GIAC Systems and Network Auditor Exam Practice Test

Answer : D

In Unix, the /etc/securetty file is used to identify the secure terminals from where the root can be allowed to log in.

Answer B is incorrect. In Unix, the /etc/ioports file shows which I/O ports are in use at the moment.

Answer A is incorrect. In Unix, the /etc/services file is the configuration file that lists the network services that the system supports.

Answer C is incorrect. In Unix, the /proc/interrupts file is the configuration file that shows the interrupts in use and how many of each

there has been.

Answer : D

The routing table displays various RIP and Connected routes. There is no routing entry for 10.10.100.0/24, but there is a default route in the

routing table using 172.18.1.1 as the next hop router. Given that 10.10.100.0/24 does not have a direct entry in the routing table, RouterA

will forward traffic to the default route next hop address of 172.18.1.1.

Answer A is incorrect. The address does not appear in the routing table as a next hop router, in addition to being an actual subnet

number for 192.168.10.0/24.

Answer C is incorrect. 172.18.50.1 is the next hop for reaching 192.168.11.0.

Answer B is incorrect. 172.18.60.1 is the next hop for reaching 192.168.12.0.

Answer : A, D

The following two code are used to retrieve Attribute1:

1.Object obj=session1.getAttribute('Attribute1'); The getAttribute() method is used to retrieve the bound object with the specified

name in this session, or null if no object is bound under the name.

2.Object obj=binding1.getSession().getAttribute('Attribute1'); The getSession() gets the current valid session associated with this

request.

Answer E and C are incorrect. These code are invalid because the getAttribute() method returns an object instead of a long object or

a String object.

Answer B is incorrect. The HttpSessionBindingEvent object cannot use the getAttribute() method.

Answer : D

Wireless intrusion prevention system (WIPS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use

of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator

whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices.

Rogue devices can spoof MAC address of an authorized network device as their own. WIPS uses fingerprinting approach to weed out devices

with spoofed MAC addresses. The idea is to compare the unique signatures exhibited by the signals emitted by each wireless device against

the known signatures of pre-authorized, known wireless devices.

Answer B is incorrect. An Intrusion detection system (IDS) is used to detect unauthorized attempts to access and manipulate computer

systems locally or through the Internet or an intranet. It can detect several types of attacks and malicious behaviors that can compromise the

security of a network and computers. This includes network attacks against vulnerable services, unauthorized logins and access to sensitive

data, and malware (e.g. viruses, worms, etc.). An IDS also detects attacks that originate from within a system. In most cases, an IDS has

three main components: Sensors, Console, and Engine. Sensors generate security events. A console is used to alert and control sensors and

to monitor events. An engine is used to record events and to generate security alerts based on received security events. In many IDS

implementations, these three components are combined into a single device. Basically, following two types of IDS are used :

Network-based IDS

Host-based IDS

Answer A is incorrect. Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It

logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including

Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).

The three main modes in which Snort can be configured are as follows:

Sniffer mode: It reads the packets of the network and displays them in a continuous stream on the console.

Packet logger mode: It logs the packets to the disk.

Network intrusion detection mode: It is the most complex and configurable configuration, allowing Snort to analyze network traffic for

matches against a user-defined rule set.

Answer C is incorrect. A firewall is a tool to provide security to a network. It is used to protect an internal network or intranet against

unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic

between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports.

Answer : B

MAC filtering is a security access control technique that allows specific network devices to access, or prevents them from accessing, the network. MAC filtering can also be used on a wireless network to prevent certain network devices from accessing the wireless network. MAC addresses are allocated only to hardware devices, not to persons.

Answer : C, D

Secure Sockets Layer (SSL) is a protocol used to transmit private documents via the Internet. SSL uses a combination of public key and

symmetric encryption to provide communication privacy, authentication, and message integrity. Using the SSL protocol, clients and servers can

communicate in a way that prevents eavesdropping and tampering of data on the Internet. Many Web sites use the SSL protocol to obtain

confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of

http:. By default, SSL uses port 443 for secured communication.

For a SSL connection between a Web browser and Web server, you must enter https, for example, 'https://www.vzen.com', instead of http

as the protocol type in the URL. This will instruct the Web browser to use a different port for communication. SSL uses TCP port 443 for

communication.

Answer : A, C

Wireless Zero Configuration (WZC), also known as Wireless Auto Configuration, or WLAN AutoConfig is a wireless connection management

utility included with Microsoft Windows XP and later operating systems as a service that dynamically selects a wireless network to connect to

based on a user's preferences and various default settings. This can be used instead of, or in the absence of, a wireless network utility from

the manufacturer of a computer's wireless networking device. The drivers for the wireless adapter query the NDIS Object IDs and pass the

available network names to the service. WZC also introduce some security threats, which are as follows:

WZC will probe for networks that are already connected. This information can be viewed by anyone using a wireless analyzer and can

be used to set up fake access points to connect.

WZC attempts to connect to the wireless network with the strongest signal. Attacker can create fake wireless networks with high-

power antennas and cause computers to associate with his access point.

Answer D is incorrect. WZC does not interfere in the configuration of encryption and MAC filtering.

Answer B is incorrect. In a ping flood attack, an attacker sends a large number of ICMP packets to the target computer using the ping

command, i.e., ping -f target_IP_address. When the target computer receives these packets in large quantities, it does not respond and

hangs.