Free Practice Questions for GIAC GSNA Exam

Firewall logs will show all incoming and outgoing traffic. By examining those logs, you can do port scans and use other penetration testing tools that have been used on your firewall.

HTTP-EQUIV is an attribute of the META tag. It sets or retrieves information used to bind the META tag's content to an HTTP response header. The pragma value of HTTP-EQUIV controls the page cache.

FAT16 file system was developed for disks larger than 16MB. It uses 16-bit allocation table entries. FAT16 file system supports all Microsoft operating systems. It also supports OS/2 and Linux. Answer: C, D are incorrect. All these statements are true about FAT16 file system.

AiroPeek is a Windows-based commercial wireless LAN analyzer for IEEE 802.11b. It supports all high level protocols such as TCP/IP, NetBEUI, IPX, etc. It can be used to perform the following tasks: Site surveys Security assessments Channel scanning Real time and past capture WEP decryption Client troubleshooting WLAN monitoring Remote WLAN analysis Application layer protocol analysis ting tool that Answer: A is incorrect. Sam Spade is a penetration-testing tool that is used in the discovery phase. It provides GUI graphics and a lot of functionalities. It can perform mainly whois queries, ping requests, DNS requests, tracerouting, OS finger-printing, zone transferring, SMTP mail relay checking, and Web site crawling and mirroring. Sam Spade runs on Windows operating systems. Answer: B is incorrect. John the Ripper is a fast password cracking tool that is available for most versions of UNIX, Windows, DOS, BeOS, and Open VMS. It also supports Kerberos, AFS, and Windows NT/2000/XP/2003 LM hashes. John the Ripper requires a user to have a copy of the password file. Answer: C is incorrect. Cheops-ng is a network management tool that is used for mapping and monitoring networks. It can detect a network of a host and provides OS detection for hosts. On some services, Cheops-ng is able to see what program is running for a service and what is the version number of that program. The main difference between Cheops and Cheops-ng is that Cheops-ng does not have monitoring capabilities.

The Nimda and I LOVE YOU viruses work as mass-emailing worms.

Data integrity ensures that information has not been modified, altered, or destroyed by a third party while it is in transit. Data integrity ensures that the data received is same as the data that was sent. Moreover, no one can tamper with the data during transmission from source to destination.

It also ensures that a hacker cannot alter the contents of an HTTP message while it is in transit from the container to the client. This will be accomplished through the use of HTTPS. The HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer. The HTTPS encrypts and decrypts the page requests and page information between the client browser and the Web server using a Secure Socket Layer. Answer: D is incorrect. This answer option describes confidentiality. Answer: B is incorrect. This answer option also describes confidentiality.

There are many purposes of conducting risk analysis, which are as follows: To try to quantify the possible impact or loss of a threat To analyze exposure to risk in order to support better decision-making and proper management of those risks To support risk-based audit decisions To assist the auditor in determining the audit objectives To assist the auditor in identifying the risks and threats Answer: A is incorrect. The analysis of risk does not ensure absolute safety. The main purpose of using a risk-based audit strategy is to ensure that the audit adds value with meaningful information.

A Web-based application uses Data Source Name (DSN) to connect to a database. DSN is a logical name used by Open Database Connectivity (ODBC) to refer to connection information required to access data. Answer: C is incorrect. The Common Gateway Interface (CGI) specification is used for creating executable programs that run on a Web server. CGI defines the communication link between a Web server and Web applications. It gives a network or Internet resource access to specific programs. For example, when users submit an HTML form on a Web site, CGI is used to pass this information to a remote application for processing, and retrieve the results from the application. It then returns these results to the user by means of an HTML page. Answer: D is incorrect. Fully Qualified Domain Name (FQDN) is a unique name of a host or computer, which represents its position in the hierarchy. An FQDN begins with a host name and ends with the top-level domain name. FQDN includes the second-level domain and other lower level domains. For example, the FQDN of the address HTTP://WWW.UNI.ORG will be WWW.UNI.ORG where WWW is the host name, UNI is the second-level domain, and ORG is the top-level domain name. Answer: B is incorrect. Domain Name System (DNS) is a hierarchical naming system used for locating domain names on private TCP/IP networks and the Internet. It provides a service for mapping DNS domain names to IP addresses and vice versa. DNS enables users to use friendly names to locate computers and other resources on an IP network. TCP/IP uses IP addresses to locate and connect to hosts, but for users, it is easier to use names instead of IP address to locate or connect to a site. For example, users will be more comfortable in using the host name www.uCertify.com rather than using its IP address 66.111.64.227.

Ekahau is an easy-to-use powerful and comprehensive tool for network site surveys and optimization. It is an auditing tool that can be used to pinpoint the actual physical location of wireless devices in the network. This tool can be used to make a map of the office and then perform the survey of the office. In the process, if one finds an unknown node, ekahau can be used to locate that node. Answer: D is incorrect. AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys.

Answer: A is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks: To identify networks by passively collecting packets To detect standard named networks To detect masked networks To collect the presence of non-beaconing networks via data traffic Answer: C is incorrect. WEPcrack is a wireless network cracking tool that exploits the vulnerabilities in the RC4 Algorithm, which comprises the WEP security parameters. It mainly consists of three tools, which are as follows: WeakIVGen: It allows a user to emulate the encryption output of 802.11 networks to weaken the secret key used to encrypt the network traffic. Prism-getIV: It analyzes packets of information until ultimately matching patterns to the one known to decrypt the secret key. WEPcrack: It pulls the all beneficial data of WeakIVGen and Prism-getIV to decipher the network encryption.

The application level firewall inspects the contents of packets, rather than the source/destination or connection between the two. An Application level firewall operates at the application layer of the OSI model. Answer: A is incorrect. The circuit-level firewall regulates traffic based on whether or not a trusted connection has been established. It operates at the session layer of the OSI model. Answer: C is incorrect. The packet filtering firewall filters traffic based on the headers. It operates at the network layer of the OSI model. Answer: B is incorrect. The stateful inspection firewall assures the connection between the two parties is valid and inspects packets from this connection to assure the packets are not malicious.