GIAC GIAC Information Security GSNA Questions & Answers

• Question 21:

  You work as a Security Administrator in Tech Perfect Inc. The company has a TCP/IP based network. The network has a vast majority of Cisco Systems routers and Cisco network switches. You want to take a snapshot of the router running configuration and archive running configuration of the router to persistent storage.

  Which of the following steps will you take?

  A. Secure the boot configuration

  B. Restore an archived primary bootset

  C. Verify the security of the bootset

  D. Enable the image resilience

  Correct Answer: A

  In order to take a snapshot of the router running configuration and archive running configuration of the router to persistent storage, you should secure the boot configuration of the router using the secure boot- config command.

  Answer: D is incorrect. You can enable the image resilience, if you want to secure the Cisco IOS image. Answer: C is incorrect. By verifying the security of bootset, you can examine whether or not the Cisco IOS Resilient Configuration is

  enabled and the files in the bootset are secured. Answer: B is incorrect. By restoring an archived primary bootset, you can restore a primary bootset from a secure archive after an NVRAM has been erased or a disk has been formatted.

• Question 22:

  John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He executes the following command in the terminal: echo $USER, $UID.

  Which of the following will be displayed as the correct output of the above command?

  A. John, 0

  B. root, 0

  C. root, 500

  D. John, 502

  Correct Answer: B

  According to the scenario, John is a root user. Hence, the value of the environmental variables $USER and $UID will be root and 0, respectively.

• Question 23:

  You work as a Network Administrator for Tech Perfect Inc. The company requires a secure wireless network. To provide security, you are configuring ISA Server 2006 as a firewall.

  While configuring ISA Server 2006, which of the following is NOT necessary?

  A. Setting up of monitoring on ISA Server

  B. Defining how ISA Server would cache Web contents

  C. Defining ISA Server network configuration

  D. Configuration of VPN access

  Correct Answer: D

  Configuration of VPN access is not mandatory. It is configured on the basis of requirement. Answer: A, B, C are incorrect. All these steps are mandatory for the configuration of the ISA Server 2006 firewall.

• Question 24:

  Which of the following commands will you use to watch a log file /var/adm/messages while the log file is updating continuously?

  A. less -g /var/adm/messages

  B. tail /var/adm/messages

  C. cat /var/adm/messages

  D. tail -f /var/adm/messages

  Correct Answer: D

  The tail command is used to display the last few lines of a text file or piped data. It has a special command line option -f (follow) that allows a file to be monitored. Instead of displaying the last few lines and exiting, tail displays the lines and

  then monitors the file. As new lines are added to the file by another process, tail updates the display. This is particularly useful for monitoring log files. The following command will display the last 10 lines of messages and append new lines to

  the display as new lines are added to messages:

  tail -f /var/adm/messages

  Answer: B is incorrect. The tail command will display the last 10 lines (default) of the log file. Answer: C is incorrect. The concatenate (cat) command is used to display or print the contents of a file.

  Syntax: cat filename

  For example, the following command will display the contents of the /var/log/dmesg file: cat /var/log/dmesg Note: The more command is used in conjunction with the cat command to prevent scrolling of the screen while displaying the contents

  of a file.

  Answer: A is incorrect. The less command is used to view (but not change) the contents of a text file, one screen at a time. It is similar to the more command. However, it has the extended capability of allowing both forward and backward

  navigation through the file. Unlike most Unix text editors/viewers, less does not need to read the entire file before starting; therefore, it has faster load times with large files.

  The command syntax of the less command is as follows:

  less [options] file_name Where,

• Question 25:

  Mark works as the Network Administrator for XYZ CORP. The company has a Unix-based network. Mark wants to scan one of the Unix systems to detect security vulnerabilities. To accomplish this, he uses TARA as a system scanner.

  What can be the reasons that made Mark use TARA?

  A. It has a very specific function of seeking paths to root.

  B. It is composed mostly of bash scripts

  C. It works on a wide variety of platforms.

  D. It is very modular.

  Correct Answer: BCD

  Tiger Analytical Research Assistant (TARA) is a set of scripts that scans a Unix system for security problems. Following are the pros and cons of using TARA. Pros:

  1.

  It is open source.

  2.

  It is very modular.

  3.

  It can work on a wide variety of platforms.

  4.

  It is composed mostly of bash scripts; hence, it can run on any Unix platform with little difficulty.

  Cons:

  It has a very specific function of seeking paths to root.

  Answer: A is incorrect. It is a limitation of TARA that reduces its flexibility to be used for different purposes.

• Question 26:

  Mark works as a Web Developer for XYZ CORP. He is developing a Web site for the company. The Manager of the company requires Mark to use tables instead of frames in the Web site.

  What is the major advantage that a table-structured Web site has over a frame-structured Web site?

  A. Easy maintenance

  B. Speed

  C. Better navigation

  D. Capability of being bookmarked or added to the Favorites folder

  Correct Answer: D

  The major advantage that a table-structured Web site has over a frame-structured Web site is that users can bookmark the pages of a table- structured Web site, whereas pages of a frame-structured Web site cannot be bookmarked or added

  to the Favorites folder. Non-frame Web sites also give better results with search engines.

  Better navigation: Web pages can be divided into multiple frames and each frame can display a separate Web page. It helps in providing better and consistent navigation. Easy maintenance: Fixed elements, such as a navigation link and

  company logo page, can be created once and used with all the other pages. Therefore, any change in these pages is required to be made only once.

• Question 27:

  Samantha works as a Web Developer for XYZ CORP. She develops a Web application using Visual InterDev. She wants to group a series of HTML elements together so that an action can be performed collectively on them.

  Which of the following tags will Samantha use to accomplish this?

  A. DIV

  B. GROUP

  C. BODY

  D. SPAN

  Correct Answer: A

  DIV is an HTML tag that groups a series of elements into a larger group. It can be used when an action needs to be performed collectively on the grouped elements. The DIVtag acts as a container for other elements.

  Answer: D is incorrect. The SPAN tag is used within an element to group a part of it. For example, this tag can be used to group a few sentences from within a paragraph, so that a particular action can be performed only on them.

  Answer: C is incorrect. The BODY tag is used to specify the beginning and end of the document body. Answer: B is incorrect. There is no tag such as GROUP in HTML.

• Question 28:

  Which of the following are the disadvantages of Dual-Homed Host Firewall Architecture?

  A. It can provide services by proxying them.

  B. It can provide a very low level of control.

  C. User accounts may unexpectedly enable services a user may not consider secure.

  D. It provides services when users log on to the dual-homed host directly.

  Correct Answer: ACD

  A dual-homed host is one of the firewall architectures for implementing preventive security. It provides the first-line defense and protection technology for keeping untrusted bodies from compromising information security by violating trusted

  network space as shown in the image below:

  A dual-homed host (or bastion host) is a system fortified with two network interfaces (NICs) that sits between an un-trusted network (like the Internet) and trusted network (such as a corporate network) to provide secure access. Dual-homed,

  or bastion, is a general term for proxies, gateways, firewalls, or any server that provides secured applications or services directly to an untrusted network.

  

  A dual-homed host also hassome disadvantages, which are as follows:

  1.

  It can provide services by proxying them.

  2.

  User accounts may unexpectedly enable services a user may not consider secure.

  3.

  It provides services when users log on to the dual-homed host directly.

  Answer: B is incorrect. Dual-Homed Host Firewall Architecture can provide a very high level of control.

• Question 29:

  You want to monitor the network infrastructure of a software-based company. The network infrastructure of the company consists of the following:

  1.

  Windows TCP/IP services

  2.

  Web and mail servers

  3.

  URLs Applications (MS Exchange, SQL etc.)

  Which of the following network monitoring solutions can you use to accomplish the task?

  A. Axence nVision

  B. CommandCenter NOC

  C. Netmon

  D. Cymphonix Network Composer

  Correct Answer: A

  Axence nVision is an advanced solution for a comprehensive network management. It is used to monitor network infrastructure such as Windows, TCP/IP services, web and mail servers, URLs, and applications (MS Exchange, SQL, etc.). It is also used to monitor routers and switches such as network traffic, interface status, and connected computers. It collects the network inventory and audit license usage. It also gives alerts in case of a program installation or any configuration change on a remote node. With the agent, an administrator can easily monitor user activities and can access computers remotely. Answer: B is incorrect. CommandCenter NOC is a simple and effective tool that performs network monitoring with a powerful polling engine. It provides polling, Windows and UNIX/Linux server management, intrusion detection, vulnerability scanning, and traffic analysis in an integrated appliance. Answer: D is incorrect. Cymphonix Network Composer is a precise Web gateway appliance. It is used to monitorInternet traffic by user, application, and threat. It consists of controls to shape access to Internet resources by user, group, and/or time of day. It also supports anonymous proxy blocking, policy management, and real time monitoring. Answer: C is incorrect. Network Monitor (Netmon) is a protocol analyzer. It is used to analyze the network traffic. It is installed by default during the installation of the operating system. It can be installed by using Windows Components Wizard in the Add or Remove Programs tool in Control Panel. Network Monitor is used to perform the following tasks:

  1.

  Capture frames directly from the network.

  2.

  Display and filter captured frames immediately after capture or a later time.

  3.

  Edit captured frames and transmit them on the network.

  4.

  Capture frames from a remote computer.

• Question 30:

  You work as a Network Administrator for Techpearl Inc. You are configuring the rules for the firewall of the company. You need to allow internal users to access secure external websites. Which of the following firewall rules will you use to accomplish the task?

  A. TCP 172.16.1.0/24 any any 80 HTTP permit

  B. TCP 172.16.1.0/24 any any 25 SMTP permit

  C. TCP 172.16.1.0/24 any any 80 HTTP deny

  D. TCP 172.16.1.0/24 any any 443 HTTPs permit

  Correct Answer: D

  The TCP 172.16.1.0/24 any any 443 HTTPs permit rule is used to allow internal users to access secure external websites.

  Answer: A is incorrect. The TCP 172.16.1.0/24 any any 80 HTTP permit rule is used to allow internal users to access external websites (secure and unsecure both).

  Answer: C is incorrect. The TCP 172.16.1.0/24 any any 80 HTTP deny rule is used to deny internal users to access external websites.

  Answer: B is incorrect. The TCP 172.16.1.0/24 any any 25 SMTP permit rule is used to allow internal mail servers to deliver mails to external mail servers.