GSNA | All About Validated GSNA Free Exam Questions

NEW QUESTION 1

Which of the following types of firewall functions at the Session layer of OSI model?

• A. Packet filtering firewall
• B. Circuit-level firewall
• C. Switch-level firewall
• D. Application-level firewall

Answer: B

Explanation:

Circuit-level firewall operates at the Session layer of the OSI model. This type of firewall regulates traffic based on whether or not a trusted connection has been established.

NEW QUESTION 2

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He begins to perform a pre-attack test before conducting an attack on the We-are-secure server. Which of the following will John perform in the pre-attack phase?

• A. Determining network range
• B. Identifying active machines
• C. Enumeration
• D. Finding open ports and applications
• E. Information gathering

Answer: ABDE

Explanation:

In the pre-attack phase, there are seven steps, which have been defined by the EC-Council, as follows: 1.Information gathering 2.Determining network range 3.Identifying active machines 4.Finding open ports and applications 5.OS fingerprinting 6.Fingerprinting services 7.Mapping the network Answer C is incorrect. In the enumeration phase, the attacker gathers information such as the network user and group names, routing tables, and Simple Network Management Protocol (SNMP) data. The techniques used in this phase are as follows: 1.Obtaining Active Directory information and identifying vulnerable user accounts 2.Discovering NetBIOS names 3.Employing Windows DNS queries 4.Establishing NULL sessions and queries

NEW QUESTION 3

You work as the Project Engineer for XYZ CORP. The company has a Unix-based network. Your office consists of one server, seventy client computers, and one print device. You raise a request for printing a confidential page. After 30 minutes, you find that your print request job is not processed and is at the seventh position in the printer queue. You analyze that it shall take another one hour to print. You decide to remove your job from the printer queue and get your page printed outside the office. Which of the following Unix commands can you use to remove your job from the printer queue?

• A. tunelp
• B. pr
• C. lprm
• D. gs

Answer: C

Explanation:

The basic Unix printing commands are as follows: banner: It is used to print a large banner on a printer. lpr: It is used to submit a job to the printer. lpc: It enables one to check the status of the printer and set its state. lpq: It shows the contents of a spool directory for a given printer. lprm: It is used to remove a job from the printer queue. gs: It works as a PostScript interpreter. pr: It is used to print a file. tunelp: It is used to set various parameters for the lp device.

NEW QUESTION 4

In which of the following scanning techniques does a scanner connect to an FTP server and request that server to start data transfer to the third system?

• A. Xmas Tree scanning
• B. TCP FIN scanning
• C. TCP SYN scanning
• D. Bounce attack scanning

Answer: D

Explanation:

In the TCP FTP proxy (bounce attack) scanning, a scanner connects to an FTP server and requests that server to start data transfer to the third system. Now, the scanner uses the PORT FTP command to declare whether or not the data transfer process is listening to the target system at the certain port number. Then the scanner uses LIST FTP command to list the current directory. This result is sent over the server. If the data transfer is successful, it is clear that the port is open. If the port is closed, the attacker receives the connection refused ICMP error message. Answer A is incorrect. Xmas Tree scanning is just the opposite of null scanning. In Xmas Tree scanning, all packets are turned on. If the target port is open, the service running on the target port discards the packets without any reply. According to RFC 793, if the port is closed, the remote system replies with the RST packet. Active monitoring of all incoming packets can help system network administrators detect an Xmas Tree scan. Answer B is incorrect. TCP FIN scanning is a type of stealth scanning, through which the attacker sends a FIN packet to the target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port will drop that packet. TCP FIN scanning is useful only for identifying ports of non Windows operating system because Windows operating systems send only RST packets irrespective of whether the port is open or closed. Answer C is incorrect. TCP SYN scanning is also known as half-open scanning because in this a full TCP connection is never opened. The steps of TCP SYN scanning are as follows: 1.The attacker sends SYN packet to the target port. 2.If the port is open, the attacker receives SYN/ACK message. 3.Now the attacker breaks the connection by sending an RST packet. 4.If the RST packet is received, it indicates that the port is closed. This type of scanning is hard to trace because the attacker never establishes a full 3-way handshake connection and most sites do not create a log of incomplete TCP connections.

NEW QUESTION 5

Which of the following firewalls inspects the actual contents of packets?

• A. Circuit-level firewall
• B. Stateful inspection firewall
• C. Packet filtering firewall
• D. Application-level firewall

Answer: D

Explanation:
The application level firewall inspects the contents of packets, rather than the source/destination or connection between the two. An Application level firewall operates at the application layer of the OSI model. Answer A is incorrect. The circuit-level firewall regulates traffic based on whether or not a trusted connection has been established. It operates at the session layer of the OSI model. Answer C is incorrect. The packet filtering firewall filters traffic based on the headers. It operates at the network layer of the OSI model. Answer B is incorrect. The stateful inspection firewall assures the connection between the two parties is valid and inspects packets from this connection to assure the packets are not malicious.

NEW QUESTION 6

You are concerned about attackers simply passing by your office, discovering your wireless network, and getting into your network via the wireless connection. Which of the following are NOT steps in securing your wireless connection? (Choose two)

• A. Hardening the server OS
• B. Using either WEP or WPA encryption
• C. MAC filtering on the router
• D. Strong password policies on workstations.
• E. Not broadcasting SSID

Answer: AD

Explanation:

Both hardening the server OS and using strong password policies on workstations are good ideas, but neither has anything to do with securing your wireless connection. Answer B is incorrect. Using WEP or WPA is one of the most basic security steps in securing your wireless.

NEW QUESTION 7

In which of the following social engineering attacks does an attacker first damage any part
of the target's equipment and then advertise himself as an authorized person who can help fix the problem.

• A. Reverse social engineering attack
• B. Impersonation attack
• C. Important user posing attack
• D. In person attack

Answer: A

Explanation:

A reverse social engineering attack is a person-to-person attack in which an attacker convinces the target that he or she has a problem or might have a certain problem in the future and that he, the attacker, is ready to help solve the problem. Reverse social engineering is performed through the following steps: An attacker first damages the target's equipment. He next advertises himself as a person of authority, ably skilled in solving that problem. In this step, he gains the trust of the target and obtains access to sensitive information.
If this reverse social engineering is performed well enough to convince the target, he often calls the attacker and asks for help. Answer B, C, D are incorrect. Person-to-Person social engineering works on the personal level. It can be classified as follows: Impersonation: In the impersonation social engineering attack, an attacker pretends to be someone else, for example, the employee's friend, a repairman, or a delivery person. In Person Attack: In this attack, the attacker just visits the organization and collects information. To accomplish such an attack, the attacker can call a victim on the phone, or might simply walk into an office and pretend to be a client or a new worker. Important User Posing: In this attack, the attacker pretends to be an important member of the organization. This attack works because there is a common belief that it is not good to question authority. Third-Party Authorization: In this attack, the attacker tries to make the victim believe that he has the approval of a third party. This works because people believe that most people are good and they are being truthful about what they are saying.

NEW QUESTION 8

Which of the following types of attack is described in the statement below? "It is a technique employed to compromise the security of network switches. In this attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table."

• A. Man-in-the-middle
• B. Blind spoofing
• C. Dictionary
• D. MAC flooding

Answer: D

Explanation:

MAC flooding is a technique employed to compromise the security of network switches. In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table. The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. A malicious user could then use a packet sniffer (such as Wireshark) running in promiscuous mode to capture sensitive data from other computers (such as unencrypted passwords, e-mail and instant messaging conversations), which would not be accessible were the switch operating normally. Answer B is incorrect. Blind spoofing is a type of IP spoofing attack. This attack occurs when the attacker is on a different subnet as the destination host. Therefore, it is more difficult to obtain correct TCP sequence number and acknowledgement number of the data frames. In blind spoofing attack, an attacker sends several packets to the target computer so that he can easily obtain sequence number of each data frame. If the attacker is successful in compromising the sequence number of the data frames, the data is successfully sent to the target computer. Answer C is incorrect. Dictionary attack is a type of password guessing attack. This type of attack uses a dictionary of common words to find out the password of a user. It can also use common words in either upper or lower case to find a password. There are many programs available on the Internet to automate and execute dictionary attacks. Answer A is incorrect. Man-in-the-middle attacks occur when an attacker successfully inserts an intermediary software or program between two communicating hosts. The intermediary software or program allows attackers to listen to and modify the communication packets passing between the two hosts. The software intercepts the communication packets and then sends the information to the receiving host. The receiving host responds to the software, presuming it to be the legitimate client.

NEW QUESTION 9

You work as a Network Administrator for ABC Inc. The company uses a secure wireless network. John complains to you that his computer is not working properly. What type of security audit do you need to conduct to resolve the problem?

• A. Non-operational audit
• B. Dependent audit
• C. Independent audit
• D. Operational audit

Answer: C

Explanation:

An independent audit is an audit that is usually conducted by external or outside resources. It is the process of reviewing detailed audit logs for the following purposes: To examine the system activities and access logs To assess the adequacy of system methods To assess the adequacy of system controls To examine compliance with established enterprise network system policies To examine compliance with established enterprise network system procedures To examine effectiveness of enabling, support, and core processes Answer B is incorrect. It is not a valid type of security audit. Answer D is incorrect. It is done to examine the operational and ongoing activities within a network. Answer B is incorrect. It is not a valid type of security audit. Answer D is incorrect. It is done to examine the operational and ongoing activities within a network. Answer A is incorrect. It is not a valid type of security audit.

NEW QUESTION 10

You work as a Network Administrator for XYZ CORP. The company has a Windows-based network. You want to configure the ACL with a Cisco router. Which of the following router prompts can you use to accomplish the task?

• A. router(config-if)#
• B. router(config)#
• C. router(config-ext-nacl)#
• D. router#

Answer: C

Explanation:

The auditor of a Cisco router should be familiar with the variety of privilege modes. The current privilege mode can be quickly identified by looking at the current router prompt. The prime modes of a Cisco router are as follows: #Nonprivileged mode: router>
#Priviledged mode: router# #Global configuration mode: router(config)# #Interface configuration mode: router(config-if)# #ACL configuration mode: router(config-ext-nacl)#
#Boot loader mode: router(boot) #Remote connectivity config mode: router(config-line)#

NEW QUESTION 11

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to run a command that forces all the unwritten blocks in the buffer cache to be written to the disk. Which of the following Unix commands can you use to accomplish the task?

• A. swapon
• B. tune2fs
• C. swapoff
• D. sync

Answer: D

Explanation:

The sync command is used to flush filesystem buffers. It ensures that all disk writes have been completed before the processor is halted or rebooted. Generally, it is preferable to use reboot or halt to shut down a system, as they may perform additional actions such as resynchronizing the hardware clock and flushing internal caches before performing a final sync. Answer B is incorrect. In Unix, the tune2fs command is used to adjust tunable filesystem parameters on the second extended filesystems. Answer A is incorrect. In Unix, the swapon command is used to activate a swap partition. Answer C is incorrect. In Unix, the swapoff command is used to de-activate a swap partition.

NEW QUESTION 12

Which of the following tools works both as an encryption-cracking tool and as a keylogger?

• A. Magic Lantern
• B. KeyGhost Keylogger
• C. Alchemy Remote Executor
• D. SocketShield

Answer: A

Explanation:

Magic Lantern works both as an encryption-cracking tool and as a keylogger. Answer C is incorrect. Alchemy Remote Executor is a system management tool that allows Network Administrators to execute programs on remote network computers without leaving their workplace. From the hacker's point of view, it can be useful for installing keyloggers, spyware, Trojans, Windows rootkits and such. One necessary condition for using the Alchemy Remote Executor is that the user/attacker must have the administrative passwords of the remote computers on which the malware is to be installed. Answer B is incorrect. The KeyGhost keylogger is a hardware keylogger that is used to log all keystrokes on a computer. It is a tiny device that clips onto the keyboard cable. Once the KeyGhost keylogger is attached to the computer, it quietly logs every key pressed on the keyboard into its own internal Flash memory (just as with smart cards). When the log becomes full, it overwrites the oldest keystrokes with the newest ones. Answer D is incorrect. SocketShield provides a protection shield to a computer system against malware, viruses, spyware, and various types of keyloggers. SocketShield provides protection at the following two levels: 1.Blocking: In this level, SocketShield uses a list of IP addresses that are known as purveyor of exploits. All http requests for any page in these domains are simply blocked. 2.Shielding: In this level, SocketShield blocks all the current and past IP addresses that are the cause of unauthorized access.

NEW QUESTION 13

Which of the following statements about system hardening are true? (Choose two)

• A. It is used for securing the computer hardware.
• B. It can be achieved by installing service packs and security updates on a regular basis.
• C. It can be achieved by locking the computer room.
• D. It is used for securing an operating system.

Answer: BD

Explanation:

System hardening is a term used for securing an operating system. It can be achieved by installing the latest service packs, removing unused protocols and services, and limiting the number of users with administrative privileges.

NEW QUESTION 14

Data access auditing is a surveillance mechanism that watches over access to all sensitive information contained within the database. What are the questions addressed in a perfect data access auditing solution?

• A. Who accessed the data?
• B. When was the data accessed?
• C. For whom was the data accessed?
• D. What was the SQL query that accessed the data?

Answer: ABD

Explanation:

The perfect data access auditing solution would address the following six questions: 1.Who accessed the data? 2.When was the data accessed? 3.Which computer program or client software was used to access the data? 4.From what location on the network was the data accessed? 5.What was the SQL query that accessed the data? 6.Was access to the data successfully done; and if so, how many rows of data were retrieved? Answer C is incorrect. In the perfect data access auditing solution, it cannot be determined for whom the data is being accessed. Only the person accessing the data can be identified.

NEW QUESTION 15

Which of the following tools is used for port scanning?

• A. L0phtcrack
• B. NSLOOKUP
• C. NETSH
• D. Nmap

Answer: D

Explanation:

The nmap utility, also commonly known as port scanner, is used to view the open ports on a Linux computer. It is used by administrators to determine which services are available for external users. This utility helps administrators in deciding whether to disable the services that are not being used in order to minimize any security risk. Answer B is incorrect. NSLOOKUP is a tool for diagnosing and troubleshooting Domain Name System (DNS) problems. It performs its function by sending queries to the DNS server and obtaining detailed responses at the command prompt. This information can be useful for diagnosing and resolving name resolution issues, verifying whether or not the resource records are added or updated correctly in a zone, and debugging other server-related problems. This tool is installed along with the TCP/IP protocol through the Control Panel. Answer C is incorrect. NETSH is a command line tool to configure TCP/IP settings such as the IP address, Subnet Mask, Default Gateway, DNS, WINS addresses, etc. Answer A is incorrect. L0phtcrack is a tool which identifies and remediate security vulnerabilities that result from the use of weak or easily guessed passwords. It recovers Windows and Unix account passwords to access user and administrator accounts.

NEW QUESTION 16

You work as a professional Ethical Hacker. You are assigned a project to test the security of www.we-are-secure.com. You are working on the Windows Server 2003 operating system. You suspect that your friend has installed the keyghost keylogger onto your computer. Which of the following countermeasures would you employ in such a situation?

• A. Use commercially available anti-keyloggers such as PrivacyKeyboard.
• B. Use on-screen keyboards and speech-to-text conversion software which can also be useful against keyloggers, as there are no typing or mouse movements involved.
• C. Remove the SNMP agent or disable the SNMP service.
• D. Monitor the programs running on the server to see whether any new process is runningon the server or not.

Answer: ABD

Explanation:

It is very hard to detect a keylogger's activity. Hence, a Network Administrator should take the following steps as countermeasures against software keyloggers: Actively monitor the programs running on the server. Monitor the network whenever an application attempts to make a network connection. Use commercially available anti-keyloggers, such as PrivacyKeyboard. Update one's antivirus regularly. Use on-screen keyboards and speech-to-text conversion software which can also be useful against keyloggers, as there are no typing or mouse movements involved.
Answer C is incorrect. An SNMP service is not used for keystroke logging. Hence, removing an SNMP agent may be a valid option if, and only if, the server is vulnerable to SNMP enumeration.

NEW QUESTION 17

John works as a contract Ethical Hacker. He has recently got a project to do security checking for www.we-are-secure.com. He wants to find out the operating system of the we- are-secure server in the information gathering step. Which of the following commands will he use to accomplish the task? (Choose two)

• A. nc 208.100.2.25 23
• B. nmap -v -O www.we-are-secure.com
• C. nc -v -n 208.100.2.25 80
• D. nmap -v -O 208.100.2.25

Answer: BD

Explanation:

According to the scenario, John will use "nmap -v -O 208.100.2.25" to detect the operating system of the we-are-secure server. Here, -v is used for verbose and -O is used for TCP/IP fingerprinting to guess the remote operating system. John may also use the DNS name of we-are-secure instead of using the IP address of the we-are-secure server. So, he can also use the nmap command "nmap -v -O www.we-are-secure.com ". Answer C is incorrect. "nc -v -n 208.100.2.25 80" is a Netcat command, which is used to banner grab for getting information about the

NEW QUESTION 18

You work as a Security Administrator in Tech Perfect Inc. The company has a TCP/IP based network. The network has a vast majority of Cisco Systems routers and Cisco network switches. You have mplemented four VPN connections in the network. You use the Cisco IOS on the network. Which feature will you enable to maintain a separate routing and forwarding table for each VPN?

• A. Intrusion Prevention System
• B. VRF-aware firewall
• C. Virtual Private Network
• D. Stateful firewall

Answer: B

Explanation:

In this scenario, the company's network has a vast majority of Cisco Systems routers and Cisco network switches. The security administrator of the company has implemented four VPN connections in the network and uses the Cisco IOS on the network. He needs to maintain a separate routing and forwarding table for each VPN in order to provide more secure communication. To accomplish this task, he should enable the VRF- aware firewall feature on the Cisco IOS routers.

NEW QUESTION 19

Which of the following functions are performed by methods of the HttpSessionActivationListener interface?

• A. Notifying an attribute that a session has just migrated from one JVM to another.
• B. Notifying the object when it is unbound from a session.
• C. Notifying the object when it is bound to a session.
• D. Notifying an attribute that a session is about to migrate from one JVM to another.

Answer: AD

Explanation:

The HttpSessionActivationListener interface notifies an attribute that the session is about to be activated or passivated. Methods of this interface are as follows: public void sessionDidActivate(HttpSessionEvent session): It notifies the attribute that the session has just been moved to a different JVM. public void sessionWillPassivate(HttpSessionEvent se): It notifies the attribute that the session is about to move to a different JVM. Answer B, C are incorrect. These functions are performed by the HttpSessionBindingListener interface. The HttpSessionBindingListener interface causes an object of the implementing class to be notified when it is added to or removed from a session. The HttpSessionBindingListener interface has the following methods: public void valueBound(event): This method takes an object of type HttpSessionBindingEvent as an argument. It notifies the object when it is bound to a session. public void valueUnbound(HttpSessionBindingEvent event): This method takes an object of type HttpSessionBindingEvent as an argument. It notifies the object when it is unbound from a session.

NEW QUESTION 20

Which of the following services are provided by the proxy servers?

• A. Intrusion detection
• B. Logging
• C. Hiding network resources
• D. Caching

Answer: BCD

Explanation:

A proxy server is a very important element for firewall applications. The services that it provides are as follows: Hide network resources: Proxy replaces the network IP address with a single IP address. Multiple systems can use a single IP address. Logging: A proxy server can log incoming and outgoing access, allowing a user to see every possible details of successful and failed connections. Cache: A proxy server can save information obtained from the Internet. It regularly updates these copies and automatically shows these pages, and will thus not need to access the Internet to view them.

NEW QUESTION 21
......