Free GIAC GSNA Practice Exam with Questions & Answers | Set: 11

ServerMask is a tool that is used to hide information about IIS Webservers. Since IIS Webservers are vulnerable to various attacks, such as, code red worm, iis unicode exploit, etc., to mitigate such attacks, ServerMask removes all unnecessary HTTP headers & response data, and file extensions like .asp or .aspx, which are clear indicators that a site is running on a Microsoft server. Besides this, ServerMask modifies the ASP session ID cookies values, default messages, pages and scripts of all kinds to misguide an attacker. Answer: A is incorrect. httprint is a fingerprinting tool that is based on Web server characteristics to accurately identify Web servers. It works even when Web server may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. Answer: C is incorrect. Whisker is an HTTP/Web vulnerability scanner that is written in the PERL language. Whisker runs on both the Windows and UNIX environments. It provides functions for testing HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Answer: D is incorrect. WinSSLMiM is an HTTPS Man in the Middle attacking tool. It includes FakeCert, a tool used to make fake certificates. It can be used to exploit the Certificate Chain vulnerability in Internet Explorer. The tool works under Windows 9x/2000.

A hot site is a duplicate of the original site of the organization, with full computer systems as well as near-complete backups of user data. A hot site can be used within an hour for data recovery. The capacity of the hot site may or may not match the capacity of the original site depending on the organization's requirements. This type of backup site is the most expensive to operate. Hot sites are popular with organizations that operate real time processes such as financial institutions, government agencies, and ecommerce providers. the original site. A cold site is the most inexpensive type of backup site for an organization to operate since it does not include backed up copies of data and information from the original location of the organization, nor does it include hardware already set up. A warm site is, quite logically, a compromise between hot and cold in terms of resources and cost.

The TCP 172.16.1.0/24 any any 443 HTTPs permit rule is used to allow internal users to access secure external websites. Answer: A is incorrect. The TCP 172.16.1.0/24 any any 80 HTTP permit rule is used to allow internal users to access external websites (secure & unsecure both). Answer: C is incorrect. The TCP 172.16.1.0/24 any any 80 HTTP deny rule is used to deny internal users to access external websites. Answer: B is incorrect. The TCP 172.16.1.0/24 any any 25 SMTP permit rule is used to allow internal mail servers to deliver mails to external mail servers.

In general, nesting means embedding a construct inside another. Nesting tables is a technique in which one or more tables are embedded within a table. Answer: B, C, D are incorrect. There are no techniques such as stacking tables, horned tables, or CSS tables.

Auditing is the process of monitoring and recording the actions of selected users in a database. Auditing is of the following types: Mandatory auditing Standard auditing Fine-grained auditing By focusing the audits as narrow as possible, you will get audit records for events that are of significance. If it is possible then try doing audit by session, not by access. When auditing a database the SYS.AUD$ table may grow many gigabytes. You may delete or truncate it periodically to control the load of audit data. minimum set of privileges that are just sufficient to accomplish their requisite roles, so that even if the users try, they cannot perform those actions that may critically endanger the safety of data in the event of any malicious attacks. It is important to mention that some damage to data may still be unavoidable. Therefore, after identifying the scope of their role, users are allocated only those minimal privileges just compatible with that role. This helps in minimizing the damage to data due to malicious attacks. Grant of more privileges than necessary may make data critically vulnerable to malicious exploitation. The principle of least privilege is also known as the principle of minimal privilege and is sometimes also referred to as POLA, an abbreviation for the principle of least authority. The principle of least privilege is implemented to enhance fault tolerance, i.e. to protect data from malicious attacks. While applying the principle of least privilege, one should ensure that the parameter 07_DICTIONARY_ACCESSIBILITY in the data dictionary is set to FALSE, and revoke those packages and roles granted to a special pseudo-user known as Public that are not necessary to perform the legitimate actions, after reviewing them. This is very important since every user of the database, without exception, is automatically allocated the Public pseudo-user role. Some of the packages that are granted to the special pseudo-user known as Public are as follows: UTL_TCP UTL_SMTP UTL_HTTP UTL_FILE REMOTE_LOGIN_PASSWORDFILE is an initialization parameter used to mention whether or not Oracle will check for a password file and by which databases a password file can be used. The various properties of this initialization parameter are as follows: Parameter type: String Syntax: REMOTE_LOGIN_PASSWORDFILE = {NONE | SHARED | EXCLUSIVE} Default value: NONE Removing some potentially dangerous privileges is a security option. All of the above discussed options are security steps and are not involved in standard database auditing.

Brutus can be used to perform brute force attacks, dictionary attacks, or hybrid attacks.

Static routing is a data communication concept that describes a way to configure path selection of routers in computer networks. This is achieved by manually adding routes to the routing table. However, when there is a change in the network or a failure occurs between two statically defined nodes, traffic will not be rerouted. Static routing is beneficial in many ways: Precise control over the routes that a packet will take across the network Reduced load on the routers, as no complex routing calculations are required Reduced bandwidth use, as there is no excessive router traffic. Easy to configure in small networks Answer: A is incorrect. This is a property of a dynamic route. A static route cannot choose the best path. It can only choose the paths that are manually entered. When there is a change in the network or a failure occurs between two statically defined nodes, traffic will not be rerouted.

Some of the specific tasks require additional detailed controls to ensure that the workers perform their job correctly. These controls refer to some specific tasks or steps to be performed such as: The way system security parameters are set. How input data is verified before being accepted into an application. How to lock a user account after unsuccessful logon attempts. How the department handles acquisitions, security, delivery, implementation, and support of IS services. Answer: C is incorrect. Input data should be verified before being accepted into an application.

The head -n 5 /etc/passwd command will show the first 5 lines of the file /etc/passwd.

According to the question, Windows Defender should scan the laptop for all the known spyware and other potentially unwanted software, including the latest one. Windows Defender uses definitions to scan the system. Definitions are files that include the information of known spyware and potentially unwanted software. To scan a computer for the latest spyware, Windows Defender requires the latest definition files available on the Internet. For this, you have to configure Windows Defender to check for the latest definitions and download them, if available, before scanning the computer. Furthermore, the question also states that the task must be performed automatically. In order to accomplish the task, you will have to select the Check for updated definitions before scanning check box in the Automatic Scanning section.