The Up To The Immediate Present Guide To GSNA Testing Engine

NEW QUESTION 1

You work as the Network Administrator for a company. You configure a Windows 2000- based computer as the Routing and Remote Access server, so that users can access the company's network, remotely. You want to log a record of all the users who access the network by using Routing and Remote Access. What will you do to log all the logon activities?

• A. On the Routing and Remote Access server, enable log authentication requests in auditing, and define the path for the log file in Remote Access Logging.
• B. On the Routing and Remote Access server, enable log authentication requests in Remote Access Logging.
• C. On the Routing and Remote Access server, enable log authentication requests in auditing.
• D. Do nothing as the Windows 2000-based Routing and Remote Access server automatically creates a log record for each connection attempt.

Answer: B

Explanation:

The Routing and Remote Access service can log all the records of authentication and accounting information for connection attempts when Windows authentication or accounting is enabled. This can be done by enabling the log authentication requests in the properties of the Remote Access Logging folder, in the Routing and Remote Access snap-in , where you can configure the type of activity to log, i.e., accounting or authentication activity and log file settings. This information is stored in the form of a log file in '%SystemRoot%System32LogFiles' folder. For each authentication attempt, the name of the remote access policy , that either accepted or rejected the connection attempt, is recorded. The logged information is useful to track remote access usage, and authentication attempts.

NEW QUESTION 2

In which of the following attack techniques does an attacker try to intercept the successful handshake and then use a dictionary attack to retrieve the shared key?

• A. Shared key guessing
• B. Brute force attack
• C. Dictionary attack
• D. PSK cracking

Answer: D

Explanation:

PSK cracking is an attack technique in which an attacker tries to intercept the successful handshake and then uses a dictionary attack to retrieve the shared key. Answer A is incorrect. Shared key guessing is an attack technique in which an intruder by use of various cracking tools tries to guess the shared key of a wireless network and gain access to it. Answer C is incorrect. A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities. A dictionary attack uses a brute-force technique of successively trying all the words in an exhaustive list (from a pre-arranged list of values). In contrast with a normal brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words in a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries, or simple, easily-predicted variations on words, such as appending a digit. Answer B is incorrect. In a brute force attack, an attacker uses software that tries a large number of the keys combinations in order to get a password. To prevent such attacks, users should create passwords more difficult to guess, e.g., using a minimum of six characters, alphanumeric combinations, and lower-upper case combinations, etc.

NEW QUESTION 3

One of the sales people in your company complains that sometimes he gets a lot of unsolicited messages on his PD A. After asking a few questions, you determine that the issue only occurs in crowded areas like airports. What is the most likely problem?

• A. Spam
• B. Blue snarfing
• C. A virus
• D. Blue jacking

Answer: D

Explanation:

Blue jacking is the process of using another bluetooth device that is within range (about 30' or less) and sending unsolicited messages to the target. Answer B is incorrect. Blue snarfing is a process whereby the attacker actually takes control of the phone. Perhaps copying data or even making calls. Answer C is incorrect. A virus would not cause unsolicited messages. Adware might, but not a virus. Answer A is incorrect. Spam would not be limited to when the person was in a crowded area.

NEW QUESTION 4

Which of the following statements are true about security risks? (Choose three)

• A. They can be removed completely by taking proper actions.
• B. They are considered an indicator of threats coupled with vulnerability.
• C. They can be mitigated by reviewing and taking responsible actions based on possible risks.
• D. They can be analyzed and measured by the risk analysis process.

Answer: BCD

Explanation:

In information security, security risks are considered an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. These risks can be analyzed and measured by the risk analysis process. Answer A is incorrect. Security risks can never be removed completely but can be mitigated by taking proper actions.

NEW QUESTION 5

You are tasked with configuring your routers with a minimum security standard that includes the following: A local Username and Password configured on the router A strong privilege mode password Encryption of user passwords Configuring telnet and ssh to authenticate against the router user database Choose the configuration that best meets these requirements.

• A. RouterA(config)#service password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable secret n56e&$te RouterA(config)#line vty 0 4 RouterA(config-line)#login
• B. RouterA(config)#service password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable password n56e&$te RouterA(config)#line vty 0 4RouterA(config-line)#login local
• C. RouterA(config)#service password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable secret n56e&$te RouterA(config)#line vty 0 4RouterA(config-line)#login local
• D. RouterA(config)#service enable-password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable secret n56e&$te RouterA(config)#line vty 0 4RouterA(config-line)#login user

Answer: C

Explanation:

In order to fulfill the requirements, you should use the following set of commands: RouterA(config)#service password-encryption RouterA(config)#username cisco password PaS$w0Rd RouterA(config)#enable secret n56e&$te RouterA(config)#line vty 0 4 RouterA(config-line)#login local Answer D is incorrect. This configuration does not apply password encryption correctly. The command service enable-password- encryption is incorrect. The correct command is service password-encryption. Answer A is incorrect. This configuration applies the login command to the VTY lines. This would require the password to be set at the VTY Line 0 4 level. This effectively will not configure user-level access for the VTY lines. Answer B is incorrect. The enable password command is obsolete and considered insecure. The proper command is enable secret followed by the password value.

NEW QUESTION 6

Which of the following internal control components provides the foundation for the other components and encompasses such factors as management's philosophy and operating style?

• A. Information and communication
• B. Risk assessment
• C. Control activities
• D. Control environment

Answer: D

Explanation:
COSO defines internal control as, "a process, influenced by an entity's board of directors, management, and other personnel, that is designed to provide reasonable assurance in the effectiveness and efficiency of operations, reliability of financial reporting, and the compliance of applicable laws and regulations". The auditor evaluates the organization's control structure by understanding the organization's five interrelated control components, which are as follows:
* 1. Control Environment: It provides the foundation for the other components and encompasses such factors as management's philosophy and operating style.
* 2. Risk Assessment: It consists of risk identification and analysis.
* 3. Control Activities: It consists of the policies and procedures that ensure employees carry out management's directions. The types of control activities an organization must implement are preventative controls (controls intended to stop an error from occurring), detective controls (controls intended to detect if an error has occurred), and mitigating controls (control activities that can mitigate the risks associated with a key control not operating effectively).
* 4. Information and Communication: It ensures the organization obtains pertinent information, and then communicates it throughout the organization.
* 5. Monitoring: It involves reviewing the output generated by control activities and conducting special evaluations. In addition to understanding the organization's control components, the auditor must also evaluate the organization's General and Application controls. There are three audit risk components: control risk, detection risk, and inherent risk.

NEW QUESTION 7

John works as a contract Ethical Hacker. He has recently got a project to do security checking for www.we-are-secure.com. He wants to find out the operating system of the we- are-secure server in the information gathering step. Which of the following commands will he use to accomplish the task? (Choose two)

• A. nc 208.100.2.25 23
• B. nmap -v -O www.we-are-secure.com
• C. nc -v -n 208.100.2.25 80
• D. nmap -v -O 208.100.2.25

Answer: BD

Explanation:

According to the scenario, John will use "nmap -v -O 208.100.2.25" to detect the operating system of the we-are-secure server. Here, -v is used for verbose and -O is used for TCP/IP fingerprinting to guess the remote operating system. John may also use the DNS name of we-are-secure instead of using the IP address of the we-are-secure server. So, he can also use the nmap command "nmap -v -O www.we-are-secure.com ". Answer C is incorrect. "nc -v -n 208.100.2.25 80" is a Netcat command, which is used to banner grab for getting information about the

NEW QUESTION 8

What does a firewall check to prevent certain ports and applications from getting the packets into an Enterprise?

• A. The network layer headers and the session layer port numbers
• B. The transport layer port numbers and the application layer headers
• C. The application layer port numbers and the transport layer headers
• D. The presentation layer headers and the session layer port numbers

Answer: B

Explanation:

A firewall stops delivery of packets that are not marked safe by the Network Administrator. It checks the transport layer port numbers and the application layer headers to prevent certain ports and applications from getting the packets into an Enterprise. Answer A, C, D are incorrect. These information are not checked by a firewall.

NEW QUESTION 9

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to query an image root device and RAM disk size. Which of the following Unix commands can you use to accomplish the task?

• A. rdev
• B. rdump
• C. setfdprm
• D. mount

Answer: A

Explanation:

The rdev commad is used to query/set an image root device, RAM disk size, or video mode. If a user executes the rdev commands with no arguments, it outputs a /etc/mtab line for the current root file system. The command syntax of the rdev command is as follows: rdev [ -Rrvh ] [ -o offset ] [ image [ value [ offset ] ] ] Answer B is incorrect. In Unix, the rdump command is used to back up an ext2 filesystem. Answer D is incorrect. In Unix, the mount command is used to mount a filesystem. Answer C is incorrect. In Unix, the setfdprm command sets floppy drive parameters.

NEW QUESTION 10

You are the Security Administrator for an Internet Service Provider. From time to time your company gets subpoenas from attorneys and law enforcement for records of customers' access to the internet. What policies must you have in place to be prepared for such requests?

• A. Group access policies
• B. Backup policies
• C. User access policies
• D. Storage and retention policies

Answer: D

Explanation:

Storage and retention policies will determine how long you keep records (such as records of customers Web activity), how you will store them, and how you will dispose of them. This will allow you to know what records you should still have on hand should a legal request for such records come in. Answer C is incorrect. User policies might determine what a customer has access to, but won't help you identify what they actually did access. Answer A is incorrect. Group policies are usually pertinent to network administration, not the open and uncontrolled environment of an ISP. Answer B is incorrect. Backup policies dictate how data is backed up and stored.

NEW QUESTION 11

Which of the following statements is NOT true about FAT16 file system?

• A. FAT16 file system works well with large disks because the cluster size increases as thedisk partition size increases.
• B. FAT16 file system supports file-level compression.
• C. FAT16 does not support file-level security.
• D. FAT16 file system supports Linux operating system.

Answer: AB

Explanation:

FAT16 file system was developed for disks larger than 16MB. It uses 16-bit allocation table entries. FAT16 file system supports all Microsoft operating systems. It also supports OS/2 and Linux. Answer C, D are incorrect. All these statements are true about FAT16 file system.

NEW QUESTION 12

Which of the following tools can be used to perform ICMP tunneling? (Choose two)

• A. Itunnel
• B. Ptunnel
• C. WinTunnel
• D. Ethereal

Answer: AB

Explanation:

Ptunnel and Itunnel are the tools that are used to perform ICMP tunneling. In ICMP tunneling, an attacker establishes a covert connection between two remote computers (a client and proxy), using ICMP echo requests and reply packets. ICMP tunneling works by injecting arbitrary data into an echo packet sent to a remote computer. The remote computer replies in the same manner, injecting an answer into another ICMP packet and sending it back. The client performs all communication using ICMP echo request packets, while the proxy uses echo reply packets. Normally, ICMP tunneling involves sending what appear to be ICMP commands but really they are the Trojan communications. Answer C is incorrect. WinTunnel is used to perform TCP tunneling. Answer D is incorrect. Ethereal is a network sniffer.

NEW QUESTION 13

Which of the following is a type of web site monitoring that is done using web browser emulation or scripted real web browsers?

• A. Route analytics
• B. Passive monitoring
• C. Network tomography
• D. Synthetic monitoring

Answer: D

Explanation:

Synthetic monitoring is an active Web site monitoring that is done using Web browser emulation or scripted real Web browsers. Behavioral scripts (or paths) are created to simulate an action or path that a customer or end-user would take on a site. Those paths are then continuously monitored at specified intervals for availability and response time measures. Synthetic monitoring is valuable because it enables a Webmaster to identify problems and determine if his Web site or Web application is slow or experiencing downtime before that problem affects actual end-users or customers. Answer B is incorrect. Passive monitoring is a technique used to analyze network traffic by capturing traffic from a network by generating a copy of that traffic. It is done with the help of a span port, mirror port, or network tap. Once the data (a stream of frames or packets) has been extracted, it can be used in many ways. Passive monitoring can be very helpful in troubleshooting performance problems once they have occurred. Passive monitoring relies on actual inbound Web traffic to take measurements, so problems can only be discovered after they have occurred. Answer A is incorrect. Route analytics is an emerging network monitoring technology specifically developed to analyze the routing protocols and structures in meshed IP networks. Their main mode of operation is to passively listen to the Layer 3 routing protocol exchanges between routers for the purposes of network discovery, mapping, real-time monitoring, and routing diagnostics. Answer C is incorrect. Network tomography is an important area of network measurement that deals with monitoring the health of various links in a network using end-to-end probes sent by agents located at vantage points in the network/Internet.

NEW QUESTION 14

You want to repeat the last command you entered in the bash shell. Which of the following commands will you use?

• A. history ##
• B. history !#
• C. history !!
• D. history !1

Answer: C

Explanation:
The history !! command shows the previously entered command in the bash shell. In the bash shell, the history command is used to view the recently executed commands. History is on by default. A user can turn off history using the command set +o history and turn it on using set -o history. An environment variable HISTSIZE is used to inform bash about how many history lines should be kept. The following commands are frequently used to view
and manipulate history:

Answer B is incorrect. The history !# command shows the entire command line typed. Answer D is incorrect. The history !n command shows the nth command typed. Since n is equal to 1 in this command, the first command will be shown. Answer A is incorrect. It is not a valid command.

NEW QUESTION 15

Which of the following protocols is the mandatory part of the WPA2 standard in the wireless networking?

• A. CCMP
• B. ARP
• C. WEP
• D. TKIP

Answer: A

Explanation:

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is an IEEE 802.11i encryption protocol created to replace both TKIP, the mandatory protocol in WPA, and WEP, the earlier, insecure protocol. CCMP is a mandatory part of the WPA2 standard, an optional part of the WPA standard, and a required option for Robust Security Network (RSN) Compliant networks. CCMP is also used in the ITU-T home and business networking standard. CCMP, part of the 802.11i standard, uses the Advanced Encryption Standard (AES) algorithm. Unlike in TKIP, key management and message integrity is handled by a single component built around AES using a 128-bit key, a 128-bit block, and 10 rounds of encoding per the FIPS 197 standard. Answer C is incorrect. Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security, which is equivalent to wired networks, for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. WEP incorporates a checksum in each frame to provide protection against the attacks that attempt to reveal the key stream. Answer D is incorrect. TKIP (Temporal Key Integrity Protocol) is an encryption protocol defined in the IEEE 802.11i standard for wireless LANs (WLANs). It is designed to provide more secure encryption than the disreputably weak Wired Equivalent Privacy (WEP). TKIP is the encryption method used in Wi-Fi Protected Access (WPA), which replaced WEP in WLAN products. TKIP is a suite of algorithms to replace WEP without requiring the replacement of legacy WLAN equipment. TKIP uses the original WEP programming but wraps additional code at the beginning and end to encapsulate and modify it. Like WEP, TKIP uses the RC4 stream encryption algorithm as its basis. Answer B is incorrect. Address Resolution Protocol (ARP) is a network maintenance protocol of the TCP/IP protocol suite. It is responsible for the resolution of IP addresses to media access
control (MAC) addresses of a network interface card (NIC). The ARP cache is used to maintain a correlation between a MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions. ARP is limited to physical network systems that support broadcast packets.

NEW QUESTION 16

You are concerned about rogue wireless access points being connected to your network. What is the best way to detect and prevent these?

• A. Network anti-spyware software
• B. Network anti-virus software
• C. Protocol analyzers
• D. Site surveys

Answer: D

Explanation:

Routinely doing site surveys (or better still, having them automatically conducted frequently) is the only way to know what is connected to your network. And it will reveal any rogue access points. Answer B is incorrect. While anti virus software is always a good idea, it will do nothing to prevent rogue access points. Answer A is incorrect. While anti-spyware software is always a good idea, it will do nothing to prevent rogue access points. Answer C is incorrect. A protocol analyzer will help you analyze the specific traffic on a given node, but won't be much help in directly detecting rogue access points.

NEW QUESTION 17

You work as a Network Architect for Tech Perfect Inc. The company has a TCP/IP based Enterprise network. The company uses Cisco IOS technologies in the Enterprise network. You have enabled system message logging (syslog) service on all the routers that are currently working in the network. The syslog service provides all the reports, and important error and notification messages. You want to store all the reports and messages. Choose the locations where you can store all of these.

• A. Auxiliary
• B. Buffer
• C. Syslog server
• D. tty lines
• E. Console

Answer: BCDE

Explanation:

According to the scenario, you have enabled system message logging (syslog) service on all the routers that are currently working in the network. If you want to store all the repots, important error and notification messages sent by the routers, you can store all of these in the buffer, console, syslog server, and tty lines. You can use buffer, if you want to store syslog messages for later analysis of the network. Buffer is the memory of the router. The syslog messages that you have stored in the buffer are later available for the network analysis until the router is rebooted. You can use console port of the routers to send syslog messages to the attached terminal. You can also use vty and tty lines to send syslog messages to the remote terminal. However, the messages send through the console, vty, and tty lines are not later available for network analysis. You can use syslog server to store all the reports, and important error and notification messages. It is the best option to store all these because it is easy to configure a syslog server and you can store a large volume of logs. Note: If you have configured to run an SNMP agent, the routers send all the reports, and important error and messages in the form of SNMP traps to an SNMP server. Using this you can store the reports and messages for a long period of time. Answer A is incorrect. You cannot store syslog messages in the auxiliary line.

NEW QUESTION 18
......