[Free] 2017(Sep) CollectDumps Dumpsleader GIAC GSNA Dumps with VCE and PDF 141-150

CollectDumps 2017 Sep GIAC Official New Released GSNA
100% Free Download! 100% Pass Guaranteed!

GIAC Systems and Network Auditor

Question No: 141 – (Topic 2)

You work as a Network Auditor for XYZ CORP. The company has a Windows-based network. You use DumpSec as an auditing and reporting program for security issues. Which of the following statements is true about DumpSec? (Choose three)

  1. It obtains the DACLs for the registry.

  2. It dumps user and group information.

  3. It collates the DACLs for the file system.

  4. It kills the running services in the Windows environment.

Answer: A,B,C Explanation:

DumpSec, a program launched by Somarsoft, is a security auditing and reporting program for Microsoft Windows. It collates and obtains the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers, and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group, and replication information, policies, as well as services (Win32) and kernel drivers loaded on the system. It can also report the current status of services (running or stopped) in the Windows environment. Answer: D is incorrect. It cannot kill running services. It can only report the current status of services (running or stopped) in the Windows environment.

Question No: 142 – (Topic 2)

You work as a Network Administrator for Tech Perfect Inc. You need to configure the company firewall so that only Simple Network Management Protocol (SNMP) and Secure HTTP (HTTPS) traffic is allowed into the intranet of the company. No other traffic should be allowed into the intranet. Which of the following rule sets should you use on your firewall to accomplish the task? (Assume left to right equals top to bottom.)

  1. Output chain: allow port 443, allow 25, deny all

  2. Input chain: deny all, allow port 25, allow 443

  3. Input chain: allow port 25, allow 443, deny all

  4. Output chain: allow port 25, allow 443, deny all

Answer: C

Explanation: In the given rule set, #39;Input chain#39; defines that the rule is for the incoming traffic, i.e., traffic coming from the intranet to the Internet. Port 25 is being allowed for SNMP traffic and port 443 for the HTTPS traffic. Deny all is being used after allowing port 25 and 443; hence, all the other traffic will be denied. Answer: B is incorrect. Deny all is

executed first; hence, all the traffic will be denied including port 25 and 443. Answer: A, D are incorrect. These rule sets are used for outgoing traffic, i.e., traffic going from the intranet to the Internet as the #39;Output chain#39; rule is being used.

Question No: 143 – (Topic 2)

You work as a Network Administrator for XYZ CORP. The company has a Windows-based network. You want to configure the ACL with a Cisco router. Which of the following router prompts can you use to accomplish the task?

  1. router(config-if)#

  2. router(config)#

  3. router(config-ext-nacl)#

  4. router#

Answer: C

Explanation: The auditor of a Cisco router should be familiar with the variety of privilege modes. The current privilege mode can be quickly identified by looking at the current router prompt. The prime modes of a Cisco router are as follows: #Nonprivileged mode: routergt;

#Priviledged mode: router# #Global configuration mode: router(config)# #Interface configuration mode: router(config-if)# #ACL configuration mode: router(config-ext-nacl)#

#Boot loader mode: router(boot) #Remote connectivity config mode: router(config-line)#

Question No: 144 – (Topic 2)

Audit trail or audit log is a chronological sequence of audit records, each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Under which of the following controls does audit control come?

  1. Protective controls

  2. Reactive controls

  3. Detective controls

  4. Preventive controls

Answer: C

Explanation: Audit trail or audit log comes under detective controls. Detective controls are the audit controls that are not needed to be restricted. Any control that performs a monitoring activity can likely be defined as a Detective Control. For example, it is possible that mistakes, either intentional or unintentional, can be made. Therefore, an additional Protective control is that these companies must have their financial results audited by an independent Certified Public Accountant. The role of this accountant is to act as an auditor. In fact, any auditor acts as a Detective control. If the organization in question has not properly followed the rules, a diligent auditor should be able to detect the deficiency which indicates that some control somewhere has failed. Answer: B is incorrect. Reactive or corrective controls typically work in response to a detective control, responding in such a way as to alert or otherwise correct an unacceptable condition. Using the example of account rules, either the internal Audit Committee or the SEC itself, based on the report generated by the external auditor, will take some corrective action. In this way, they are acting as a Corrective or Reactive control. Answer: A, D are incorrect. Protective or preventative controls serve to proactively define and possibly enforce acceptable behaviors. As an example, a set of common accounting rules are defined and must be followed by any publicly traded company. Each quarter, any particular company must publicly state its current financial standing and accounting as reflected by an application of these rules. These accounting rules and the SEC requirements serve as protective or preventative controls.

Question No: 145 – (Topic 2)

Which of the following does an anti-virus program update regularly from its manufacturer#39;s Web site?

  1. Hotfixes

  2. Permissions

  3. Service packs

  4. Definition

Answer: D

Explanation: An anti-virus program updates the virus definition file regularly from the anti- virus manufacturer#39;s Web site. Antivirus (or anti-virus) software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware.

Traditional antivirus software solutions run virus scanners on schedule, on demand and some run scans in real time. If a virus or malware is located, the suspect file is usually placed into a quarantine to terminate its chances of disrupting the system. Traditional antivirus solutions scan and compare against a publicized and regularly updated dictionary of malware otherwise known as a blacklist. Some antivirus solutions have additional options that employ a heuristic engine which further examines the file to see if it is behaving in a similar manner to previous examples of malware. A new technology utilized by a few antivirus solutions is whitelisting; this technology first checks if the file is trusted and only questions those that are not. With the addition of wisdom of crowds, antivirus solutions backup other antivirus techniques by harnessing the intelligence and advice of a community of trusted users to protect each other. Answer: C is incorrect. A service pack is a collection of Fixes and Patches in a single product. A service pack can be used to handle a large number of viruses and bugs or to update an operating system with advanceB, Detter capabilities. A service pack usually contains a number of file replacements. Answer: A is incorrect. Hotfix is a collection of files used by Microsoft for software updates that are released between major service pack releases. A hotfix is about a problem, occurring under specific circumstances, which cannot wait to be fixed till the next service pack release. Hotfixes are generally related to security problems. Hence, it is essential to fix these problems as soon as possible. Answer: B is incorrect. An anti-virus program does not update Permissions regularly from its manufacturer#39;s Web site.

Question No: 146 – (Topic 2)

Which of the following are the drawbacks of the NTLM Web authentication scheme?

  1. The password is sent in hashed format to the Web server.

  2. It works only with Microsoft Internet Explorer.

  3. The password is sent in clear text format to the Web server.

  4. It can be brute forced easily.

Answer: B,D

Explanation: The following are the drawbacks of the NTLM Web Authentication Scheme: NTLM Web authentication is not entirely safe because NTLM hashes (or challenge/response pairs) can be cracked with the help of brute force password guessing. The quot;crackingquot; program would repeatedly try all possible passwords, hashing each and comparing the result to the hash that the malicious user has obtained. When it discovers a match, the malicious user will know that the password that produced the hash is the user#39;s

password. This authentication technique works only with Microsoft Internet Explorer. Answer: A, C are incorrect. NTLM authentication does not send the user#39;s password (or hashed representation of the password) across the network. Instead, NTLM authentication utilizes challenge/response mechanisms to ensure that the actual password never traverses the network. How does it work? When the authentication process begins, the client sends a login request to the telnet server. The server replies with a randomly generated #39;token#39; to the client. The client hashes the currently logged-on user#39;s cryptographically protected password with the challenge and sends the resulting quot;responsequot; to the server. The server receives the challenge-hashed response and compares it in the following manner:

The server takes a copy of the original token. Now it hashes the token against the user#39;s password hash from its own user account database. If the received response matches the expected response, the user is successfully authenticated to the host.

Question No: 147 – (Topic 2)

Which of the following tools uses Internet Control Message Protocol (ICMP)?

  1. Port scanner

  2. Brutus

  3. Fragroute

  4. Ping scanner

Answer: D

Explanation: A ping scanner is a tool that sends ICMP ECHO requests across a network and rapidly makes a list of responding nodes. Internet Control Message Protocol (ICMP) is an integral part of IP. It is used to report an error in datagram processing. The Internet Protocol (IP) is used for host-to-host datagram service in a network. The network is configured with connecting devices called gateways. When an error occurs in datagram processing, gateways or destination hosts report the error to the source hosts through the ICMP protocol. The ICMP messages are sent in various situations, such as when a datagram cannot reach its destination, when the gateway cannot direct the host to send traffic on a shorter route, when the gateway does not have the buffering capacity, etc.

Answer: A, B, C are incorrect. These tools do not use ICMP to perform their functions.

Question No: 148 – (Topic 2)

Which of the following statements about invalidating a session is true?

  1. The getCreationTime() method can be called on an invalidated session.

  2. The invalidate() method belongs to the HttpServletRequest interface.

  3. A session can be invalidated programmatically as well as using the deployment descriptor.

  4. The getAttribute(String name) method throws an IllegalArgumentException if called on an invalidated session.

Answer: C

Explanation: An existing session can be invalidated in the following two ways: Setting timeout in the deployment descriptor: This can be done by specifying timeout between the

lt;session-timeoutgt; tags as follows: lt;session-configgt; lt;session-timeoutgt; 10 lt;/session- timeoutgt; lt;/session-configgt; This will set the time for session timeout to be ten minutes. Setting timeout programmatically: This will set the timeout for a specific session. The syntax for setting the timeout programmatically is as follows: session.setMaxInactiveInterval(10*60) In this method, the timeout is specified in seconds. Hence, this will set the time for the session timeout to be ten minutes. Answer: A is incorrect. The getCreationTime() method returns the time when the session was created. The time is measured in milliseconds since midnight January 1, 1970. This method throws an IllegalStateException if it is called on an invalidated session. Answer: D is incorrect. The getAttribute(String name) method of the HttpSession interface returns the value of the named attribute as an object. It returns a null value if no attribute with the given name is bound to the session. This method throws an IllegalStateException if it is called on an invalidated session. Answer: B is incorrect. The invalidate() method belongs to the HttpSession interface.

Question No: 149 – (Topic 2)

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to impose some special access restrictions on users. Which of the following Unix configuration files can you use to accomplish the task?

  1. /var/run/utmp

  2. /etc/terminfo

  3. /etc/usertty

  4. /etc/termcap

Answer: C

Explanation: In Unix, the /etc/usertty file is used to impose some special access restrictions on users. Answer: B is incorrect. In Unix, the /etc/terminfo file contains the details for the terminal I/O. Answer: A is incorrect. In Unix, the /var/run/utmp file is the configuration file that contains information about the currently logged in users. Mostly, the #39;Who#39; and #39;w#39; commands use this file. Answer: D is incorrect. In Unix, the /etc/termcap file works as a terminal capability database.

Question No: 150 – (Topic 2)

You work as a Network Administrator for XYZ CORP. The company has a Windows-based network. You want to use multiple security countermeasures to protect the integrity of the information assets of the company. To accomplish the task, you need to create a complex and multi-layered defense system. Which of the following components can be used as a layer that constitutes #39;Defense in depth#39;? (Choose three)

  1. Backdoor

  2. Firewall

  3. Antivirus software

  4. Intrusion detection

Answer: B,C,D Explanation:

The components of Defense in depth include antivirus software, firewalls, anti-spyware programs, hierarchical passwords, intrusion detection, and biometric verification. In addition to electronic countermeasures, physical protection of business sites along with comprehensive and ongoing personnel training enhances the security of vital data against compromise, theft, or destruction. Answer: A is incorrect. A backdoor is any program that allows a hacker to connect to a computer without going through the normal authentication process. The main advantage of this type of attack is that the network traffic moves from inside a network to the hacker#39;s computer. The traffic moving from inside a network to the outside world is typically the least restrictive, as companies are more concerned about what comes into a network, rather than what leaves it. It, therefore, becomes hard to detect


100% Free Download!
Download Free Demo:GSNA Demo PDF
100% Pass Guaranteed!
Download 2017 CollectDumps GSNA Full Exam PDF and VCE

CollectDumps ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 CollectDumps IT Certification PDF and VCE