GNSA Online Practice Questions and Answers

Correct Answer: D

According to the question, the output displays that the interface is administratively down. Administratively down means that the interface is shut down. In order to up the interface, you will have to open the interface with the no shutdown command.

Answer: A is incorrect. Had there been a physical problem with the interface, the output would not have displayed "administratively down". Instead, the output would be as follows: serial0 is down, line protocol is down Answer: B is incorrect.

You cannot run this command on a router that is powered off.

Answer: C is incorrect. Encapsulation has nothing to do with the output displayed in the question.

Correct Answer: C

In such a scenario, John will use Hunt which is capable of performing both the hacking techniques, sniffing and session hijacking. Answer: D is incorrect. Ethercap is a network sniffer and packet generator. It may be an option, but John wants

to do session hijacking as well. Hence, he will not use Ethercap.

Answer: A is incorrect. IPChains is a firewall.

Answer: B is incorrect. Tripwire is a file and directory integrity checker.

Correct Answer: A

Piggybacking refers to access of a wireless Internet connection by bringing one's own computer within the range of another's wireless connection, and using that service without the subscriber's explicit permission or knowledge. It is a legally and ethically controversial practice, with laws that vary in jurisdictions around the world. While completely outlawed in some jurisdictions, it is permitted in others. The process of sending data along with the acknowledgment is called piggybacking. Answer: C is incorrect. Bluebugging is an attack used only in a Bluetooth network. Bluebugging is a form of bluetooth attack often caused by a lack of awareness. Bluebugging tools allow attacker to "take control" of the victim's phone via the usage of the victim's Bluetooth phone headset. It does this by pretending to be the users bluetooth headset and therefore "tricking" the phone to obey its call commands. Answer: D is incorrect. A worm is a software program that uses computer networks and security holes to replicate itself from one computer to another. It usually performs malicious actions, such as using the resources of computers as well as shutting down computers. Answer: B is incorrect. A Denial-of-Service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network. It is also known as a network saturation attack or bandwidth consumption attack. Attackers perform DoS attacks by sending a large number of protocol packets to the network. The effects of a DoS attack are as follows: Saturates network resources Disrupts connections between two computers, thereby preventing communications between services Disrupts services to a specific computer Causes failure to access a Web site Results in an increase in the amount of spam A Denial-of-Service attack is very common on the Internet because it is much easier to accomplish. Most of the DoS attacks rely on the weaknesses in the TCP/IP protocol.

Correct Answer: AD

According to the question, the network is a routed network where two segments have been divided and each segment has a switch. These switches are connected to a common router. All workstations in a segment are connected to their

respective subnet's switches.

Failure of the switch in Subnet B will make all workstations connected to it offline. Moreover, communication between the two subnets will be affected, as there will be no link to connect to Subnet B.

Correct Answer: C

Enabling the user must change password at next logon option will make the given password a temporary password. Enabling this option forces, a user to change his existing password at next logon.

Answer: B is incorrect. There is no such option in Windows Vista.

Answer: D is incorrect. This option sets the password to never expire.

Answer: A is incorrect. This option sets the existing password as a permanent password for the user. Only administrators can change the password of the user.

Correct Answer: A

The residual risk is the risk or danger of an action or an event, a method or a (technical) process that still conceives these dangers even if all theoretically possible safety measures would be applied. The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). Answer: B is incorrect. In information security, security risks are considered as an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. Answer: C is incorrect. Vulnerability is a weakness or lack of safeguard that can be exploited by a threat, thus causing harm to the information systems or networks. It can exist in hardware, operating systems, firmware, applications, and configuration files. Vulnerability has been variously defined in the current context as follows:

1.A security weakness in a Target of Evaluation due to failures in analysis, design, implementation, or operation and such.

2.Weakness in an information system or components (e.g. system security procedures, hardware design, or internal controls that could be exploited to produce an information-related misfortune.)

3. The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system, network, application, or protocol involved.

Correct Answer: ABD

Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security equivalent to wired networks for wireless networks. WEP encrypts

data on a wireless network by using a fixed secret key. WEP uses the RC4 encryption algorithm. The main drawback of WEP is that its Initialization Vector (IV) field is only 24 bits long. Many automated tools such as AirSnort are available for

discovering WEP keys.

Answer: C is incorrect. WPA stands for Wi-Fi Protected Access. It is a wireless security standard. It provides better security than WEP (Wired Equivalent Protection). Windows Vista supports both WPA-PSK and WPA-EAP.

Each of these is described as follows:

WPA-PSK: PSK stands for Preshared key. This standard is meant for home environment. WPA-PSK requires a user to enter an 8- character to 63-character passphrase into a wireless client. The WPA converts the passphrase into a 256-bit

key.

WPA-EAP: EAP stands for Extensible Authentication Protocol. This standard relies on a back-end server that runs Remote Authentication Dial-In User Service for user authentication. Note: Windows Vista supports a user to use a smart card

to connect to a WPA-EAP protected network.

Correct Answer: A

According to the question, you are required to prevent outside computers from accessing your network. You should therefore configure the switch's port access based on the MAC address, which can be done by configuring port security. Port security is a feature of Cisco Catalyst series switches. Port security is used to block input based on the media access control (MAC) address to an Ethernet, Fast Ethernet, or Gigabit Ethernet port. It denies the port access to a workstation when the MAC address of the station attempting to access the port is different from any of the MAC addresses specified for that port. Internet or other outside networks. Answer: D is incorrect. A port scanner is a software tool that is designed to search network host for open ports. This tool is often used by administrators to check the security of their networks. It is also used by hackers to compromise the network and systems.

Correct Answer: ABD

The basic features of Unix are as follows:

Multi-user: It supports more than one user to access the system simultaneously through a set of terminals attached to a system.

Multi-tasking: A user can execute multiple programs at the same time from a single terminal.

Time sharing: The operating system shares CPU time among tasks.

Portability: It is highly portable across hardware.

Modularity: It allows only needed modules to be loaded into the memory.

File structure: It has an inverted tree like file structure, with files and directories created within the file structure.

Security: All files can be individually protected using read, write, and execute permissions for the user, group, and others.

Network support: It uses the TCP/IP protocol.

Advanced graphics: CAD-CAM applications perform the best in a Unix System with its varied support for graphics card.

Correct Answer: C

Removing the IPP printing capability from a server is a good countermeasure against an IIS buffer overflow attack. A Network Administrator should take the following steps to prevent a Web server from IIS buffer overflow attacks:

Conduct frequent scans for server vulnerabilities.

Install the upgrades of Microsoft service packs.

Implement effective firewalls.

Apply URLScan and IISLockdown utilities.

Remove the IPP printing capability.

Answer: B is incorrect. The following are the DNS zone transfer countermeasures:

Do not allow

DNS zone transfer using the DNS property sheet:

a.

Open DNS.

b.

Right-click a DNS zone and click Properties.

c.

On the Zone Transfer tab, clear the Allow zone transfers check box.

Configure the master DNS server to allow zone transfers only from secondary DNS servers:

a.

Open DNS.

b.

Right-click a DNS zone and click Properties.

c.

On the zone transfer tab, select the Allow zone transfers check box, and then do one of the following:

To allow zone transfers only to the DNS servers listed on the name servers tab, click on the Only to the servers listed on the Name Server tab. To allow zone transfers only to specific DNS servers, click Only to the following servers, and add

the IP address of one or more servers.

Deny all unauthorized inbound connections to TCP port 53.

Implement DNS keys and encrypted DNS payloads.

Answer: D is incorrect. The following are the countermeasures against SNMP enumeration:

1.

Removing the SNMP agent or disabling the SNMP service

2.

Changing the default PUBLIC community name when 'shutting off SNMP' is not an option

3.

Implementing the Group Policy security option called Additional restrictions for anonymous connections

4.

Restricting access to NULL session pipes and NULL session shares

5.

Upgrading SNMP Version 1 with the latest version

6.

Implementing Access control list filtering to allow only access to the read-write community from approved stations or subnets

Answer: A is incorrect. NetBIOS NULL session vulnerabilities are hard to prevent, especially if NetBIOS is needed as part of the infrastructure. One or more of the following steps can be taken to limit NetBIOS NULL session vulnerabilities: 1.Removing the SNMP agent or disabling the SNMP service 2.Changing the default PUBLIC community name when 'shutting off SNMP' is not an option 3.Implementing the Group Policy security option called Additional restrictions for anonymous connections 4.Restricting access to NULL session pipes and NULL session shares 5.UpgradingSNMP Version 1 with the latest version 6.Implementing Access control list filtering to allow only access to the read-write community from approved stations or subnets answer option A is incorrect. NetBIOS NULL session vulnerabilities are hard to prevent, especially if NetBIOS is needed as part of the infrastructure. One or more of the following steps can be taken to limit NetBIOS NULL session vulnerabilities:

1.

Null sessions require access to the TCP 139 or TCP 445 port, which can be disabled by a Network Administrator.

2.

A Network Administrator can also disable SMB services entirely on individual hosts by unbinding WINS Client TCP/IP from the interface.

3.

A Network Administrator can also restrict the anonymous user by editing the registry values: a.Open regedit32, and go to HKLM\SYSTEM\CurrentControlSet\LSA.

b. Choose edit > add value. Value name: RestrictAnonymous Data Type: REG_WORD Value: 2

Correct Answer: D

Auditing is the process of monitoring and recording the actions of selected users in a database. Auditing is of the following types: Mandatory auditing Standard auditing Fine-grained auditing

By focusing the audits as narrow as possible, you will get audit records for events that are of significance. If it is possible then try doing audit by session, not by access. When auditing a database the SYS.AUD$ table may grow many gigabytes. You may delete or truncate it periodically to control the load of audit data. minimum set of privileges that are just sufficient to accomplish their requisite roles, so that even if the users try, they cannot perform those actions that may critically endanger the safety of data in the event of any malicious attacks. It is important to mention that some damage to data may still be unavoidable. Therefore, after identifying the scope of their role, users are allocated only those minimal privileges just compatible with that role. This helps in minimizing the damage to data due to malicious attacks. Grant of more privileges than necessary may make data critically vulnerable to malicious exploitation. The principle of least privilege is also known as the principle of minimal privilege and is sometimes also referred to as POLA, an abbreviation for the principle of least authority. The principle of least privilege is implemented to enhance fault tolerance, i.e. to protect data from malicious attacks. While applying the principle of least privilege, one should ensure that the parameter 07_DICTIONARY_ACCESSIBILITY in the data dictionary is set to FALSE, and revoke those packages and roles granted to a special pseudo-user known as Public that are not necessary to perform the legitimate actions, after reviewing them. This is very important since every user of the database, without exception, is automatically allocated the Public pseudo-user role. Some of the packages that are granted to the special pseudo-user known as Public are as follows: UTL_TCP UTL_SMTP UTL_HTTP UTL_FILE REMOTE_LOGIN_PASSWORDFILE is an initialization parameter used to mention whether or not Oracle will check for a password file and by which databases a password file can be used. The various properties of this initialization parameter are as follows: Parameter type: String Syntax: REMOTE_LOGIN_PASSWORDFILE = {NONE | SHARED | EXCLUSIVE} Default value: NONE Removing some potentially dangerous privileges is a security option. All of the above discussed options are security steps and are not involved in standard database auditing.

Correct Answer: AD

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool. It has the following functions:

It operates under Unix, Linux, MAC OS/X, or Windows (through coLinux) OS.

It integrates the National Vulnerability Database (NVD).

It can be used to perform SQL injection tests.

It can be used to perform exhaustive XSS tests.

It can be adapted to multiple firewalled environments.

It supports remote self scan and API facilities.

It is used for CIS benchmark initiatives.

It also supports plug-in facility for third party apps.

It supports CVE standards.

It works as an enterprise search module.

It works in both standalone or demo mode.

Answer: C is incorrect. SARA can be used to perform SQL injection tests.

Answer: B is incorrect. SARA can be used to perform exhaustive XSS tests.

Correct Answer: D

The nmap utility, also commonly known as port scanner, is used to view the open ports on a Linux computer. It is used by administrators to determine which services are available for external users. This utility helps administrators in deciding

whether to disable the services that are not being used in order to minimize any security risk.

Answer: B is incorrect. NSLOOKUP is a tool for diagnosing and troubleshooting Domain Name System (DNS) problems. It performs its function by sending queries to the DNS server and obtaining detailed responses at the command prompt.

This information can be useful for diagnosing and resolving name resolution issues, verifying whether or not the resource records are added or updated correctly in a zone, and debugging other server-related problems. This tool is installed

along with the TCP/IP protocol through the Control Panel.

Answer C is incorrect. NETSH is a command line tool to configure TCP/IP settings such as the IP address, Subnet Mask, Default Gateway, DNS, WINS addresses, etc. Answer: A is incorrect. L0phtcrack is a tool which identifies and

remediate security vulnerabilities that result from the use of weak or easily guessed passwords. It recovers Windows and Unix account passwords to access user and administrator accounts.

Correct Answer: D

Cascading style sheets (CSS) are used so that the Web site authors can exercise greater control on the appearance and presentation of their Web pages. And also because they increase the ability to precisely point to the location and look of

elements on a Web page and help in creating special effects. Cascading Style Sheets have codes, which are interpreted and applied by the browser on to the Web pages and their elements. There are three types of cascading style sheets.

External Style Sheets

Embedded Style Sheets

Inline Style Sheets

External Style Sheets are used whenever consistency in style is required throughout a Web site. A typical external style sheet uses a .css file extension, which can be edited using a text editor such as a Notepad.

Embedded Style Sheets are used for defining styles for an active page.

Inline Style Sheets are used for defining individual elements of a page.

Reference: TechNet, Contents: Microsoft Knowledgebase, February 2000 issue PSS ID Number: Q179628

Correct Answer: D

A SQL statement or a PL/SQL block can be executed by entering a semicolon (;) or a slash (/), or by using the RUN command at SQL prompt. When a semicolon (;) is entered at the end of a command, the command is completed and executed. When a slash (/) is entered, the command in the buffer is executed. It can also be used to execute a PL/SQL block. The RUN command is used to execute a command in the buffer. Note: The SQL buffer stores the most recently used SQL commands and PL/SQL blocks. It does not store SQL* Plus commands. It can be edited or saved to a file. Note: A SQL command can be saved in the buffer by entering a blank line. Reference: Oracle8i Online Documentation, Contents: "SQL*PLUS Users Guide and Reference", "Learning SQL*PLUS Basics,3 of 4", "Understanding SQL COMMAND Syntax"