaining its security. Answer B is incorrect. Hosting a server on the intranet for public access will not be good from a security point of view.

NEW QUESTION 7

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to fix partitions on a hard drive. Which of the following Unix commands can you use to accomplish the task?

• A. fdformat
• B. exportfs
• C. fsck
• D. fdisk

Answer: D

Explanation:

The fdisk command is a menu-based command available with Unix for hard disk configuration. This command can perform the following tasks: Delete a partition on a hard disk. Create a partition on a hard disk. Change the partition type. Display the partition table. Answer B is incorrect. In Unix, the exportfs command is used to set up filesystems to export for nfs (network file sharing). Answer A is incorrect. In Unix, the fdformat command formats a floppy disk. Answer C is incorrect. In Unix, the fsck command is used to add new blocks to a filesystem. This command must not be run on a mounted file system.

NEW QUESTION 8

Which of the following key combinations in the vi editor is used to copy the current line?

• A. dk
• B. yy
• C. d$
• D. dl

Answer: B

Explanation:

The yy key combination in the vi editor is used to copy the current line. The vi editor is an interactive, cryptic, and screen-based text editor used to create and edit a file. It operates in either Input mode or Command mode. In Input mode, the vi editor accepts a keystroke as text and displays it on the screen, whereas in Command mode, it interprets keystrokes as commands. As the vi editor is case sensitive, it interprets the same character or characters as different commands, depending upon whether the user enters a lowercase or uppercase character. When a user starts a new session with vi, he must put the editor in Input mode by pressing the "I" key. If he is not able to see the entered text on the vi editor's screen, it means that he has not put the editor in Insert mode. The user must change the editor to Input mode before entering any text so that he can see the text he has entered. Answer D is incorrect. It deletes next char on the right. Answer A is incorrect. It deletes the current line and one line above. Answer C is incorrect. It deletes from the cursor till the end of the line.

NEW QUESTION 9

You work as the Network Administrator for XYZ CORP. The company has a Unix-based
network. You want to check the status of the printer and set its state. Which of the following Unix commands can you use to accomplish the task?

• A. banner
• B. lpq
• C. lpc
• D. lpr

Answer: C

Explanation:

In Unix, the lpc command is used to check the status of the printer and set its state. Answer A is incorrect. In Unix, the banner command is used to print a large banner on the printer. Answer D is incorrect. In Unix, the lpr command is used to submit a job to the printer.
Answer B is incorrect. In Unix, the lpq command is used to show the contents of a spool directory for a given printer.

NEW QUESTION 10

Which of the following commands will you use to watch a log file /var/adm/messages while the log file is updating continuously?

• A. less -g /var/adm/messages
• B. tail /var/adm/messages
• C. cat /var/adm/messages
• D. tail -f /var/adm/messages

Answer: D

Explanation:

The tail command is used to display the last few lines of a text file or piped data. It has a special command line option -f (follow) that allows a file to be monitored. Instead of displaying the last few lines and exiting, tail displays the lines and then monitors the file. As new lines are added to the file by another process, tail updates the display. This is particularly useful for monitoring log files. The following command will display the last 10 lines of messages and append new lines to the display as new lines are added to messages: tail -f /var/adm/messages Answer B is incorrect. The tail command will display the last 10 lines (default) of the log file. Answer C is incorrect. The concatenate (cat) command is used to display or print the contents of a file. Syntax: cat filename For example, the following command will display the contents of the /var/log/dmesg file: cat /var/log/dmesg Note: The more command is used in conjunction with the cat command to prevent scrolling of the screen while displaying the contents of a file. Answer A is incorrect. The less command is used to view (but not change) the contents of a text file, one screen at a time. It is similar to the more command. However, it has the extended capability of allowing both forward and backward navigation through the file. Unlike most Unix text editors/viewers, less does not need to read the entire file before starting; therefore, it has faster load times with large files. The command syntax of the less command is as follows: less [options] file_name Where,

NEW QUESTION 11

You work as a Desktop Support Technician for XYZ CORP. The company uses a Windows-based network comprising 50 Windows XP Professional computers. You want to
include the Safe Mode with Command Prompt feature into the boot.ini file of a Windows XP Professional computer. Which of the following switches will you use?

• A. /safeboot:network /sos /bootlog /noguiboot
• B. /safeboot:minimal /sos /bootlog /noguiboot
• C. /safeboot:minimal(alternateshell) /sos /bootlog /noguiboot
• D. /safeboot:dsrepair /sos

Answer: C

Explanation:

Safe-mode boot switches are used in the Windows operating systems to use the afe-mode boot feature. To use this feature the user should press F8 during boot. These modes are available in the Boot.ini file. Users can also automate the boot process using this feature. Various switches used for various modes are given below:

NEW QUESTION 12

Web applications are accessed by communicating over TCP ports via an IP address. Choose the two most common Web Application TCP ports and their respective protocol names. (Choose two)

• A. TCP Port 443 / S-HTTP or SSL
• B. TCP Port 80 / HTTPS or SSL
• C. TCP Port 443 / HTTPS or SSL
• D. TCP Port 80 / HTTP

Answer: CD

Explanation:
The two most common Web Application TCP ports are Port 443 and Port 80. HTTPS or SSL uses TCP port 443, whereas HTTP uses TCP Port 80. Answer B is incorrect. Port 80 is used for HTTP, not HTTPS. Answer A is incorrect. S-HTTP is not the protocol name for Port 443. HTTPS or SSL is the name used for Port 443 traffic.

NEW QUESTION 13

Which of the following is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines?

• A. Warkitting
• B. War driving
• C. Wardialing
• D. Demon dialing

Answer: C

Explanation:

War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers - hackers that specialize in computer security - for password guessing. Answer A is incorrect. Warkitting is a combination of wardriving and rootkitting. In a warkitting attack, a hacker replaces the firmware of an attacked router. This allows them to control all traffic for the victim, and could even permit them to disable SSL by replacing HTML content as it is being downloaded. Warkitting was identified by Tsow, Jakobsson, Yang, and Wetzel in 2006. Their discovery indicated that 10% of the wireless routers were susceptible to WAPjacking (malicious configuring of the firmware settings, but making no modification on the firmware itself) and 4.4% of wireless routers were vulnerable to WAPkitting (subverting the router firmware). Their analysis showed that the volume of credential theft possible through Warkitting exceeded the estimates of credential theft due to phishing. Answer D is incorrect. In the computer hacking scene of the 1980s, demon dialing was a technique by which a computer is used to repeatedly dial a number (usually to a crowded modem pool) in an attempt to gain access immediately after another user had hung up. The expansion of accessible Internet service provider connectivity since that time more or less rendered the practice obsolete. The term "demon dialing" derives from the Demon Dialer product from Zoom Telephonics, Inc., a telephone device produced in the 1980s which repeatedly dialed busy telephone numbers under control of an extension phone. Answer B is incorrect. War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, one needs a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources.

NEW QUESTION 14

Which of the following features of a switch helps to protect network from MAC flood and MAC spoofing?

• A. Multi-Authentication
• B. Port security
• C. MAC Authentication Bypass
• D. Quality of Service (QoS)

Answer: B

Explanation:
If a switch has the ability to enable port security, this will help to protect network from both the MAC Flood and MAC Spoofing attacks. Answer D is incorrect. Quality of Service (QoS) feature is useful for prioritizing VOIP traffic. Switches are offering the ability to assign a device a Quality of Service (QoS) value or a rate limiting value based on the RADIUS response. Answer A is incorrect. Multi-Authentication feature is used to allow multiple devices to use a single port. Answer C is incorrect. MAC Authentication Bypass feature is used to allow the RADIUS server to specify the default VLAN/ACL for every device that doesn't authenticate by 802.1X.

NEW QUESTION 15

You work as a Network Auditor for XYZ CORP. The company has a Windows-based network. While auditing the company's network, you are facing problems in searching the faults and other entities that belong to it. Which of the following risks may occur due to the existence of these problems?

• A. Residual risk
• B. Inherent risk
• C. Secondary risk
• D. Detection risk

Answer: D

Explanation:

Detection risks are the risks that an auditor will not be able to find what they are looking to detect. Hence, it becomes tedious to report negative results when material conditions (faults) actually exist. Detection risk includes two types of risk: Sampling risk: This risk occurs when an auditor falsely accepts or erroneously rejects an audit sample. Nonsampling risk: This risk occurs when an auditor fails to detect a condition because of not applying the appropriate procedure or using procedures inconsistent with the audit objectives (detection faults). Answer A is incorrect. Residual risk is the risk or danger of an action or an event, a method or a (technical) process that, although being abreast with science, still conceives these dangers, even if all theoretically possible safety measures would be applied (scientifically conceivable measures). The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). In the economic context, residual means "the quantity left over at the end of a process; a remainder". Answer B is incorrect. Inherent risk, in auditing, is the risk that the account or section being audited is materially misstated without considering internal controls due to error or fraud. The assessment of inherent risk depends on the professional judgment of the auditor, and it is done after assessing the business environment of the entity being audited. Answer C is incorrect. A secondary risk is a risk that arises as a straight consequence of implementing a risk response. The secondary risk is an outcome of dealing with the original risk. Secondary risks are not as rigorous or important as primary risks, but can turn out to be so if not estimated and planned properly.

NEW QUESTION 16

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to make changes on a per-directory basis. Which of the following Unix configuration files can you use to accomplish the task?

• A. $HOME/.profile
• B. $HOME/Xrootenv.0
• C. $HOME/.htaccess
• D. /var/log/btmp

Answer: C

Explanation:
In Unix, the $HOME/.htaccess file provides a way to make configuration changes on a per directory basis. Answer A is incorrect. In Unix, the $HOME/.profile file contains the user's environment stuff and startup programs.
Answer B is incorrect. In Unix, the $HOME/Xrootenv.0 file contains networking and environment info. Answer D is incorrect. In Unix, the /var/log/btmp file is used to store information about failed logins.

NEW QUESTION 17

Which of the following statements about URL rewriting are true?

• A. If cookies are supported by the browser, URL rewriting will return the URL unchanged.
• B. The request.encodeRedirectURL() method is used to add a session id info to the URL and send the request to another URL.
• C. The request.encodeURL() method is used to add a session id info to the URL.
• D. URL rewriting is used in cases where cookies are not supported by the browser.

Answer: AD

Explanation:

By default, session tracking uses cookies to associate a session identifier with a unique user. URL rewriting is used in cases where cookies are not supported by the browser.

NEW QUESTION 18

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP- based network. You have configured a firewall on the network. A filter has been applied to block all the ports. You want to enable sending and receiving of emails on the network. Which of the following ports will you open? (Choose two)

• A. 25
• B. 20
• C. 80
• D. 110

Answer: AD

Explanation:
In order to enable email communication, you will have to open ports 25 and 110. Port 25 is used by SMTP to send emails. Port 110 is used by POP3 to receive emails.

NEW QUESTION 19

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP based switched network. A root bridge has been elected in the switched network. You have installed a new switch with a lower bridge ID than the existing root bridge. What will happen?

• A. The new switch starts advertising itself as the root bridge.
• B. The new switch divides the network into two broadcast domains.
• C. The new switch works as DR or BDR.
• D. The new switch blocks all advertisements.

Answer: A

Explanation:

The new switch starts advertising itself as the root bridge. It acts as it is the only bridge on the network. It has a lower Bridge ID than the existing root, so it is elected as the root bridge after the BPDUs converge and when all switches know about the new switch that it is the better choice. Answer B, C, D are incorrect. All these are not valid options, according to the given scenario.

NEW QUESTION 20

What will happen if you write the following parameters in the web.xml file?
<session-config>
<session-timeout>0</session-timeout>
</session-config>

• A. There will be no effect on the session; it will last for its default time.
• B. The session will never expire.
• C. An error will occur during execution.
• D. The session will expire immediately.

Answer: B

Explanation:

The <session-timeout> element of the deployment descriptor sets the session timeout. If the time specified for timeout is zero or negative, the session will never timeout.

NEW QUESTION 21
......