How Many Questions Of GSNA Training Materials

NEW QUESTION 1

Which of the following allows the use of multiple virtual servers using different DNS names resolved by the same IP address?

• A. HTTP 1.1
• B. JAVA
• C. HTML
• D. VPN

Answer: A

Explanation:

HTTP 1.1 allows the use of multiple virtual servers, all using different DNS names resolved by the same IP address. The WWW service supports a concept called virtual server. A virtual server can be used to host multiple domain names on the same physical Web server. Using virtual servers, multiple FTP sites and Web sites can be hosted on a single computer. It means that there is no need to allocate different computers and software packages for each site. Answer D is incorrect. VPN stands for virtual private network. It allows users to use the Internet as a secure pipeline to their corporate local area networks (LANs). Remote users can dial-in to any local Internet Service Provider (ISP) and initiate a VPN session to connect to their corporate LAN over the Internet. Companies using VPNs significantly reduce long-distance dial-up charges. VPNs also provide remote employees with an inexpensive way of remaining connected to their company's LAN for extended periods.
Answer B is incorrect. Java is an object oriented programming language developed by Sun Microsystems. It allows the creation of platform independent executables. Java source code files are compiled into a format known as bytecode (files with .class extension). Java supports programming for the Internet in the form of Java applets. Java applets can be executed on a computer having a Java interpreter and a run-time environment known as Java Virtual Machine (JVM). Java Virtual Machines (JVMs) are available for most operating systems, including UNIX, Macintosh OS, and Windows. Answer C is incorrect. HTML stands for Hypertext Markup Language. It is a set of markup symbols or codes used to create Web pages and define formatting specifications. The markup tells the Web browser how to display the content of the Web page.

NEW QUESTION 2

You work as a Network Architect for Tech Perfect Inc. The company has a TCP/IP based Enterprise network. The company uses Cisco IOS technologies in the Enterprise network. You have enabled system message logging (syslog) service on all the routers that are currently working in the network. The syslog service provides all the reports, and important error and notification messages. You want to store all the reports and messages. Choose the locations where you can store all of these.

• A. Auxiliary
• B. Buffer
• C. Syslog server
• D. tty lines
• E. Console

Answer: BCDE

Explanation:

According to the scenario, you have enabled system message logging (syslog) service on all the routers that are currently working in the network. If you want to store all the repots, important error and notification messages sent by the routers, you can store all of these in the buffer, console, syslog server, and tty lines. You can use buffer, if you want to store syslog messages for later analysis of the network. Buffer is the memory of the router. The syslog messages that you have stored in the buffer are later available for the network analysis until the router is rebooted. You can use console port of the routers to send syslog messages to the attached terminal. You can also use vty and tty lines to send syslog messages to the remote terminal. However, the messages send through the console, vty, and tty lines are not later available for network analysis. You can use syslog server to store all the reports, and important error and notification messages. It is the best option to store all these because it is easy to configure a syslog server and you can store a large volume of logs. Note: If you have configured to run an SNMP agent, the routers send all the reports, and important error and messages in the form of SNMP traps to an SNMP server. Using this you can store the reports and messages for a long period of time. Answer A is incorrect. You cannot store syslog messages in the auxiliary line.

NEW QUESTION 3

Which of the following is Microsoft's implementation of the file and application server for the Internet and private intranets?

• A. Internet Server Service (ISS)
• B. Internet Server (IS)
• C. WWW Server (WWWS)
• D. Internet Information Server (IIS)

Answer: D

Explanation:

Microsoft Internet Information Server (IIS) is a WeA, Bpplication server for the Internet and private intranets. IIS receives requests from users on the network using the World Wide Web (WWW) service and transmits information using the Hypertext Transport Protocol (HTTP). IIS uses Microsoft Transaction Server (MTS) to provide security, performance, and scalability with server side packages.

NEW QUESTION 4

Which of the following firewalls inspects the actual contents of packets?

• A. Circuit-level firewall
• B. Stateful inspection firewall
• C. Packet filtering firewall
• D. Application-level firewall

Answer: D

Explanation:
The application level firewall inspects the contents of packets, rather than the source/destination or connection between the two. An Application level firewall operates at the application layer of the OSI model. Answer A is incorrect. The circuit-level firewall regulates traffic based on whether or not a trusted connection has been established. It operates at the session layer of the OSI model. Answer C is incorrect. The packet filtering firewall filters traffic based on the headers. It operates at the network layer of the OSI model. Answer B is incorrect. The stateful inspection firewall assures the connection between the two parties is valid and inspects packets from this connection to assure the packets are not malicious.

NEW QUESTION 5

Which of the following key combinations in the vi editor is used to copy the current line?

• A. dk
• B. yy
• C. d$
• D. dl

Answer: B

Explanation:

The yy key combination in the vi editor is used to copy the current line. The vi editor is an interactive, cryptic, and screen-based text editor used to create and edit a file. It operates in either Input mode or Command mode. In Input mode, the vi editor accepts a keystroke as text and displays it on the screen, whereas in Command mode, it interprets keystrokes as commands. As the vi editor is case sensitive, it interprets the same character or characters as different commands, depending upon whether the user enters a lowercase or uppercase character. When a user starts a new session with vi, he must put the editor in Input mode by pressing the "I" key. If he is not able to see the entered text on the vi editor's screen, it means that he has not put the editor in Insert mode. The user must change the editor to Input mode before entering any text so that he can see the text he has entered. Answer D is incorrect. It deletes next char on the right. Answer A is incorrect. It deletes the current line and one line above. Answer C is incorrect. It deletes from the cursor till the end of the line.

NEW QUESTION 6

John works as a Network Administrator for We-are-secure Inc. The We-are-secure server is based on Windows Server 2003. One day, while analyzing the network security, he receives an error message that Kernel32.exe is encountering a problem. Which of the following steps should John take as a countermeasure to this situation?

• A. He should download the latest patches for Windows Server 2003 from the Microsoft site, so that he can repair the kernel.
• B. He should restore his Windows settings.
• C. He should observe the process viewer (Task Manager) to see whether any new process is running on the computer or no
• D. If any new malicious process is running, he should kill that process.
• E. He should upgrade his antivirus program.

Answer: CD

Explanation:

In such a situation, when John receives an error message revealing that Kernel32.exe is encountering a problem, he needs to come to the conclusion that his antivirus program needs to be updated, because Kernel32.exe is not a Microsoft file (It is a Kernel32.DLL file.). Although such viruses normally run on stealth mode, he should examine the process viewer (Task Manager) to see whether any new process is running on the computer or not. If any new process (malicious) is running on the server, he should exterminate that process. Answer A, B are incorrect. Since kernel.exe is not a real kernel file of Windows, there is no need to repair or download any patch for Windows Server 2003 from the Microsoft site to repair the kernel. Note: Such error messages can be received if the computer is infected with malware, such as Worm_Badtrans.b, Backdoor.G_Door, Glacier Backdoor, Win32.Badtrans.29020, etc.

NEW QUESTION 7

Which of the following statements about a screened host is true?

• A. It facilitates a more efficient use of the Internet connection bandwidth and hides the real IP addresses of computers located behind the proxy.
• B. It is a small network that lies in between the Internet and a private network.
• C. It provides added security by using Internet access to deny or permit certain traffic from the Bastion Host.
• D. It provides a physical connection between computers within a network.

Answer: C

Explanation:

A screened host provides added security by using Internet access to deny or permit certain traffic from the Bastion Host. Answer D is incorrect. A network interface card provides a physical connection between computers within a network.
Answer B is incorrect. Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a private network. It is the boundary between the Internet and an internal network, usually a combination of firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a large enterprise network or corporate network the ability to use the Internet while still maintaining its security. Answer A is incorrect. A proxy server facilitates a more efficient use of the Internet connection bandwidth and hides the real IP addresses of computers located behind the proxy.

NEW QUESTION 8

Which of the following are attributes of the <TABLE> tag? (Choose three)

• A. BORDER
• B. ALIGN
• C. TD
• D. WIDTH

Answer: ABD

Explanation:

The WIDTH attribute of the <TABLE> tag is used to set the width of a table. Width can be specified in pixels and percentage. For example, if a table of the same width as that of the parent object has to be created, the WIDTH attribute must be set to 100%. The ALIGN attribute aligns the table within the text flow. By default alignment is set to left. The BORDER attribute of the <TABLE> tag is used to set the width of the table border. Answer C is incorrect. <TD> is not an attribute of the <TABLE> tag. It is a tag used to specify cells in a table.

NEW QUESTION 9

Samantha works as a Web Developer for XYZ CORP. She develops a Web application using Visual InterDev. She wants to group a series of HTML elements together so that an action can be performed collectively on them. Which of the following tags will Samantha use to accomplish this?

• A. DIV
• B. GROUP
• C. BODY
• D. SPAN

Answer: A

Explanation:

DIV is an HTML tag that groups a series of elements into a larger group. It can be used when an action needs to be performed collectively on the grouped elements. The DIV tag acts as a container for other elements. Answer D is incorrect. The SPAN tag is used within an element to group a part of it. For example, this tag can be used to group a few sentences from within a paragraph, so that a particular action can be performed only on them. Answer C is incorrect. The BODY tag is used to specify the beginning and end of
the document body. Answer B is incorrect. There is no tag such as GROUP in HTML.

NEW QUESTION 10

Mark works as a Database Administrator for MarLinc Inc. How will he execute a SQL command from the SQL buffer?

• A. Enter an asterisk (*)
• B. Enter a semicolon (;)
• C. Press [ESC] twice
• D. Press [RETURN] twice
• E. Enter a slash (/)

Answer: BE

Explanation:

SQL buffer stores the most recently used SQL commands and PL/SQL blocks. It does not store the SQL* Plus commands. The SQL buffer can be edited or saved to a file. A SQL command or a PL/SQL block can be executed by entering a semicolon (;) or a slash (/), or by using the RUN command at the command prompt. When a semicolon (;) is entered at the end of a command, the command is completed and executed. When a slash (/) is entered on a new line, the command in the buffer is executed. It can also be used to execute a PL/SQL block. The RUN command is used to execute a command in the buffer. A SQL command can be saved in the buffer by entering a blank line. Reference: Oracle8i Online Documentation, Contents: "SQL*PLUS Users Guide and Reference", "Learning SQL*PLUS Basics, 3 of 4"

NEW QUESTION 11

An auditor assesses the database environment before beginning the audit. This includes various key tasks that should be performed by an auditor to identify and prioritize the users, data, activities, and applications to be monitored. Which of the following tasks need to be performed by the auditor manually?

• A. Classifying data risk within the database systems
• B. Monitoring data changes and modifications to the database structure, permission and user changes, and data viewing activities
• C. Analyzing access authority
• D. Archiving, analyzing, reviewing, and reporting of audit information

Answer: AC

Explanation:

The Internal Audit Association lists the following as key components of a database audit: Create an inventory of all database systems and use classifications. This should include production and test data. Keep it up-to-date. Classify data risk within the database systems. Monitoring should be prioritized for high, medium, and low risk data. Implement an access request process that requires database owners to authorize the "roles" granted to database accounts (roles as in Role Based Access and not the native database roles). Analyze access authority. Users with higher degrees of access permission should be under higher scrutiny, and any account for which access has been suspended should be monitored to ensure access is denieA, Dttempts are identified. Assess application coverage. Determine what applications have built-in controls, and prioritize database auditing accordingly. All privileged user access must have audit priority. Legacy and custom applications are the next highest priority to consider, followed by the packaged applications. Ensure technical safeguards. Make sure access controls are set properly. Audit the activities. Monitor data changes and modifications to the database structure, permission and user changes, and data viewing activities. Consider using network-based database activity monitoring appliances instead of native database audit trails. Archive, analyze, review, and report audit information. Reports to auditors and IT managers must communicate relevant audit information, which can be analyzed and reviewed to determine if corrective action is required. Organizations that must retain audit data for long-term use should archive this information with the ability to retrieve relevant data when needed. The first five steps listed are to be performed by the auditor manually. Answer B, D are incorrect. These tasks are best achieved by using an automated solution.

NEW QUESTION 12

You work as a Network Administrator for Tech Perfect Inc. For security issues, the company requires you to harden its routers. You therefore write the following code: Router#config terminal Router(config) #no ip bootp server Router(config) #no ip name- server Router(config) #no ntp server Router(config) #no snmp server Router(config) #no ip http server Router(config) #^Z Router# What services will be disabled by using this configuration fragment?

• A. BootP service
• B. Finger
• C. CDP
• D. DNS function

Answer: AD

Explanation:

The above configuration fragment will disable the following services from the router: The BootP service The DNS function The Network Time Protocol The Simple Network Management Protocol Hyper Text Transfer Protocol

NEW QUESTION 13

You work as the Project Engineer for XYZ CORP. The company has a Unix-based network. Your office consists of one server, seventy client computers, and one print device. You raise a request for printing a confidential page. After 30 minutes, you find that your print request job is not processed and is at the seventh position in the printer queue. You analyze that it shall take another one hour to print. You decide to remove your job from the printer queue and get your page printed outside the office. Which of the following Unix commands can you use to remove your job from the printer queue?

• A. tunelp
• B. pr
• C. lprm
• D. gs

Answer: C

Explanation:

The basic Unix printing commands are as follows: banner: It is used to print a large banner on a printer. lpr: It is used to submit a job to the printer. lpc: It enables one to check the status of the printer and set its state. lpq: It shows the contents of a spool directory for a given printer. lprm: It is used to remove a job from the printer queue. gs: It works as a PostScript interpreter. pr: It is used to print a file. tunelp: It is used to set various parameters for the lp device.

NEW QUESTION 14

Pervasive IS controls can be used across all the internal departments and external contractors to define the direction and behavior required for the technology to function properly. When these controls are implemented properly, which of the following areas show the reliability improvement? (Choose three)

• A. Hardware development
• B. Software development
• C. Security administration
• D. Disaster recovery

Answer: BCD

Explanation:

Pervasive IS controls can be used across all the internal departments and external contractors. If the Pervasive IS controls are implemented properly, it improves the reliability of the following: Software development System implementation Overall service delivery Security administration Disaster recovery Business continuity planning Answer A is incorrect. Pervasive IS controls do not have any relation with the reliability of the hardware development.

NEW QUESTION 15

Which of the following are HTML tags, used to create a table?

• A. <TR>
• B. <TD>
• C. <TABLE SET>
• D. <SET TABLE>
• E. <TT>
• F. <TABLE>

Answer: ABF

Explanation:

In Hypertext Markup Language (HTML), a table is created using the
<TABLE>, <TR>, and <TD> tags. The <TABLE> tag designs the table layout, the <TR> tag is used to create a row, and the <TD> tag is used to create a column. For example, the following code generates a table with two rows and two columns:
<TABLE BORDER=1>
<TR> <TD>Cell 1</TD>
<TD>Cell 2</TD> </TR>
<TR> <TD>Cell 3</TD>
<TD>Cell 4</TD> </TR>
</TABLE>
Answer C, E, and D are incorrect. There are no HTML tags such as <TABLE SET>, <TT>, and <SET TABLE>.

NEW QUESTION 16

You work as a Network Auditor for XYZ CORP. The company has a Windows-based network. While auditing the company's network, you are facing problems in searching the faults and other entities that belong to it. Which of the following risks may occur due to the existence of these problems?

• A. Residual risk
• B. Inherent risk
• C. Secondary risk
• D. Detection risk

Answer: D

Explanation:

Detection risks are the risks that an auditor will not be able to find what they are looking to detect. Hence, it becomes tedious to report negative results when material conditions (faults) actually exist. Detection risk includes two types of risk: Sampling risk: This risk occurs when an auditor falsely accepts or erroneously rejects an audit sample. Nonsampling risk: This risk occurs when an auditor fails to detect a condition because of not applying the appropriate procedure or using procedures inconsistent with the audit objectives (detection faults). Answer A is incorrect. Residual risk is the risk or danger of an action or an event, a method or a (technical) process that, although being abreast with science, still conceives these dangers, even if all theoretically possible safety measures would be applied (scientifically conceivable measures). The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). In the economic context, residual means "the quantity left over at the end of a process; a remainder". Answer B is incorrect. Inherent risk, in auditing, is the risk that the account or section being audited is materially misstated without considering internal controls due to error or fraud. The assessment of inherent risk depends on the professional judgment of the auditor, and it is done after assessing the business environment of the entity being audited. Answer C is incorrect. A secondary risk is a risk that arises as a straight consequence of implementing a risk response. The secondary risk is an outcome of dealing with the original risk. Secondary risks are not as rigorous or important as primary risks, but can turn out to be so if not estimated and planned properly.

NEW QUESTION 17
......