GSNA | Top Tips Of Avant-garde GSNA Brain Dumps

NEW QUESTION 1

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to track the system for user logins. To accomplish the task, you need to analyze the log configuration files. Which of the following Unix log configuration files can you use to accomplish the task?

• A. /var/log/messages
• B. /var/log/secure
• C. /var/spool/mail
• D. /var/log/maillog

Answer: B

Explanation:

In Unix, the /var/log/secure file is used to track the systems for user logins. Answer D is incorrect. In Unix, the /var/log/maillog file is the normal system maillog file. Answer A is incorrect. In Unix, the /var/log/messages file is the main system message log file. Answer C is incorrect. In Unix, the /var/spool/mail file is the file where mailboxes are usually stored.

NEW QUESTION 2

In which of the following is absolute size of frames expressed?

• A. Bits
• B. Percentage
• C. Inches
• D. Pixels

Answer: D

Explanation:

Absolute size of frames is expressed in pixels. Size is expressed in terms of the number of pixels in a frame. Therefore, a change in the screen area of a display device does not affect the absolute frame size of a Web page.

NEW QUESTION 3

You want to record auditing information in the SYS.AUD$ table, and also want to record SQL bind variables as well as the SQL text in the audit trail. Which of the following statements will accomplish this task?

• A. ALTER SYSTEM SET AUDIT_TRAIL = DB, XML SCOPE=SPFILE;
• B. ALTER SYSTEM SET AUDIT_TRAIL = 'DB, EXTENDED' SCOPE=SPFILE;
• C. ALTER SYSTEM SET AUDIT_TRAIL = 'DB','EXTENDED' SCOPE=SPFILE;
• D. ALTER SYSTEM SET AUDIT_TRAIL = DB, EXTENDED SCOPE=SPFILE;
• E. ALTER SYSTEM SET AUDIT_FILE_DEST = 'DB, EXTENDED' SCOPE=SPFILE;
• F. ALTER SYSTEM SET AUDIT_TRAIL = DB, EXTENDED SCOPE=BOTH;

Answer: CD

Explanation:

The initialization parameter AUDIT_TRAIL is used to specify the kind of auditing that needs to be performed, as well as the destination where it will be performed. There are three basic values for auditing that are DB, OS, and XML. Specifying DB sends all audit rows to the table SYS.AUD$, OS sends the audit rows to an operating system file, and XML sends the audit rows to an operating system file in the XML format. The location for external audit rows is specified by the AUDIT_FILE_DEST parameter. By adding the EXTENDED parameter for either DB or XML auditing, all SQL bind variables and the text of all SQL commands are included in the audit row. EXTENDED cannot be specified for OS auditing. In addition, NONE can be specified as the value for AUDIT_TRAIL, which will disable all auditing. Answer B is incorrect. DB, EXTENDED in single quotes cannot be specified when setting the AUDIT_TRAIL parameter. Answer E is incorrect. AUDIT_TRAIL must be set to specify the type of auditing. AUDIT_FILE_DEST is used to specify the operating system location for either OS or XML auditing. Answer A is incorrect. DB and XML auditing cannot be specified at the same time and the database must be restarted for the auditing change to go into effect.

NEW QUESTION 4

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

• A. Disaster recovery plan
• B. Continuity of Operations Plan
• C. Business continuity plan
• D. Contingency plan

Answer: D

Explanation:

A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and triggers for initiating planned actions. Answer A is incorrect. Disaster recovery is the process, policies, and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Answer C is incorrect. It deals with the plans and procedures that identify and prioritize the critical business functions that must be preserved. Answer B is incorrect. It includes the plans and procedures documented that ensure the continuity of critical operations during any period where normal operations are impossible.

NEW QUESTION 5

You are the Network Administrator for a software development company. Your company creates various utilities and tools. You have noticed that some of the files your company creates are getting deleted from systems. When one is deleted, it seems to be deleted from all the computers on your network. Where would you first look to try and diagnose this problem?

• A. Antivirus log
• B. IDS log
• C. System log
• D. Firewall log

Answer: A

Explanation:

Check the antivirus log and see if it is detecting your file as a virus and deleting it. All antivirus programs have a certain rate of false positives. Since the file is being deleted from all computers, it seems likely that your antivirus has mistakenly identified that file as a virus. Answer D is incorrect. The firewall log can help you identify traffic entering or leaving your network, but won't help with files being deleted. Answer B is incorrect. An IDS log would help you identify possible attacks, but this scenario is unlikely to be from an external attack. Answer C is incorrect. Your system log can only tell you what is happening on that individual computer.

NEW QUESTION 6

Mark works as the Network Administrator for XYZ CORP. The company has a Unix-based network. Mark wants to scan one of the Unix systems to detect security vulnerabilities. To accomplish this, he uses TARA as a system scanner. What can be the reasons that made Mark use TARA?

• A. It has a very specific function of seeking paths to root.
• B. It is composed mostly of bash scripts
• C. It works on a wide variety of platforms.
• D. It is very modular.

Answer: BCD

Explanation:

Tiger Analytical Research Assistant (TARA) is a set of scripts that scans a Unix system for security problems. Following are the pros and cons of using TARA. Pros:
It is open source. It is very modular. It can work on a wide variety of platforms. It is composed mostly of bash scripts; hence, it can run on any Unix platform with little difficulty. Cons: It has a very specific function of seeking paths to root. Answer A is incorrect. It is a limitation of TARA that reduces its flexibility to be used for different purposes.

NEW QUESTION 7

You are the Security Consultant and you frequently do vulnerability assessments on client computers. You want to have a standardized approach that would be applicable to all of your clients when doing a vulnerability assessment. What is the best way to do this?

• A. Utilize OVAL.
• B. Create your own standard and use it with all clients.
• C. Utilize each client's security policies when doing a vulnerability assessment for that client.
• D. Utilize the Microsoft security recommendations.

Answer: A

Explanation:

Open Vulnerability Assessment Language (OVAL) is a common language for security professionals to use when checking for the presence of vulnerabilities on computer systems. OVAL provides a baseline method for performing vulnerability assessments on local computer systems. Answer D is incorrect. While Microsoft security standards will be appropriate for many of your clients, they won't help clients using Linux, Macintosh, or Unix. They also won't give you insight into checking your firewalls or routers. Answer C is incorrect. This would not fulfill the requirement of having a standardized approach applicable to all clients. B is incorrect. This would not be the best way. You should use common industry standards, like OVAL.

NEW QUESTION 8

Which of the following statements are true about KisMAC?

• A. It scans for networks passively on supported cards.
• B. It cracks WEP and WPA keys by Rainbow attack or by dictionary attack.
• C. It is a wireless network discovery tool for Mac OS X.
• D. Data generated by KisMAC can also be saved in pcap forma
• E. \

Answer: ACD

Explanation:

KisMAC is a wireless network discovery tool for Mac OS X. It has a wide range of features, similar to those of Kismet, its Linux/BSD namesake and far exceeding those of NetStumbler, its closest equivalent on Windows. The program is geared toward network security professionals, and is not as novice-friendly as similar applications. KisMAC will scan for networks passively on supported cards - including Apple's AirPort, and AirPort Extreme, and many third-party cards, and actively on any card supported by Mac OS X itself. Cracking of WEP and WPA keys, both by brute force, and exploiting flaws
such as weak scheduling and badly generated keys is supported when a card capable of monitor mode is used, and packet reinjection can be done with a supported card. GPS mapping can be performed when an NMEA compatible GPS receiver is attached. Data can also be saved in pcap format and loaded into programs such as Wireshark.

NEW QUESTION 9

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows: Which of the following tools is John using to crack the wireless encryption keys?

• A. Cain
• B. PsPasswd
• C. Kismet
• D. AirSnort

Answer: D

Explanation:

AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys. Answer C is incorrect. Kismet is an IEEE 802.11 wireless network sniffer and intrusion detection system.

NEW QUESTION 10

An auditor assesses the database environment before beginning the audit. This includes various key tasks that should be performed by an auditor to identify and prioritize the users, data, activities, and applications to be monitored. Which of the following tasks need to be performed by the auditor manually?

• A. Classifying data risk within the database systems
• B. Monitoring data changes and modifications to the database structure, permission and user changes, and data viewing activities
• C. Analyzing access authority
• D. Archiving, analyzing, reviewing, and reporting of audit information

Answer: AC

Explanation:

The Internal Audit Association lists the following as key components of a database audit: Create an inventory of all database systems and use classifications. This should include production and test data. Keep it up-to-date. Classify data risk within the database systems. Monitoring should be prioritized for high, medium, and low risk data. Implement an access request process that requires database owners to authorize the "roles" granted to database accounts (roles as in Role Based Access and not the native database roles). Analyze access authority. Users with higher degrees of access permission should be under higher scrutiny, and any account for which access has been suspended should be monitored to ensure access is denieA, Dttempts are identified. Assess application coverage. Determine what applications have built-in controls, and prioritize database auditing accordingly. All privileged user access must have audit priority. Legacy and custom applications are the next highest priority to consider, followed by the packaged applications. Ensure technical safeguards. Make sure access controls are set properly. Audit the activities. Monitor data changes and modifications to the database structure, permission and user changes, and data viewing activities. Consider using network-based database activity monitoring appliances instead of native database audit trails. Archive, analyze, review, and report audit information. Reports to auditors and IT managers must communicate relevant audit information, which can be analyzed and reviewed to determine if corrective action is required. Organizations that must retain audit data for long-term use should archive this information with the ability to retrieve relevant data when needed. The first five steps listed are to be performed by the auditor manually. Answer B, D are incorrect. These tasks are best achieved by using an automated solution.

NEW QUESTION 11

You work as a Network Administrator for XYZ CORP. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company's management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks: The wireless network communication should be secured. The laptop users should be able to use smart cards for getting authenticated. In order to accomplish the tasks, you take the following steps: Configure 802.1x and WEP for the wireless connections. Configure the PEAP-MS-CHAP v2 protocol for authentication. What will happen after you have taken these steps?

• A. Both tasks will be accomplished.
• B. The laptop users will be able to use smart cards for getting authenticated.
• C. The wireless network communication will be secured.
• D. None of the tasks will be accomplished.

Answer: C

Explanation:

As 802.1x and WEP are configured, this step will enable the secure wireless network communication. For authentication, you have configured the PEAP-MS-CHAP v2 protocol. This protocol can be used for authentication on wireless networks, but it cannot use a public key infrastructure (PKI). No certificate can be issued without a PKI. Smart cards cannot be used for authentication without certificates. Hence, the laptop users will not be able to use smart cards for getting authenticated.

NEW QUESTION 12

You work as a Network Administrator for XYZ CORP. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory- based single forest single domain network. You have installed a Windows Server 2008 computer. You have configured auditing on this server. The client computers of the company use the Windows XP Professional operating system. You want to audit each event that is related to a user managing an account in the user database on the computer
where the auditing is configured. To accomplish the task, you have enabled the Audit account management option on the server. Which of the following events can be audited by enabling this audit option?

• A. Access to an Active Directory object
• B. Change of password for a user account
• C. Addition of a user account to a group
• D. Creation of a user account

Answer: BCD

Explanation:

Audit account management is one of the nine audit settings that can be configured on a Windows computer. This option is enabled to audit each event that is related to a user managing an account in the user database on the computer where the auditing is configured. These events include the following: Creating a user account Adding a user account to a group Renaming a user account Changing password for a user account This option is also used to audit the changes to the domain account of the domain controllers.

NEW QUESTION 13

You check performance logs and note that there has been a recent dramatic increase in the amount of broadcast traffic. What is this most likely to be an indicator of?

• A. Misconfigured router
• B. DoS attack
• C. Syn flood
• D. Virus

Answer: B

Explanation:

There are several denial of service (DoS) attacks that specifically use broadcast traffic to flood a targeted computer. Seeing an unexplained spike in broadcast traffic could be an indicator of an attempted denial of service attack. Answer D is incorrect. Viruses can cause an increase in network traffic, and it is possible for that to be broadcast traffic. However, a DoS attack is more likely than a virus to cause this particular problem. Answer C is incorrect. A syn flood does not cause increased broadcast traffic. Answer A is incorrect. A misconfigured router could possibly cause an increase in broadcast traffic. However, this a recent problem, the router is unlikely to be the issue.

NEW QUESTION 14

George works as an office assistant in Soft Well Inc. The company uses the Windows Vista operating system. He wants to disable a program running on a computer. Which of the following Windows Defender tools will he use to accomplish the task?

• A. Allowed items
• B. Quarantined items
• C. Options
• D. Software Explorer

Answer: D

Explanation:
Software Explorer is used to remove, enable, or disable a program running on a computer. Answer A is incorrect. Allowed items contains a list of all the programs that a user has chosen not to monitor with Windows Defender. Answer C is incorrect. Options is used to choose how Windows Defender should monitor all the programs running on a computer. Answer B is incorrect. Quarantined items is used to remove or restore a program blocked by Windows Defender.

NEW QUESTION 15

Which of the following commands can be used to intercept and log the Linux kernel messages?

• A. syslogd
• B. klogd
• C. sysklogd
• D. syslog-ng

Answer: BC

Explanation:

The klogd and sysklogd commands can be used to intercept and log the Linux kernel messages.

NEW QUESTION 16

You are tasked with creating an ACL to apply to Fa0/0 based on the following requirements: The ACL must be protocol specific. All traffic from host 10.10.45.2 and subnet 10.10.1.32/27 must be denied access through the router. Telnet and SSH must be denied for ALL hosts except the management host with the IP address of 10.10.0.100. This management host must not only have Telnet and SSH access, but access to any port in the TCP and UDP suite to any destination. HTTP, HTTPS, and DNS requests must be allowed for all hosts on subnets 10.10.2.0/24 and 10.10.3.0/24 to any destination. All remaining traffic must be denied. Cisco IOS applies an implied deny all at the end of an ACL. However, you must provide this configuration manually so that engineers can see hit counts on the deny all traffic when running the show ip access-lists command. Which of the following sets of commands will you choose to complete the configuration on Router A?

• A. RouterA(config)#access-list 110 deny ip host 10.10.45.2 any RouterA(config)#access-list 110 deny ip 10.10.1.32 0.0.0.31 any RouterA(config)#access-list 110 permit tcp host 10.10.0.100 any RouterA(config)#access-list 110 permit udp host 10.10.0.100 any RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 80RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 443RouterA(config)#access-list 110 permit udp 10.10.2.0 0.0.1.255 any eq 53 RouterA(config)#access-list 110 deny ip any any RouterA(config)#interface fa0/0RouterA(config-if)#ip access-group 110 out
• B. RouterA(config)#access-list 110 deny ip host 10.10.45.2 any RouterA(config)#access-list 110 deny ip 10.10.1.32 0.0.0.31 any RouterA(config)#access-list 110 permit ip host 10.10.0.100 any RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 80RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 443RouterA(config)#access-list 110 permit udp 10.10.2.0 0.0.1.255 any eq 53 RouterA(config)#access-list 110 deny ip any any RouterA(config)#interface fa0/0 RouterA(config-if)#ip access-group 110 in
• C. RouterA(config)#access-list 110 deny ip host 10.10.45.2 any RouterA(config)#access-list 110 deny ip 10.10.1.32 0.0.0.31 any RouterA(config)#access-list 110 permit tcp host 10.10.0.100 any RouterA(config)#access-list 110 permit udp host 10.10.0.100 any RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 80RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 443RouterA(config)#access-list 110 permit udp 10.10.2.0 0.0.1.255 any eq 53 RouterA(config)#access-list 110 deny ip any any RouterA(config)#interface fa0/0 RouterA(config-if)#ip access-group 110 in
• D. RouterA(config)#access-list 99 deny ip host 10.10.45.2 any RouterA(config)#access-list 99 deny ip 10.10.1.32 0.0.0.31 any RouterA(config)#access-list 99 permit tcp host 10.10.0.100 any RouterA(config)#access-list 99 permit udp host 10.10.0.100 any RouterA(config)#access-list 99 permit tcp 10.10.2.0 0.0.1.255 any eq 80RouterA(config)#access-list 99 permit tcp 10.10.2.0 0.0.1.255 any eq 443RouterA(config)#access-list 99 permit udp 10.10.2.0 0.0.1.255 any eq 53 RouterA(config)#access-list 99 deny ip any any RouterA(config)#interface fa0/0 RouterA(config-if)#ip access-group 99 in

Answer: C

Explanation:

This ACL is an extended ACL. It meets the traffic requirements and is applied to Fa0/0 in the appropriate direction of in, which matches traffic going into the interface. In addition, this ACL meets the needs for subnets 10.10.2.0/24 and 10.10.3.0/24 by applying the subnet and wildcard mask of 10.10.2.0 0.0.1.255 for the lines that apply http, https, and dns. These subnets are covered by the wildcard mask 0.0.1.255. This wildcard mask is applied to a range of hosts from 10.10.2.0 through 10.10.3.255 which covers both of the subnets required. This is handy since both subnets are next to each other in their network numbers. Note: If the network numbers were not next to each other, for example 10.10.2.0/24 and 10.10.20.0/24, then the wildcard mask of 0.0.1.255 would be incorrect. A wildcard mask of 0.0.0.255 would be required. The configuration of the ACL would then be applied using the following commands: <!-- Only the relevant commands are displayed --> RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.0.255 any eq 80
RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.0.255 any eq 443
RouterA(config)#access-list 110 permit udp 10.10.2.0 0.0.0.255 any eq 53
RouterA(config)#access-list 110 permit tcp 10.10.20.0 0.0.0.255 any eq 80
RouterA(config)#access-list 110 permit tcp 10.10.20.0 0.0.0.255 any eq 443
RouterA(config)#access-list 110 permit udp 10.10.20.0 0.0.0.255 any eq 53

NEW QUESTION 17

You work as a Network Administrator for XYZ CORP. The company has a Linux-based network. The company needs to provide secure network access. You have configured a firewall to prevent certain ports and applications from forwarding the packets to the company's intranet. What does a firewall check to prevent these ports and applications
from forwarding the packets to the intranet?

• A. The network layer headers and the session layer port numbers
• B. The application layer port numbers and the transport layer headers
• C. The transport layer port numbers and the application layer headers
• D. The presentation layer headers and the session layer port numbers

Answer: C

Explanation:
A firewall stops delivery of packets that are not marked safe by the Network Administrator. It checks the transport layer port numbers and the application layer headers to prevent certain ports and applications from forwarding the packets to an intranet. Answer D, A, and B are incorrect. These are not checked by a firewall.

NEW QUESTION 18

A sequence number is a 32-bit number ranging from 1 to 4,294,967,295. When data is sent over the network, it is broken into fragments (packets) at the source and reassembled at the destination system. Each packet contains a sequence number that is used by the destination system to reassemble the data packets in the correct order. The Initial Sequence Number of your computer is 24171311 at login time. You connect your computer to a computer having the IP address 210.213.23.21. This whole process takes three seconds. What will the value of the Initial Sequence Number be at this moment?

• A. 24171811
• B. 24619311
• C. 24171111
• D. 24171311

Answer: B

Explanation:

You took 3 seconds to establish a connection. During this time, the value of the Initial Sequence Number would become [24171311 + (1 * 64000) + (3 * 128000)], i.e., 24619311.

NEW QUESTION 19

Mark is an attacker. He wants to discover wireless LANs by listening to beacons or sending probe requests and thereby provide a launch point for further attacks. Which of the following tools can he use to accomplish the task?

• A. DStumbler
• B. Wellenreiter
• C. KisMAC
• D. Airmon-ng

Answer: ACD

Explanation:

War driving is an attack in which the attacker discovers wireless LANs by listening to beacons or sending probe requests, thereby providing a launch point for further attacks. Airmon-ng, DStumbler, KisMAC, MacStumbler, NetStumbler, Wellenreiter, and WiFiFoFum are the tools that can be used to perform a war driving attack. Answer B is incorrect. Wellenreiter is a tool that is used to perform MAC spoofing attacks.

NEW QUESTION 20

You work as a Network Administrator for XYZ CORP. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory- based single forest single domain network. You have installed a Windows Server 2008 computer as the domain controller. The client computers of the company use the Windows XP Professional operating system. When a user logs on to a client computer, it gets authenticated by the domain controller. You want to audit the logon events that would be generated on the domain controller. Which of the following audit settings do you need to configure to accomplish the task?

• A. Audit account management
• B. Audit logon events
• C. Audit directory service access
• D. Audit account logon events

Answer: D

Explanation:

'Audit account logon events' is one of the nine audit settings that can be configured on a Windows computer. This performs auditing whenever a user logs on or off from a different computer in which the computer performing the auditing is used for validating the account, for example, when a user logs on to a Windows XP Professional computer, but gets authenticated by a domain controller. The event would be generated on the domain controller, as it is actually being used for validating the user. Answer A is incorrect. Audit account management is one of the nine audit settings that can be configured on a Windows computer. This option is enabled to audit each event that is related to a user managing an account in the user database on the computer where the auditing is configured. These events include the following: Creating a user account Adding a user account to a group Renaming a user account Changing password for a user account This option is also used to audit the changes to the domain account of the domain controllers. Answer C is incorrect. The 'Audit directory service access' option is enabled to capture the events that are related to the users accessing the Active Directory object which has been configured to track user access through the System Access Control List (SACL) of the object. Answer B is incorrect. The 'Audit logon events' option is enabled to audit each event that is related to a user logging on to, logging off from, or making a network connection to the computer configured to audit logon events.

NEW QUESTION 21
......