GSNA | What Printable GSNA Real Exam Is

NEW QUESTION 1

Which of the following commands can be used to format text files?

• A. wc
• B. ps
• C. tail
• D. pr

Answer: D

Explanation:

The pr command is used to format text files according to the specified options. This command is usually used to paginate or columnate files for printing. Answer B is incorrect. The ps command reports the status of processes that are currently running on a Linux computer. Answer A is incorrect. The wc command is used to count the number of bytes, words, and lines in a given file or in the list of files. Answer C is incorrect. The tail command is used to display the last few lines of a text file or piped data.

NEW QUESTION 2

You work as a Network Administrator for BetaTech Inc. You have been assigned the task of designing the firewall policy for the company. Which of the following statements is unacceptable in the 'acceptable use statement' portion of the firewall policy?

• A. The computers and their applications should be used for organizational related activities only.
• B. Computers may not be left unattended with a user account still logged on.
• C. Applications other than those supplied or approved by the company can be installed on any computer.
• D. The installed e-mail application can only be used as the authorized e-mail service.

Answer: C

Explanation:

Applications other than those supplied or approved by the company shall not be installed on any computer. Answer A, B, D are incorrect. All of these statements stand true in the 'acceptable use statement' portion of the firewall policy.

NEW QUESTION 3

You work as a Network Administrator for XYZ CORP. The company has a Windows-based network. You have been assigned the task to design the authentication system for the remote users of the company. For security purposes, you want to issue security tokens to the remote users. The token should work on the one-time password principle and so once used, the next password gets generated. Which of the following security tokens should you issue to accomplish the task?

• A. Virtual tokens
• B. Event-based tokens
• C. Bluetooth tokens
• D. Single sign-on software tokens

Answer: B

Explanation:

An event-based token, by its nature, has a long life span. They work on the one-time password principle and so once used, the next password is generated. Often the user has a button to press to receive this new code via either a token or via an SMS message. All CRYPTOCard's tokens are event-based rather than time-based. Answer C is incorrect. Bluetooth tokens are often combined with a USB token, and hence work in both a connecteA, D disconnected state. Bluetooth authentication works when closer than 32 feet (10 meters). If the Bluetooth is not available, the token must be inserted into a USB input device to function. Answer A is incorrect. Virtual tokens are a new concept in multi-factor authentication first introduced in 2005 by security company Sestus. Virtual tokens work by sharing the token generation process between the Internet website and the user's computer and have the advantage of not requiring the distribution of additional hardware or software. In addition, since the user's device is communicating directly with the authenticating website, the solution is resistant to man-in-the-middle attacks and similar forms of online fraud. Answer D is incorrect. Single sign-on software tokens are used by the multiple, related, but independent software systems. Some types of single sign-on (SSO) solutions, like enterprise single sign-on, use this token to store software that allows for seamless authentication and password filling. As the passwords are stored on the token, users need not remember their passwords and therefore can select more secure passwords, or have more secure passwords assigned.

NEW QUESTION 4

You work as an IT Technician for XYZ CORP. You have to take security measures for the wireless network of the company. You want to prevent other computers from accessing the company's wireless network. On the basis of the hardware address, which of the following will you use as the best possible method to accomplish the task?

• A. RAS
• B. MAC Filtering
• C. SSID
• D. WEP

Answer: B

Explanation:

MAC filtering is a security access control technique that allows specific network devices to access, or prevents them from accessing, the network. MAC filtering can also be used on a wireless network to prevent certain network devices from accessing the wireless network. MAC addresses are allocated only to hardware devices, not to persons.

NEW QUESTION 5

Sam works as a Network Administrator for Blue Well Inc. All client computers in the company run the Windows Vista operating. Sam creates a new user account. He wants to create a temporary password for the new user such that the user is forced to change his password when he logs on for the first time. Which of the following options will he choose to accomplish the task?

• A. User cannot change password
• B. Delete temporary password at next logon
• C. User must change password at next logon
• D. Password never expires

Answer: C

Explanation:
Enabling the user must change password at next logon option will make the given password a temporary password. Enabling this option forces a user to change his existing password at next logon. Answer B is incorrect. There is no such option in Windows Vist Answer D is incorrect. This option sets the password to never expire. Answer A is incorrect. This option sets the existing password as a permanent password for the user. Only administrators can change the password of the user.

NEW QUESTION 6

John works as a Network Administrator for We-are-secure Inc. The We-are-secure server is based on Windows Server 2003. One day, while analyzing the network security, he receives an error message that Kernel32.exe is encountering a problem. Which of the following steps should John take as a countermeasure to this situation?

• A. He should download the latest patches for Windows Server 2003 from the Microsoft site, so that he can repair the kernel.
• B. He should restore his Windows settings.
• C. He should observe the process viewer (Task Manager) to see whether any new process is running on the computer or no
• D. If any new malicious process is running, he should kill that process.
• E. He should upgrade his antivirus program.

Answer: CD

Explanation:

In such a situation, when John receives an error message revealing that Kernel32.exe is encountering a problem, he needs to come to the conclusion that his antivirus program needs to be updated, because Kernel32.exe is not a Microsoft file (It is a Kernel32.DLL file.). Although such viruses normally run on stealth mode, he should examine the process viewer (Task Manager) to see whether any new process is running on the computer or not. If any new process (malicious) is running on the server, he should exterminate that process. Answer A, B are incorrect. Since kernel.exe is not a real kernel file of Windows, there is no need to repair or download any patch for Windows Server 2003 from the Microsoft site to repair the kernel. Note: Such error messages can be received if the computer is infected with malware, such as Worm_Badtrans.b, Backdoor.G_Door, Glacier Backdoor, Win32.Badtrans.29020, etc.

NEW QUESTION 7

You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the
forest is Windows Server 2003. The company has recently provided laptops to its sales team members. You have configured access points in the network to enable a wireless network. The company's security policy states that all users using laptops must use smart cards for authentication. Which of the following authentication techniques will you use to implement the security policy of the company?

• A. IEEE 802.1X using EAP-TLS
• B. IEEE 802.1X using PEAP-MS-CHAP
• C. Pre-shared key
• D. Open system

Answer: A

Explanation:

In order to ensure that the laptop users use smart cards for authentication, you will have to configure IEEE 802.1X authentication using the EAP-TLS protocol on the network.

NEW QUESTION 8

You work as a Network Auditor for XYZ CORP. The company has a Windows-based network. You use DumpSec as an auditing and reporting program for security issues. Which of the following statements is true about DumpSec? (Choose three)

• A. It obtains the DACLs for the registry.
• B. It dumps user and group information.
• C. It collates the DACLs for the file system.
• D. It kills the running services in the Windows environment.

Answer: ABC

Explanation:
DumpSec, a program launched by Somarsoft, is a security auditing and reporting program for Microsoft Windows. It collates and obtains the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers, and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group, and replication information, policies, as well as services (Win32) and kernel drivers loaded on the system. It can also report the current status of services (running or stopped) in the Windows environment. Answer D is incorrect. It cannot kill running services. It can only report the current status of services (running or stopped) in the Windows environment.

NEW QUESTION 9

You work as a Network Administrator for ABC Inc. The company needs a secured wireless network. To provide network security to the company, you are required to configure a device that provides the best network perimeter security. Which of the following devices would you use to accomplish the task?

• A. Proxy server
• B. IDS
• C. Packet filtering firewall
• D. honeypot

Answer: C

Explanation:

Packet filtering firewalls work on the first three layers of the OSI reference model, which means all the work is done between the network and physical layers. When a packet originates from the sender and filters through a firewall, the device checks for matches to any of the packet filtering rules that are configured in the firewall and drops or rejects the packet accordingly. In a software firewall, packet filtering is done by a program called a packet filter. The packet filter examines the header of each packet based on a specific set of rules, and on that basis, decides to prevent it from passing (called DROP) or allow it to pass (called ACCEPT). A packet filter passes or blocks packets at a network interface based on source and destination addresses, ports, or protocols. The process is used in conjunction with packet mangling and Network Address Translation (NAT). Packet filtering is often part of a firewall program for protecting a local network from unwanted intrusion. This type of firewall can be best used for network perimeter security. Answer B is incorrect. An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees. An IDS cannot directly detect attacks within properly encrypted traffic. An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms). Answer A is incorrect. A proxy server exists between a client's Web- browsing program and a real Internet server. The purpose of the proxy server is to enhance the performance of user requests and filter requests. A proxy server has a database called cache where the most frequently accessed Web pages are stored. The next time such pages are requested, the proxy server is able to suffice the request locally, thereby greatly reducing the access time. Only when a proxy server is unable to fulfill a request locally does it forward the request to a real Internet server. The proxy server can also be used for filtering user requests. This may be done in order to prevent the users from visiting non- genuine sites. Answer D is incorrect. A honeypot is a term in computer terminology used for a trap that is set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, and monitored, and which seems to contain information or a resource of value to attackers.

NEW QUESTION 10

Which of the following statements is NOT true about FAT16 file system?

• A. FAT16 file system works well with large disks because the cluster size increases as thedisk partition size increases.
• B. FAT16 file system supports file-level compression.
• C. FAT16 does not support file-level security.
• D. FAT16 file system supports Linux operating system.

Answer: AB

Explanation:

FAT16 file system was developed for disks larger than 16MB. It uses 16-bit allocation table entries. FAT16 file system supports all Microsoft operating systems. It also supports OS/2 and Linux. Answer C, D are incorrect. All these statements are true about FAT16 file system.

NEW QUESTION 11

Which of the following statements is true about a relational database?

• A. It is difficult to extend a relational database.
• B. The standard user and application program interface to a relational database is Programming Language (PL).
• C. It is a collection of data items organized as a set of formally-described tables.
• D. It is a set of tables containing data fitted into runtime defined categories.

Answer: C

Explanation:

A relational database is a collection of data items organized as a set of formally-described tables from which data can be accessed or reassembled in many different ways without having to reorganize the database tables. Answer B is incorrect. The standard user and application program interface to a relational database is the structured query language (SQL). Answer A is incorrect. In addition to being relatively easy to create and access, a relational database has the important advantage of being easy to extend. Answer D is incorrect. A relational database is a set of tables containing data fitted into predefined categories. Each table (which is sometimes called a relation) contains one or more data categories in columns. Each row contains a unique instance of data for the categories defined by the columns.

NEW QUESTION 12

Which of the following types of servers are dedicated to provide resources to hosts on the network? (Choose three)

• A. Web servers
• B. Monitoring servers
• C. Mail servers
• D. Default gateway servers
• E. Print servers

Answer: ACE

Explanation:

Following types of servers are dedicated to provide resources to other hosts on the network: Mail servers Print servers Web servers Default gateway does not provide resources to hosts on the network. Monitoring server is not a type of server.

NEW QUESTION 13

Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

• A. Incontrovertible
• B. Corroborating
• C. Direct
• D. Circumstantial

Answer: D

Explanation:

Circumstantial evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person. Answer B is incorrect. Corroborating evidence is evidence that tends to support a proposition that is already supported by some evidence. Answer A is incorrect. Incontrovertible evidence is a colloquial term for evidence introduced to prove a fact that is supposed to be so conclusive that there can be no other truth as to the matter; evidence so strong, it overpowers contrary evidence, directing a fact-finder to a specific and certain conclusion. Answer C is incorrect. Direct evidence is testimony proof for any evidence, which expressly or straight-forwardly proves the existence of a fact.

NEW QUESTION 14

Which of the following methods can be helpful to eliminate social engineering threat? (Choose three)

• A. Data encryption
• B. Data classification
• C. Password policies
• D. Vulnerability assessments

Answer: BCD

Explanation:

The following methods can be helpful to eliminate social engineering threat: Password policies Vulnerability assessments Data classification Password policy should specify that how the password can be shared. Company should implement periodic penetration and vulnerability assessments. These assessments usually consist of using known hacker tools and common hacker techniques to breach a network security. Social engineering should also be used for an accurate assessment. Since social engineers use the knowledge of others to attain information, it is essential to have a data classification model in place that all employees know and follow. Data classification assigns level of sensitivity of company information. Each classification level specifies that who can view and edit data, and how it can be shared.

NEW QUESTION 15

Sarah works as a Web Developer for XYZ CORP. She is creating a Web site for her company. Sarah wants greater control over the appearance and presentation of Web pages. She wants the ability to precisely specify the display attributes and the appearance of elements on the Web pages. How will she accomplish this?

• A. Use the Database Design wizard.
• B. Make two templates, one for the index page and the other for all other pages.
• C. Use Cascading Style Sheet (CSS).
• D. Make a template and use it to create each Web page.

Answer: C

Explanation:

Sarah should use the Cascading Style Sheet (CSS) while creating Web pages. This will give her greater control over the appearance and presentation of the Web pages and will also enable her to precisely specify the display attributes and the appearance of elements on the Web pages.

NEW QUESTION 16

Which of the following tools can be used to perform ICMP tunneling? (Choose two)

• A. Itunnel
• B. Ptunnel
• C. WinTunnel
• D. Ethereal

Answer: AB

Explanation:

Ptunnel and Itunnel are the tools that are used to perform ICMP tunneling. In ICMP tunneling, an attacker establishes a covert connection between two remote computers (a client and proxy), using ICMP echo requests and reply packets. ICMP tunneling works by injecting arbitrary data into an echo packet sent to a remote computer. The remote computer replies in the same manner, injecting an answer into another ICMP packet and sending it back. The client performs all communication using ICMP echo request packets, while the proxy uses echo reply packets. Normally, ICMP tunneling involves sending what appear to be ICMP commands but really they are the Trojan communications. Answer C is incorrect. WinTunnel is used to perform TCP tunneling. Answer D is incorrect. Ethereal is a network sniffer.

NEW QUESTION 17

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He successfully performs a brute force attack on the We-are-secure server. Now, he suggests some countermeasures to avoid such brute force attacks on the We-are-secure server. Which of the following are countermeasures against a brute force attack?

• A. The site should use CAPTCHA after a specific number of failed login attempts.
• B. The site should increase the encryption key length of the password.
• C. The site should restrict the number of login attempts to only three times.
• D. The site should force its users to change their passwords from time to time.

Answer: AC

Explanation:

Using CAPTCHA or restricting the number of login attempts are good countermeasures against a brute force attack.

NEW QUESTION 18

Which of the following is used to execute a SQL statement from the SQL buffer?

• A. Entering an asterisk (*)
• B. Pressing [RETURN] once
• C. Pressing [RETURN] twice
• D. Entering a slash (/)
• E. Pressing [ESC] twice.

Answer: D

Explanation:

A SQL statement or a PL/SQL block can be executed by entering a semicolon (;) or a slash (/), or by using the RUN command at SQL prompt. When a semicolon (;) is entered at the end of a command, the command is completed and executed. When a slash (/) is entered, the command in the buffer is executed. It can also be used to execute a PL/SQL block. The RUN command is used to execute a command in the buffer. Note: The SQL buffer stores the most recently used SQL commands and PL/SQL blocks. It does not store SQL* Plus commands. It can be edited or saved to a file. Note: A SQL command can be saved in the buffer by entering a blank line. Reference: Oracle8i Online Documentation, Contents: "SQL*PLUS Users Guide and Reference", "Learning SQL*PLUS Basics,3 of 4", "Understanding SQL COMMAND Syntax"

NEW QUESTION 19

You have detected what appears to be an unauthorized wireless access point on your network. However this access point has the same MAC address as one of your real access points and is broadcasting with a stronger signal. What is this called?

• A. Buesnarfing
• B. The evil twin attack
• C. WAP cloning
• D. DOS

Answer: B

Explanation:
In the evil twin attack, a rogue wireless access point is set up that has the same MAC address as one of your legitimate access points. That rogue WAP will often then initiate a denial of service attack on your legitimate access point making it unable to respond to users, so they are redirected to the 'evil twin'. Answer A is incorrect. Blue snarfing is the process of taking over a PD Answer D is incorrect. A DOS may be used as part of establishing an evil twin, but this attack is not specifically for denial of service. Answer C is incorrect. While you must clone a WAP MAC address, the attack is not called WAP cloning.

NEW QUESTION 20

A Cisco router can have multiple connections to networks. These connections are known as interfaces for Cisco Routers. For naming each interface, Cisco generally uses the type of interface as part of the name. Which of the following are true about the naming conventions of Cisco Router interfaces?

• A. An interface connected to a serial connection always starts with an S.
• B. An interface connected to a Token Ring segment always starts with To.
• C. An Ethernet interface that is fast always starts with an F.
• D. An interface connected to an Ethernet segment of the network always starts with an En.

Answer: ABC

Explanation:

A Cisco router can have multiple connections to networks. These connections are known as interfaces for Cisco Routers. For naming each interface, Cisco generally uses the type of interface as part of the name. Following are some of the naming conventions of Cisco Router interfaces: An Ethernet interface that is fast always starts with an F. An interface connected to a serial connection always starts with an S. An interface connected to an Ethernet segment of the network always starts with an E. An interface connected to a Token Ring segment always starts with To.

NEW QUESTION 21
......