GSNA | A Review Of Certified GSNA Pdf

Cause all that matters here is passing the GIAC GSNA exam. Cause all that you need is a high score of GSNA GIAC Systems and Network Auditor exam. The only one thing you need to do is downloading Passleader GSNA exam study guides now. We will not let you down with our money-back guarantee.

Online GIAC GSNA free dumps demo Below:

NEW QUESTION 1

You want to append a tar file if the on-disk version of the tar file has a modification date more recent than its copy in the tar archive. Which of the following commands will you use to accomplish the task?

  • A. tar -u
  • B. tar -t
  • C. tar -c
  • D. tar –x

Answer: A

Explanation:

The tar -u command is used to append a tar file if the on-disk version of the tar file has a modification date more recent than its copy in the tar archive. Answer B is incorrect. The tar -t command is used to list the contents of an archive. Answer D is incorrect. The tar -x command is used to extract the files from an archive. Answer C is incorrect. The tar -c command is used to create a new archive of specified files.

NEW QUESTION 2

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to allow direct access to the filesystems data structure. Which of the following Unix commands can you use to accomplish the task?

  • A. debugfs
  • B. dosfsck
  • C. du
  • D. df

Answer: A

Explanation:

In Unix, the debugfs command is used to allow direct access to the filesystems data structure. Answer D is incorrect. In Unix, the df command shows the disk free space on one or more filesystems. Answer B is incorrect. In Unix, the dosfsck command checks and repairs MS-Dos filesystems. Answer C is incorrect. In Unix, the du command shows how much disk space a directory and all its files contain.

NEW QUESTION 3

Which of the following security policies will you implement to keep safe your data when you connect your Laptop to the office network over IEEE 802.11 WLANs? (Choose two)

  • A. Using personal firewall software on your Laptop.
  • B. Using a protocol analyzer on your Laptop to monitor for risks.
  • C. Using portscanner like nmap in your network.
  • D. Using an IPSec enabled VPN for remote connectivity.

Answer: AD

Explanation:

According to the scenario, you want to implement a security policy to keep safe your data when you connect your Laptop to the office network over IEEE 802.11 WLANs. For this, you will use the following two options:
* 1. Using IPSec enabled VPN for remote connectivity: Internet Protocol Security (IPSec) is a
standard-based protocol that provides the highest level of VPN security. IPSec can encrypt virtually everything above the networking layer. It is used for VPN connections that use the L2TP protocol. It secures both data and password.
* 2. Using personal firewall software on your Laptop: You can also create a firewall rule to block malicious packets so that you can secure your network. Answer C is incorrect. Portscanner is used for scanning port and tells which ports are open. However, this tool is very much useful in information gathering step of the attacking process, it cannot be used to protect a WLAN network. Answer B is incorrect. You cannot use the packet analyzer to protect your network. Packet analyzer is used to analyze data packets flowing in the network.

NEW QUESTION 4

Which of the following commands can be used to format text files?

  • A. wc
  • B. ps
  • C. tail
  • D. pr

Answer: D

Explanation:

The pr command is used to format text files according to the specified options. This command is usually used to paginate or columnate files for printing. Answer B is incorrect. The ps command reports the status of processes that are currently running on a Linux computer. Answer A is incorrect. The wc command is used to count the number of bytes, words, and lines in a given file or in the list of files. Answer C is incorrect. The tail command is used to display the last few lines of a text file or piped data.

NEW QUESTION 5

You work as a Database Administrator for XYZ CORP. The company has a multi-platform network. The company requires a database that can receive data from various types of operating systems. You want to design a multidimensional database to accomplish the task. Which of the following statements are true about a multidimensional database?

  • A. It is used to optimize Online Analytical Processing (OLAP) applications.
  • B. It is used to optimize data warehouse.
  • C. It is rarely created using input from existing relational databases.
  • D. It allows users to ask questions that are related to summarizing business operations and trends.

Answer: ABD

Explanation:

A multidimensional database (MDB) is a type of database that is optimized for data warehouse and Online Analytical Processing (OLAP) applications. Multidimensional databases are frequently created using input from existing relational databases. Whereas a relational database is typically accessed using a Structured Query Language (SQL) query, a multidimensional database allows a user to ask questions like "How many Aptivas have been sold in Nebraska so far this year?" and similar questions related to summarizing business operations and trends. An OLAP application that accesses data from a multidimensional database is known as a MOLAP (multidimensional OLAP) application. Answer C is incorrect. A multidimensional database is frequently created using input from existing relational databases.

NEW QUESTION 6

Which of the following are the reasons for implementing firewall in any network?

  • A. Create a choke point
  • B. Log Internet activity
  • C. Log system activity
  • D. Limit access control
  • E. Implementing security policy
  • F. Limit network host exposure

Answer: ABEF

Explanation:

A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria. The four important roles of a firewall are as follows:
* 1. Implement security policy: A firewall is a first step in implementing security policies of an organization. Different policies are directly implemented at the firewall. A firewall can also work with network routers to implement Types-Of-Service (ToS) policies.
* 2. Creating a choke point: A firewall can create a choke point between a private network of
an organization and a public network. With the help of a choke point the firewall devices can monitor, filter, and verify all inbound and outbound traffic.
* 3. Logging Internet activity: A firewall also enforces logging of the errors and faults. It also provides alarming mechanism to the network.
* 4. Limiting network host exposure: A firewall can create a perimeter around the network to protect it from the Internet. It increases the security by hiding internal information.

NEW QUESTION 7

In which of the following social engineering attacks does an attacker first damage any part
of the target's equipment and then advertise himself as an authorized person who can help fix the problem.

  • A. Reverse social engineering attack
  • B. Impersonation attack
  • C. Important user posing attack
  • D. In person attack

Answer: A

Explanation:

A reverse social engineering attack is a person-to-person attack in which an attacker convinces the target that he or she has a problem or might have a certain problem in the future and that he, the attacker, is ready to help solve the problem. Reverse social engineering is performed through the following steps: An attacker first damages the target's equipment. He next advertises himself as a person of authority, ably skilled in solving that problem. In this step, he gains the trust of the target and obtains access to sensitive information.
If this reverse social engineering is performed well enough to convince the target, he often calls the attacker and asks for help. Answer B, C, D are incorrect. Person-to-Person social engineering works on the personal level. It can be classified as follows: Impersonation: In the impersonation social engineering attack, an attacker pretends to be someone else, for example, the employee's friend, a repairman, or a delivery person. In Person Attack: In this attack, the attacker just visits the organization and collects information. To accomplish such an attack, the attacker can call a victim on the phone, or might simply walk into an office and pretend to be a client or a new worker. Important User Posing: In this attack, the attacker pretends to be an important member of the organization. This attack works because there is a common belief that it is not good to question authority. Third-Party Authorization: In this attack, the attacker tries to make the victim believe that he has the approval of a third party. This works because people believe that most people are good and they are being truthful about what they are saying.

NEW QUESTION 8

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

  • A. Safeguards
  • B. Detective controls
  • C. Corrective controls
  • D. Preventive controls

Answer: C

Explanation:

Corrective controls are used after a security breach. After security has been breached, corrective controls are intended to limit the extent of any damage caused by the incident, e.g. by recovering the organization to normal working status as efficiently as possible. Answer D is incorrect. Before the event, preventive controls are intended to prevent an incident from occurring, e.g. by locking out unauthorized intruders. Answer B is incorrect. During the event, detective controls are intended to identify and characterize an
incident in progress, e.g. by sounding the intruder alarm and alerting the security guards or the police. Answer A is incorrect. Safeguards are those controls that provide some amount of protection to an asset.

NEW QUESTION 9

Which of the following records is the first entry in a DNS database file?

  • A. CNAME
  • B. SOA
  • C. SRV
  • D. MX

Answer: B

Explanation:

Start of Authority (SOA) record is the first record in any DNS database file. The SOA resource record includes the following fields: owner, TTL, class, type, authoritative server, refresh, minimum TTL, etc. Answer A is incorrect. Canonical Name (CNAME) is a resource record that creates an alias for the specified Fully Qualified Domain Name (FQDN). It hides the implementation details of a network from the clients that are connected to the network. Answer D is incorrect. MX is a mail exchange resource record in the database file of a DNS server. It specifies a mail exchange server for a DNS domain name. Answer C is incorrect. SRV resource record is a DNS record that enables users to specify the location of servers for a specific service, protocol, and DNS domain. For example, if there are two servers in a domain, creating SRV records specifies which hosts serve as Web servers, and resolvers can then retrieve all the SRV resource records for the Web servers.

NEW QUESTION 10

You have detected what appears to be an unauthorized wireless access point on your network. However this access point has the same MAC address as one of your real access points and is broadcasting with a stronger signal. What is this called?

  • A. Buesnarfing
  • B. The evil twin attack
  • C. WAP cloning
  • D. DOS

Answer: B

Explanation:
In the evil twin attack, a rogue wireless access point is set up that has the same MAC address as one of your legitimate access points. That rogue WAP will often then initiate a denial of service attack on your legitimate access point making it unable to respond to users, so they are redirected to the 'evil twin'. Answer A is incorrect. Blue snarfing is the process of taking over a PD Answer D is incorrect. A DOS may be used as part of establishing an evil twin, but this attack is not specifically for denial of service. Answer C is incorrect. While you must clone a WAP MAC address, the attack is not called WAP cloning.

NEW QUESTION 11

Which of the following is a method of the HttpSession interface and is used to retrieve the time when the session was created?

  • A. getCreationTime()
  • B. getSessionCreationTime()
  • C. getSessionTime()
  • D. getTime()

Answer: A

Explanation:

The getCreationTime() method returns the time when the session was created. The time is measured in milliseconds since midnight January 1, 1970. This method throws an IllegalStateException if it is called on an invalidated session.

NEW QUESTION 12

Which of the following Windows processes supports creating and deleting processes and threads, running 16-bit virtual DOS machine processes, and running console windows?

  • A. smss.exe
  • B. services.exe
  • C. csrss.exe
  • D. System

Answer: C

Explanation:

csrss.exe is a process that supports creating and deleting processes and threads, running 16-bit virtual DOS machine processes, and running console windows. Answer B is incorrect. This process is the Windows Service Controller, which is responsible for starting and stopping system services running in the background. Answer A is incorrect. This process supports the programs needed to implement the user interface, including the graphics subsystem and the log on processes. Answer D is incorrect. This process includes most kernel-level threads, which manage the underlying aspects of the operating system.

NEW QUESTION 13

Which of the following are known as safety critical software?

  • A. Software that is used to apply a critical decision-making process
  • B. Software that manages safety critical data including display of safety critical information
  • C. Software that intervenes when a safe condition is present or is about to happen
  • D. Software that is used to create safety critical functions

Answer: AB

Explanation:

The following types of software are safety critical software: Software that is used to apply a critical decision-making process Software that is used to manage or monitor safety critical functions Software that intervenes when an unsafe condition is present or is about to happen Software that executes on the same target system as safety critical software Software that impacts the systems on which safety critical software runs Software that manages safety critical data including display of safety critical information Software that is used to validate and verify safety critical software Answer D is incorrect. Software that is used to manage or monitor safety critical functions is known as safety critical software. Answer C is incorrect. Software that intervenes when an unsafe condition is present or is about to happen is known as safety critical software.

NEW QUESTION 14

Which of the following tools works both as an encryption-cracking tool and as a keylogger?

  • A. Magic Lantern
  • B. KeyGhost Keylogger
  • C. Alchemy Remote Executor
  • D. SocketShield

Answer: A

Explanation:

Magic Lantern works both as an encryption-cracking tool and as a keylogger. Answer C is incorrect. Alchemy Remote Executor is a system management tool that allows Network Administrators to execute programs on remote network computers without leaving their workplace. From the hacker's point of view, it can be useful for installing keyloggers, spyware, Trojans, Windows rootkits and such. One necessary condition for using the Alchemy Remote Executor is that the user/attacker must have the administrative passwords of the remote computers on which the malware is to be installed. Answer B is incorrect. The KeyGhost keylogger is a hardware keylogger that is used to log all keystrokes on a computer. It is a tiny device that clips onto the keyboard cable. Once the KeyGhost keylogger is attached to the computer, it quietly logs every key pressed on the keyboard into its own internal Flash memory (just as with smart cards). When the log becomes full, it overwrites the oldest keystrokes with the newest ones. Answer D is incorrect. SocketShield provides a protection shield to a computer system against malware, viruses, spyware, and various types of keyloggers. SocketShield provides protection at the following two levels: 1.Blocking: In this level, SocketShield uses a list of IP addresses that are known as purveyor of exploits. All http requests for any page in these domains are simply blocked. 2.Shielding: In this level, SocketShield blocks all the current and past IP addresses that are the cause of unauthorized access.

NEW QUESTION 15

Which of the following features of a switch helps to protect network from MAC flood and MAC spoofing?

  • A. Multi-Authentication
  • B. Port security
  • C. MAC Authentication Bypass
  • D. Quality of Service (QoS)

Answer: B

Explanation:
If a switch has the ability to enable port security, this will help to protect network from both the MAC Flood and MAC Spoofing attacks. Answer D is incorrect. Quality of Service (QoS) feature is useful for prioritizing VOIP traffic. Switches are offering the ability to assign a device a Quality of Service (QoS) value or a rate limiting value based on the RADIUS response. Answer A is incorrect. Multi-Authentication feature is used to allow multiple devices to use a single port. Answer C is incorrect. MAC Authentication Bypass feature is used to allow the RADIUS server to specify the default VLAN/ACL for every device that doesn't authenticate by 802.1X.

NEW QUESTION 16

You work as a Network Administrator for XYZ CORP. The company has a Windows-based network. You have been assigned the task to design the authentication system for the remote users of the company. For security purposes, you want to issue security tokens to the remote users. The token should work on the one-time password principle and so once used, the next password gets generated. Which of the following security tokens should you issue to accomplish the task?

  • A. Virtual tokens
  • B. Event-based tokens
  • C. Bluetooth tokens
  • D. Single sign-on software tokens

Answer: B

Explanation:

An event-based token, by its nature, has a long life span. They work on the one-time password principle and so once used, the next password is generated. Often the user has a button to press to receive this new code via either a token or via an SMS message. All CRYPTOCard's tokens are event-based rather than time-based. Answer C is incorrect. Bluetooth tokens are often combined with a USB token, and hence work in both a connecteA, D disconnected state. Bluetooth authentication works when closer than 32 feet (10 meters). If the Bluetooth is not available, the token must be inserted into a USB input device to function. Answer A is incorrect. Virtual tokens are a new concept in multi-factor authentication first introduced in 2005 by security company Sestus. Virtual tokens work by sharing the token generation process between the Internet website and the user's computer and have the advantage of not requiring the distribution of additional hardware or software. In addition, since the user's device is communicating directly with the authenticating website, the solution is resistant to man-in-the-middle attacks and similar forms of online fraud. Answer D is incorrect. Single sign-on software tokens are used by the multiple, related, but independent software systems. Some types of single sign-on (SSO) solutions, like enterprise single sign-on, use this token to store software that allows for seamless authentication and password filling. As the passwords are stored on the token, users need not remember their passwords and therefore can select more secure passwords, or have more secure passwords assigned.

NEW QUESTION 17

Which of the following is a prevention-driven activity to reduce errors in the project and to help the project meet its requirements?

  • A. Audit sampling
  • B. Asset management
  • C. Access control
  • D. Quality assurance

Answer: D

Explanation:

Quality assurance is the application of planned, systematic quality activities to ensure that the project will employ all processes needed to meet requirements. It is a prevention-driven activity to reduce errors in the project and to help the project meet its requirements. Answer A is incorrect. Audit sampling is an application of the audit procedure that enables the IT auditor to evaluate audit evidence within a class of transactions for the purpose of forming a conclusion concerning the population. When designing the size and structure of an audit sample, the IT auditor should consider the audit objectives determined when planning the audit, the nature of the population, and the sampling and selection methods. Answer C is incorrect. The process of limiting access to the resources of a Web site is called access control. Access control can be performed in the following ways: Registering the user in order to access the resources of the Web site. This can be confirmed by the user name and password. Limiting the time during which resources of the Web site can be used. For example, the Web site can be viewed between certain hours of a day. Answer B is incorrect. It is the practice of managing the whole life cycle (design, construction, commissioning, operating, maintaining, repairing, modifying, replacing and decommissioning/disposal) of physical and infrastructure assets such as structures, production, distribution networks, transport systems, buildings, and other physical assets.

NEW QUESTION 18
......

Thanks for reading the newest GSNA exam dumps! We recommend you to try the PREMIUM Dumps-files.com GSNA dumps in VCE and PDF here: https://www.dumps-files.com/files/GSNA/ (368 Q&As Dumps)