GIAC GIAC Information Security GSNA Questions & Answers

• Question 41:

  John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He successfully performs a brute force attack on the We-are-secure server. Now, he suggests some countermeasures to avoid such brute force attacks on the We-are-secure server.

  Which of the following are countermeasures against a brute force attack?

  A. The site should use CAPTCHA after a specific number of failed login attempts.

  B. The site should increase the encryption key length of the password.

  C. The site should restrict the number of login attempts to only three times.

  D. The site should force its users to change their passwords from time to time.

  Correct Answer: AC

  Using CAPTCHA or restricting the number of login attempts are good countermeasures against a brute force attack.

• Question 42:

  Which of the following types of firewall ensures that the packets are part of the established session?

  A. Stateful inspection firewall

  B. Switch-level firewall

  C. Circuit-level firewall

  D. Application-level firewall

  Correct Answer: A

  The stateful inspection firewall combines the circuit level and the application level firewall techniques. It assures the session or connection between the two parties is valid. It also inspects packets from the session to assure that the packets

  are part of the established session and not malicious. Answer: C is incorrect. The circuit-level firewall regulates traffic based on whether or not a trusted connection has been established.

  Answer: D is incorrect. The application level firewall inspects the contents of packets, rather than the source/destination or connection between the two devices.

  Answer: B is incorrect. There is no firewall type such as switch-level firewall.

• Question 43:

  One of the sales people in your company complains that sometimes he gets a lot of unsolicited messages on his PD A. After asking a few questions, you determine that the issue only occurs in crowded areas like airports. What is the most likely problem?

  A. Spam

  B. Blue snarfing

  C. A virus

  D. Blue jacking

  Correct Answer: D

  Blue jacking is the process of using another bluetooth device that is within range (about 30' or less) and sending unsolicited messages to the target.

  Answer: B is incorrect. Blue snarfing is a process whereby the attacker actually takes control of the phone.

  Perhaps copying data or even making calls.

  Answer: C is incorrect. A virus would not cause unsolicited messages. Adware might, but not a virus. Answer: A is incorrect. Spam would not be limited to when the person was in a crowded area.

• Question 44:

  Which of the following is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines?

  A. Warkitting

  B. War driving

  C. Wardialing

  D. Demon dialing

  Correct Answer: C

  War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers - hackers that specialize in computer security - for password guessing. Answer: A is incorrect. Warkitting is a combination of wardriving and rootkitting. In a warkitting attack, a hacker replaces the firmware of an attacked router. This allows them to control all trafficfor the victim, and could even permit them to disable SSL by replacing HTML content as it is being downloaded. Warkitting was identified by Tsow, Jakobsson, Yang, and Wetzel in 2006. Their discovery indicated that 10% of the wireless routers were susceptible to WAPjacking (malicious configuring of the firmware settings, but making no modification on the firmware itself) and 4.4% of wireless routers were vulnerable to WAPkitting (subverting the router firmware). Their analysis showed that the volume of credential theft possible through Warkitting exceeded the estimates of credential theft due to phishing. Answer: D is incorrect. In the computer hacking scene of the 1980s, demon dialing was a technique by which a computer is used to repeatedly dial a number (usually to a crowded modem pool) in an attempt to gain access immediately after another user had hung up. The expansion of accessible Internet service provider connectivity since that time more or less rendered the practice obsolete. The term "demon dialing" derives from the Demon Dialer product from Zoom Telephonics, Inc., a telephone device produced in the 1980s which repeatedly dialed busy telephone numbers under control of an extension phone. Answer: B is incorrect. War driving, also called access pointmapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, one needs a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources.

• Question 45:

  Pervasive IS controls can be used across all the internal departments and external contractors to define the direction and behavior required for the technology to function properly.

  When these controls are implemented properly, which of the following areas show the reliability improvement? (Choose three)

  A. Hardware development

  B. Software development

  C. Security administration

  D. Disaster recovery

  Correct Answer: BCD

  Pervasive IS controls can be used across all the internal departments and external contractors. If the Pervasive IS controls are implemented properly, it improves the reliability of the following:

  1.

  Software development

  2.

  System implementation

  3.

  Overall service delivery

  4.

  Security administration

  5.

  Disaster recovery

  6.

  Business continuity planning

  Answer: A is incorrect. Pervasive IS controls do not have any relation with the reliability of the hardware development.

• Question 46:

  Which of the following are the limitations for the cross site request forgery (CSRF) attack?

  A. The attacker must determine the right values for all the form inputs.

  B. The attacker must target a site that doesn't check the referrer header.

  C. The target site should have limited lifetime authentication cookies.

  D. The target site should authenticate in GET and POST parameters, not only cookies.

  Correct Answer: AB

  Following are the limitations of cross site request forgeries to be successful:

  1.

  The attacker must target either a site that doesn't check the Referer header (which is common) or a victim with a browser or plugin bug that allows Referer spoofing (which is rare).

  2.

  The attacker must find a form submission at the target site that does something useful to the attacker (e.g., transfers money, or changes the victim's e-mail address or password).

  3.

  The attacker must determine the right values for all the form inputs: if any of them are required to be secret authentication values or IDs that the attacker can't guess, the attack will fail.

  4.

  The attacker must lure the victim to a Web page with malicious code while the victim is logged in to the target site. Since, the attacker can't see what the target Web site sends back to the victim in response to the forged requests, unless he exploits a cross- site scripting or other bug at the target Web site.

  Similarly, the attacker can only "click" any links or submit any forms that come up after the initial forged request, if the subsequent links or forms are similarly predictable. (Multiple "clicks" can be simulated by including multiple images on a

  page, or by using JavaScript to introduce a delay between clicks). from cross site request forgeries (CSRF) by applying the following countermeasures available:

  Requiring authentication in GET and POST parameters, not only cookies.

  Checking the HTTP Referer header.

  Ensuring there's no crossdomain.xml file granting unintended access to Flash movies.

  Limiting the lifetime of authentication cookies.

  Requiring a secret, user-specific token in all form submissions prevents CSRF; the attacker's site can't put the right token in its submissions.

  Individual Web users can do relatively little to prevent cross-site request forgery. Logging out of sites and avoiding their "remember me" features can mitigate CSRF risk; not displaying external images or not clicking links in "spam" or

  unreliable e-mails may also help.

• Question 47:

  You configure a wireless router at your home. To secure your home Wireless LAN (WLAN), you implement WEP. Now you want to connect your client computer to the WLAN.

  Which of the following is the required information that you will need to configure the client computer? (Choose two)

  A. SSID of the WLAN

  B. WEP key

  C. IP address of the router

  D. MAC address of the router

  Correct Answer: AB

  In order to connect a client computer to a secured Wireless LAN (WLAN), you are required to provide the following information: SSID of the WLAN WEP key rticlesItemsReportsHelp

• Question 48:

  Which of the following statements about the /etc/profile file are true?

  A. It allows a system administrator to create a default home directory for all new users on a computer.

  B. A user can change the settings of the /etc/profile file, but he cannot delete the file. It can only be deleted by the root user.

  C. It can change the default umask value.

  D. It is used to configure and control system-wide default variables.

  Correct Answer: CD

  The /etc/profile file is used to configure and control system-wide default variables. It performs many operations, some of which are as follows:

  Exporting variables Setting the umask value

  Sending mail messages to indicate that new mail has arrived Exporting variables Setting the umask value

  Sending mail messages to indicate that new mail has arrived Only the root user can configure and change the /etc/profile file for all users on the system.

  Answer: A is incorrect. The /etc/skel file allows a system administrator to create a default home directory for all new users on a computer or network and thus to make certain that all users begin with the same settings. When a new account is

  created with a home directory, the entire contents of /etc/skel are copied into the new home directory location. The home directory and its entire contents are then set to the new account's UID and GID, making the new user owner of the initial

  files. The system administrator can create files in /etc/skel that will provide a nice default environment for users. For example, he might create a /etc/ skel/.profile that sets the PATH environment variable for new users. Answer: B is incorrect.

  Only the root user can change the settings of the /etc/profile file.

• Question 49:

  Which of the following are attributes of the

  tag? (Choose three)

  A. BORDER

  B. ALIGN

  C. TD

  D. WIDTH

  Correct Answer: ABD

  The WIDTH attribute of the

  tag is used to set the width of a table. Width can be specified in pixels and percentage. For example, if a table of the same width as that of the parent object has to be created, the WIDTH attribute must be

  set to 100%. The ALIGN attribute aligns the table within the text flow. By default alignment is set to left. The BORDER attribute of the

  tag is used to set the width of the table border.

  Answer C is incorrect.

  is not an attribute of the tag. It is a tag used to specify cells in a table. Question 50: You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to make changes on a per-directory basis. Which of the following Unix configuration files can you use to accomplish the task? A. $HOME/.profile B. $HOME/Xrootenv.0 C. $HOME/.htaccess D. /var/log/btmp Correct Answer: C In Unix, the $HOME/.htaccess file provides a way to make configuration changes on a per directory basis. Answer: A is incorrect. In Unix, the $HOME/.profile file contains the user's environment stuff and startup programs. Answer: B is incorrect. In Unix, the $HOME/Xrootenv.0 file contains networking and environment info. Answer: D is incorrect. In Unix, the /var/log/btmp file is used to store information about failed logins. 1 2 ... 4 5 6 7 ... 41 42 Related Exams: GNSA GIAC Systems and Network Auditor GSSP-NET-CSHARP GIAC Secure Software Programmer - C#.NET GSSP-NET GIAC GIAC Secure Software Programmer - C#.NET GSSP-JAVA GIAC Secure Software Programmer – Java GSNA GIAC Systems and Network Auditor GSLC GIAC Security Leadership Certification (GSLC) GSEC GIAC Security Essentials Certification GREM GIAC Reverse Engineering Malware GPEN GIAC Certified Penetration Tester GISP GIAC Information Security Professional Tips on How to Prepare for the Exams Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GIAC exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your GSNA exam preparations and GIAC certification application, do not hesitate to visit our Vcedump.com to find your solutions here.