[Free] 2017(Sep) CollectDumps Dumpsleader GIAC GSNA Dumps with VCE and PDF 161-170

CollectDumps 2017 Sep GIAC Official New Released GSNA
100% Free Download! 100% Pass Guaranteed!
http://www.CollectDumps.com/GSNA.html

GIAC Systems and Network Auditor

Question No: 161 – (Topic 2)

Which of the following are the reasons for implementing firewall in any network?

  1. Create a choke point

  2. Log Internet activity

  3. Log system activity

  4. Limit access control

  5. Implementing security policy

  6. Limit network host exposure

    Answer: A,B,E,F

    Explanation: A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria. The four important roles of a firewall are as follows:

    1. Implement security policy: A firewall is a first step in implementing security policies of an organization. Different policies are directly implemented at the firewall. A firewall can also work with network routers to implement Types-Of-Service (ToS) policies.

    2. Creating a choke point: A firewall can create a choke point between a private network of an organization and a public network. With the help of a choke point the firewall devices can monitor, filter, and verify all inbound and outbound traffic.

    3. Logging Internet activity: A firewall also enforces logging of the errors and faults. It also provides alarming mechanism to the network.

    4. Limiting network host exposure: A firewall can create a perimeter around the network to protect it from the Internet. It increases the security by hiding internal information.

      Question No: 162 – (Topic 2)

      Which of the following aaa accounting commands should be used to enable logging of both the start and stop records for user terminal sessions on the router?

      1. aaa accounting auth proxy start-stop tacacs

      2. aaa accounting system none tacacs

      3. aaa accounting connection start-stop tacacs

      4. aaa accounting exec start-stop tacacs

Answer: D

Explanation: In order to enable logging of both start and stop records for user terminal sessions on the router, the aaa accounting exec start-stop tacacs command should be

used. The exec option performs accounting for EXEC shell sessions. Answer: B is incorrect. The aaa accounting system none tacacs command disables accounting services on a specific interface for all system-level events that are not related with users such as reload. Answer: C is incorrect. The aaa accounting connection start-stop tacacs command is used to enable logging of both start and stop records for all outbound connections that are established from the NAS (Network Access Server), such as Telnet, local-area transport (LAT), TN3270, packet assembler and disassembler (PAD), and rlogin. Answer: A is incorrect. The aaa accounting auth proxy start-stop tacacs command is used to enable logging of both start and stop records for all authenticated proxy user events.

Question No: 163 – (Topic 2)

Which of the following commands can be used to intercept and log the Linux kernel messages?

  1. syslogd

  2. klogd

  3. sysklogd

  4. syslog-ng

Answer: B,C

Explanation: The klogd and sysklogd commands can be used to intercept and log the Linux kernel messages.

Question No: 164 – (Topic 2)

You work as a Security Administrator in Tech Perfect Inc. The company has a TCP/IP based network. The network has a vast majority of Cisco Systems routers and Cisco network switches. You have mplemented four VPN connections in the network. You use the Cisco IOS on the network. Which feature will you enable to maintain a separate routing and forwarding table for each VPN?

  1. Intrusion Prevention System

  2. VRF-aware firewall

  3. Virtual Private Network

  4. Stateful firewall

Answer: B

Explanation: In this scenario, the company#39;s network has a vast majority of Cisco Systems routers and Cisco network switches. The security administrator of the company has implemented four VPN connections in the network and uses the Cisco IOS on the network. He needs to maintain a separate routing and forwarding table for each VPN in order to provide more secure communication. To accomplish this task, he should enable the VRF- aware firewall feature on the Cisco IOS routers.

Question No: 165 – (Topic 2)

In which of the following scanning techniques does a scanner connect to an FTP server and request that server to start data transfer to the third system?

  1. Xmas Tree scanning

  2. TCP FIN scanning

  3. TCP SYN scanning

  4. Bounce attack scanning

Answer: D

Explanation: In the TCP FTP proxy (bounce attack) scanning, a scanner connects to an FTP server and requests that server to start data transfer to the third system. Now, the scanner uses the PORT FTP command to declare whether or not the data transfer process is listening to the target system at the certain port number. Then the scanner uses LIST FTP command to list the current directory. This result is sent over the server. If the data transfer is successful, it is clear that the port is open. If the port is closed, the attacker receives the connection refused ICMP error message. Answer: A is incorrect. Xmas Tree scanning is just the opposite of null scanning. In Xmas Tree scanning, all packets are turned on. If the target port is open, the service running on the target port discards the packets without any reply. According to RFC 793, if the port is closed, the remote system replies with the RST packet. Active monitoring of all incoming packets can help system network administrators detect an Xmas Tree scan. Answer: B is incorrect. TCP FIN scanning is a type of stealth scanning, through which the attacker sends a FIN packet to the target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port will drop that packet. TCP FIN scanning is

useful only for identifying ports of non Windows operating system because Windows operating systems send only RST packets irrespective of whether the port is open or closed. Answer: C is incorrect. TCP SYN scanning is also known as half-open scanning because in this a full TCP connection is never opened. The steps of TCP SYN scanning are as follows: 1.The attacker sends SYN packet to the target port. 2.If the port is open, the attacker receives SYN/ACK message. 3.Now the attacker breaks the connection by sending an RST packet. 4.If the RST packet is received, it indicates that the port is closed. This type of scanning is hard to trace because the attacker never establishes a full 3-way handshake connection and most sites do not create a log of incomplete TCP connections.

Question No: 166 – (Topic 2)

In the DNS Zone transfer enumeration, an attacker attempts to retrieve a copy of the entire zone file for a domain from a DNS server. The information provided by the DNS zone can help an attacker gather user names, passwords, and other valuable information. To attempt a zone transfer, an attacker must be connected to a DNS server that is the authoritative server for that zone. Besides this, an attacker can launch a Denial of Service attack against the zone#39;s DNS servers by flooding them with a lot of requests. Which of the following tools can an attacker use to perform a DNS zone transfer?

  1. DSniff

  2. Dig

  3. Host

  4. NSLookup

Answer: B,C,D

Explanation: An attacker can use Host, Dig, and NSLookup to perform a DNS zone transfer. Answer: A is incorrect. DSniff is a sniffer that can be used to record network traffic. Dsniff is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of the tools of Dsniff include dsniff, arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. Dsniff is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.

Question No: 167 – (Topic 2)

Which of the following statements are true about security risks? (Choose three)

  1. They can be removed completely by taking proper actions.

  2. They are considered an indicator of threats coupled with vulnerability.

  3. They can be mitigated by reviewing and taking responsible actions based on possible risks.

  4. They can be analyzed and measured by the risk analysis process.

Answer: B,C,D

Explanation: In information security, security risks are considered an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. These risks can be analyzed and measured by the risk analysis process. Answer: A is incorrect. Security risks can never be removed completely but can be mitigated by taking proper actions.

Question No: 168 – (Topic 2)

Which of the following statements about packet filtering is true?

  1. It allows or restricts the flow of specific types of packets to provide security.

  2. It is used to send confidential data on the public network.

  3. It allows or restricts the flow of encrypted packets to provide security.

  4. It is used to store information about confidential data.

Answer: A

Explanation: Packet filtering is a method that allows or restricts the flow of specific types of packets to provide security. It analyzes the incoming and outgoing packets and lets them pass or stops them at a network interface based on the source and destination addresses, ports, or protocols. Packet filtering provides a way to define precisely which type of IP traffic is allowed to cross the firewall of an intranet. IP packet filtering is important when users from private intranets connect to public networks, such as the Internet.

Question No: 169 – (Topic 2)

Mark works as a Web Designer for XYZ CORP. The company has a Windows-based network. Mark creates an HTML document that gives the following error on execution: quot;These hypertext system features are not supported by HTMLquot;. Which of the following can be the hypertext system features that are NOT supported by HTML? (Choose three)

  1. Source tracking

  2. Typed link

  3. Hyperlink

  4. Fat link

Answer: A,B,D

Explanation: HTML lacks some of the features found in earlier hypertext systems, such as typed links, source tracking, fat links etc. Even some hypertext features that were in early versions of HTML have been ignored by most popular web browsers until recently, such as the link element and in- browser Web page editing. Sometimes Web services or browser manufacturers remedy these shortcomings. Answer: C is incorrect. Hyperlink is supported by HTML as well as Hypertext.

Question No: 170 – (Topic 2)

Which of the following statements about data integrity of a container are true? (Choose two)

  1. It ensures that a hacker cannot alter the contents of an HTTP message while it is in transit from a container to a client.

  2. Data integrity ensures that information is made available to users who are authorized to access it.

  3. Data integrity ensures that information has not been modified by a third party while it is in transit.

  4. It ensures that an eavesdropper cannot read an HTTP message being sent from a client to a container.

Answer: A,C

Explanation: Data integrity ensures that information has not been modified, altered, or destroyed by a third party while it is in transit. Data integrity ensures that the data received is same as the data that was sent. Moreover, no one can tamper with the data during transmission from source to destination.

It also ensures that a hacker cannot alter the contents of an HTTP message while it is in

transit from the container to the client. This will be accomplished through the use of HTTPS. The HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer. The HTTPS encrypts and decrypts the page requests and page information between the client browser and the Web server using a Secure Socket Layer. Answer: D is incorrect. This answer option describes confidentiality. Answer: B is incorrect. This answer option also describes confidentiality.

100% Free Download!
Download Free Demo:GSNA Demo PDF
100% Pass Guaranteed!
Download 2017 CollectDumps GSNA Full Exam PDF and VCE

CollectDumps ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 CollectDumps IT Certification PDF and VCE