Top Tips Of Leading GSNA Exam Prep

NEW QUESTION 1

Which of the following statements about session tracking is true?

• A. When using cookies for session tracking, there is no restriction on the name of the session tracking cookie.
• B. When using cookies for session tracking, the name of the session tracking cookie must be jsessionid.
• C. A server cannot use cookie as the basis for session tracking.
• D. A server cannot use URL rewriting as the basis for session tracking.

Answer: B

Explanation:
If you are using cookies for session tracking, the name of the session tracking cookie must be jsessionid. A jsessionid can be placed only inside a cookie header. You can use HTTP cookies to store information about a session. The servlet container takes responsibility of generating the session ID, making a new cookie object, associating the session ID into the cookie, and setting the cookie as part of response.

NEW QUESTION 2

You have been assigned a project to develop a Web site for a construction company. You plan to develop a Web site and want to use cascading style sheets (CSS) as it helps you to get more control over the appearance and presentation of your Web pages and also extends your ability to precisely specify the position and appearance of the elements on a page and create special effects. You want to define styles for individual elements of a page. Which type of style sheet will you use?

• A. Embedded Style Sheet
• B. Internal Style Sheet
• C. External Style Sheet
• D. Inline Style Sheet

Answer: D

Explanation:

Cascading style sheets (CSS) are used so that the Web site authors can exercise greater control on the appearance and presentation of their Web pages. And also because they increase the ability to precisely point to the location and look of elements on a Web page and help in creating special effects. Cascading Style Sheets have codes, which are interpreteA, Dpplied by the browser on to the Web pages and their elements. There are three types of cascading style sheets. External Style Sheets Embedded Style Sheets Inline Style Sheets External Style Sheets are used whenever consistency in style is required throughout a Web site. A typical external style sheet uses a .css file extension, which can be edited using a text editor such as a Notepad. Embedded Style Sheets are used for defining styles for an active page. Inline Style Sheets are used for defining individual elements of a page. Reference: TechNet, Contents: Microsoft Knowledgebase, February 2000 issue PSS ID Number: Q179628

NEW QUESTION 3

Which of the following responsibilities does not come under the audit process?

• A. Reporting all facts and circumstances of the irregular and illegal acts.
• B. Planning the IT audit engagement based on the assessed level of risk.
• C. Reviewing the results of the audit procedures.
• D. Applying security policies.

Answer: ABC

Explanation:

According to the standards of ISACA, an auditor should hold the following responsibilities: Planning the IT audit engagement based on an assessed level of risk. Designing audit procedures of irregular and illegal acts. Reviewing the results of the audit procedures. Assuming that acts are not isolated. Determining why the internal control system failed for that act. Conducting additional audit procedures. Evaluating the results of the expanded audit procedures. Reporting all facts and circumstances of the irregular and illegal acts. Distributing the report to the appropriate internal parties, such as managers. Answer D is incorrect. The auditor is not responsible for applying security policies.

NEW QUESTION 4

Which of the following Windows processes supports creating and deleting processes and threads, running 16-bit virtual DOS machine processes, and running console windows?

• A. smss.exe
• B. services.exe
• C. csrss.exe
• D. System

Answer: C

Explanation:

csrss.exe is a process that supports creating and deleting processes and threads, running 16-bit virtual DOS machine processes, and running console windows. Answer B is incorrect. This process is the Windows Service Controller, which is responsible for starting and stopping system services running in the background. Answer A is incorrect. This process supports the programs needed to implement the user interface, including the graphics subsystem and the log on processes. Answer D is incorrect. This process includes most kernel-level threads, which manage the underlying aspects of the operating system.

NEW QUESTION 5

In addition to denying and granting access, what other services does a firewall support?

• A. Network Access Translation (NAT)
• B. Secondary connections
• C. Control Internet access based on keyword restriction
• D. Data caching

Answer: ACD

Explanation:

A firewall is a tool to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Firewalls often have network address translation (NAT) functionality. The hosts protected behind a firewall commonly have addresses in the private address range. Firewalls have such functionality to hide the true address of protected hosts. Firewalls are used by administrators to control Internet access based on keyword restriction. Some proxy firewalls can cache data so that clients can access frequently requested data from the local cache instead of using the Internet connection to request it. This is convenient for cutting down on unnecessary bandwidth consumption. Answer B is incorrect. It is an area where a firewall faces difficulty in securing the network. It is the area where employees make alternate connections to the Internet for their personal use, resulting in useless rendering of the firewall.

NEW QUESTION 6

You work as a Network Administrator for XYZ CORP. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory- based single forest single domain network. You have installed a Windows Server 2008 computer as the domain controller. The client computers of the company use the Windows XP Professional operating system. When a user logs on to a client computer, it gets authenticated by the domain controller. You want to audit the logon events that would be generated on the domain controller. Which of the following audit settings do you need to configure to accomplish the task?

• A. Audit account management
• B. Audit logon events
• C. Audit directory service access
• D. Audit account logon events

Answer: D

Explanation:

'Audit account logon events' is one of the nine audit settings that can be configured on a Windows computer. This performs auditing whenever a user logs on or off from a different computer in which the computer performing the auditing is used for validating the account, for example, when a user logs on to a Windows XP Professional computer, but gets authenticated by a domain controller. The event would be generated on the domain controller, as it is actually being used for validating the user. Answer A is incorrect. Audit account management is one of the nine audit settings that can be configured on a Windows computer. This option is enabled to audit each event that is related to a user managing an account in the user database on the computer where the auditing is configured. These events include the following: Creating a user account Adding a user account to a group Renaming a user account Changing password for a user account This option is also used to audit the changes to the domain account of the domain controllers. Answer C is incorrect. The 'Audit directory service access' option is enabled to capture the events that are related to the users accessing the Active Directory object which has been configured to track user access through the System Access Control List (SACL) of the object. Answer B is incorrect. The 'Audit logon events' option is enabled to audit each event that is related to a user logging on to, logging off from, or making a network connection to the computer configured to audit logon events.

NEW QUESTION 7

Which of the following functions are performed by methods of the HttpSessionActivationListener interface?

• A. Notifying an attribute that a session has just migrated from one JVM to another.
• B. Notifying the object when it is unbound from a session.
• C. Notifying the object when it is bound to a session.
• D. Notifying an attribute that a session is about to migrate from one JVM to another.

Answer: AD

Explanation:

The HttpSessionActivationListener interface notifies an attribute that the session is about to be activated or passivated. Methods of this interface are as follows: public void sessionDidActivate(HttpSessionEvent session): It notifies the attribute that the session has just been moved to a different JVM. public void sessionWillPassivate(HttpSessionEvent se): It notifies the attribute that the session is about to move to a different JVM. Answer B, C are incorrect. These functions are performed by the HttpSessionBindingListener interface. The HttpSessionBindingListener interface causes an object of the implementing class to be notified when it is added to or removed from a session. The HttpSessionBindingListener interface has the following methods: public void valueBound(event): This method takes an object of type HttpSessionBindingEvent as an argument. It notifies the object when it is bound to a session. public void valueUnbound(HttpSessionBindingEvent event): This method takes an object of type HttpSessionBindingEvent as an argument. It notifies the object when it is unbound from a session.

NEW QUESTION 8

You work as a Network Administrator for XYZ CORP. The company has a Windows-based network. You have been assigned the task to design the authentication system for the remote users of the company. For security purposes, you want to issue security tokens to the remote users. The token should work on the one-time password principle and so once used, the next password gets generated. Which of the following security tokens should you issue to accomplish the task?

• A. Virtual tokens
• B. Event-based tokens
• C. Bluetooth tokens
• D. Single sign-on software tokens

Answer: B

Explanation:

An event-based token, by its nature, has a long life span. They work on the one-time password principle and so once used, the next password is generated. Often the user has a button to press to receive this new code via either a token or via an SMS message. All CRYPTOCard's tokens are event-based rather than time-based. Answer C is incorrect. Bluetooth tokens are often combined with a USB token, and hence work in both a connecteA, D disconnected state. Bluetooth authentication works when closer than 32 feet (10 meters). If the Bluetooth is not available, the token must be inserted into a USB input device to function. Answer A is incorrect. Virtual tokens are a new concept in multi-factor authentication first introduced in 2005 by security company Sestus. Virtual tokens work by sharing the token generation process between the Internet website and the user's computer and have the advantage of not requiring the distribution of additional hardware or software. In addition, since the user's device is communicating directly with the authenticating website, the solution is resistant to man-in-the-middle attacks and similar forms of online fraud. Answer D is incorrect. Single sign-on software tokens are used by the multiple, related, but independent software systems. Some types of single sign-on (SSO) solutions, like enterprise single sign-on, use this token to store software that allows for seamless authentication and password filling. As the passwords are stored on the token, users need not remember their passwords and therefore can select more secure passwords, or have more secure passwords assigned.

NEW QUESTION 9

Which of the following is a wireless auditing tool that is used to pinpoint the actual physical location of wireless devices in the network?

• A. KisMAC
• B. Ekahau
• C. Kismet
• D. AirSnort

Answer: B

Explanation:

Ekahau is an easy-to-use powerful and comprehensive tool for network site surveys and optimization. It is an auditing tool that can be used to pinpoint the actual physical location of wireless devices in the network. This tool can be used to make a map of the office and then perform the survey of the office. In the process, if one finds an unknown node, ekahau can be used to locate that node. Answer D is incorrect. AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys. Answer C is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks: To identify networks by passively collecting packets To detect standard named networks To detect masked networks
To collect the presence of non-beaconing networks via data traffic Answer A is incorrect. KisMAC is a wireless network discovery tool for Mac OS X. It has a wide range of features, similar to those of Kismet, its Linux/BSD namesake and far exceeding those of NetStumbler, its closest equivalent on Windows. The program is geared toward network security professionals, and is not as novice-friendly as similar applications. KisMAC will scan for networks passively on supported cards - including Apple's AirPort, and AirPort Extreme, and many third-party cards, and actively on any card supported by Mac OS X itself. Cracking of WEP and WPA keys, both by brute force, and exploiting flaws such as weak scheduling and badly generated keys is supported when a card capable of monitor mode is used, and packet reinjection can be done with a supported card. GPS mapping can be performed when an NMEA compatible GPS receiver is attached. Data can also be saved in pcap format and loaded into programs such as Wireshark.

NEW QUESTION 10

Which of the following is the default port for Hypertext Transfer Protocol (HTTP)?

• A. 20
• B. 443
• C. 80
• D. 21

Answer: C

Explanation:

Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port. Answer B is incorrect. Port 443 is the default port for Hypertext Transfer Protocol Secure (HTTPS) and Secure Socket Layer (SSL). Answer A, D are incorrect. By default, FTP server uses TCP port 20 for data transfer and TCP port 21 for session control.

NEW QUESTION 11

You work as a Software Developer for Mansoft Inc. You create an application and use it to create users as members of the local Users group. Which of the following code snippets
imperatively demands that the current user is a member of the local Users group?

• A. System.AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); PrincipalPermission MyPermission = new PrincipalPermission(null, @"BUILTIN\Users", true); MyPermission.Demand();
• B. PrincipalPermission MyPermission = new PrincipalPermission(null, @"BUILTIN\Users", true); MyPermission.Demand();
• C. System.AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); PrincipalPermission MyPermission = new PrincipalPermission(null, @"Users", true); MyPermission.Demand();
• D. PrincipalPermission MyPermission = new PrincipalPermission(null, @"Users", true); MyPermission.Demand();

Answer: AC

Explanation:

The PrincipalPermission class allows security checks against the active principal. This is done by using the language constructs that are defined for both imperative and declarative security actions. To perform an imperative security demand for membership in a built-in Microsoft Windows group, you must first set the default principal policy to the Windows principal by calling the SetPrincipalPolicy (PrincipalPolicy.WindowsPrincipal) statement. Construct a PrincipalPermission object specifying the group name. To specify the group name, you can provide just the group name, or you can preface the group name with either "BUILTIN\" or the computer name and a backslash. Finally, call the PrincipalPermission.Demand method. There is another method of identifying group membership, i.e. by using the PrincipalPermission class or the PrincipalPermissionAttribute attribute derived from the System.Security.Permissions namespace. The PrincipalPermission object identifies that the identity of the active principal should match its information with the identity information that is passed to its constructor. The identity information contains the user's identity name and role.

NEW QUESTION 12

Mark works as a Web Developer for XYZ CORP. He is developing a Web site for the company. The Manager of the company requires Mark to use tables instead of frames in the Web site. What is the major advantage that a table-structured Web site has over a frame-structured Web site?

• A. Easy maintenance
• B. Speed
• C. Better navigation
• D. Capability of being bookmarked or added to the Favorites folder

Answer: D

Explanation:

The major advantage that a table-structured Web site has over a frame- structured Web site is that users can bookmark the pages of a table- structured Web site, whereas pages of a frame-structured Web site cannot be bookmarked or added to the Favorites folder. Non-frame Web sites also give better results with search engines. Better navigation: Web pages can be divided into multiple frames and each frame can display a separate Web page. It helps in providing better and consistent navigation. Easy maintenance: Fixed elements, such as a navigation link and company logo page, can be created once and used with all the other pages. Therefore, any change in these pages is required to be made only once.

NEW QUESTION 13

Which of the following statements are true about KisMAC?

• A. It scans for networks passively on supported cards.
• B. It cracks WEP and WPA keys by Rainbow attack or by dictionary attack.
• C. It is a wireless network discovery tool for Mac OS X.
• D. Data generated by KisMAC can also be saved in pcap forma
• E. \

Answer: ACD

Explanation:

KisMAC is a wireless network discovery tool for Mac OS X. It has a wide range of features, similar to those of Kismet, its Linux/BSD namesake and far exceeding those of NetStumbler, its closest equivalent on Windows. The program is geared toward network security professionals, and is not as novice-friendly as similar applications. KisMAC will scan for networks passively on supported cards - including Apple's AirPort, and AirPort Extreme, and many third-party cards, and actively on any card supported by Mac OS X itself. Cracking of WEP and WPA keys, both by brute force, and exploiting flaws
such as weak scheduling and badly generated keys is supported when a card capable of monitor mode is used, and packet reinjection can be done with a supported card. GPS mapping can be performed when an NMEA compatible GPS receiver is attached. Data can also be saved in pcap format and loaded into programs such as Wireshark.

NEW QUESTION 14

Sarah works as a Web Developer for XYZ CORP. She develops a Web site for the company. She uses tables in the Web site. Sarah embeds three tables within a table. What is the technique of embedding tables within a table known as?

• A. Nesting tables
• B. Stacking tables
• C. CSS tables
• D. Horned tables

Answer: A

Explanation:

In general, nesting means embedding a construct inside another. Nesting tables is a technique in which one or more tables are embedded within a table. Answer B, C, D are incorrect. There are no techniques such as stacking tables, horned tables, or CSS tables.

NEW QUESTION 15

Which of the following techniques can be used to determine the network ranges of any network?

• A. Whois query
• B. SQL injection
• C. Snooping
• D. Web ripping

Answer: A

Explanation:

Whois queries are used to determine the IP address ranges associated with clients. A whois query can be run on most UNIX environments. In a Windows environment, the tools such as WsPingPro and Sam Spade can be used to perform whois queries. Whois queries can also be executed over the Web from www.arin.net and www.networksolutions.com. Answer B is incorrect. A SQL injection attack is a process in which an attacker tries to execute unauthorized SQL statements. These statements can be used to delete data from a database, delete database objects such as tables, views, stored procedures, etc. An attacker can either directly enter the code into input variables or insert malicious code in strings that can be stored in a database. For example, the following line of code illustrates one form of SQL injection attack: query = "SELECT * FROM users WHERE name = '" + userName + "';" This SQL code is designed to fetch the records of any specified username from its table of users. However, if the "userName" variable is crafted in a specific way by a malicious hacker, the SQL statement may do more than the code author intended. For example, if the attacker puts the "userName" value as ' or ''=', the SQL statement will now be as follows: SELECT * FROM users WHERE name = '' OR ''=''; Answer D is incorrect. Web ripping is a technique in which the attacker copies the whole structure of a Web site to the local disk and obtains all files of the Web site. Web ripping helps an attacker to trace the loopholes of the Web site. Answer C is incorrect. Snooping is an activity of observing the content that appears on a computer monitor or watching what a user is typing. Snooping also occurs by using software programs to remotely monitor activity on a computer or network device. Hackers or attackers use snooping techniques and equipment such as keyloggers to monitor keystrokes, capture passwords and login information, and to intercept e-mail and other private communications. Sometimes, organizations also snoop their employees legitimately to monitor their use of organizations' computers and track Internet usage.

NEW QUESTION 16

Which of the following tools is used for port scanning?

• A. L0phtcrack
• B. NSLOOKUP
• C. NETSH
• D. Nmap

Answer: D

Explanation:

The nmap utility, also commonly known as port scanner, is used to view the open ports on a Linux computer. It is used by administrators to determine which services are available for external users. This utility helps administrators in deciding whether to disable the services that are not being used in order to minimize any security risk. Answer B is incorrect. NSLOOKUP is a tool for diagnosing and troubleshooting Domain Name System (DNS) problems. It performs its function by sending queries to the DNS server and obtaining detailed responses at the command prompt. This information can be useful for diagnosing and resolving name resolution issues, verifying whether or not the resource records are added or updated correctly in a zone, and debugging other server-related problems. This tool is installed along with the TCP/IP protocol through the Control Panel. Answer C is incorrect. NETSH is a command line tool to configure TCP/IP settings such as the IP address, Subnet Mask, Default Gateway, DNS, WINS addresses, etc. Answer A is incorrect. L0phtcrack is a tool which identifies and remediate security vulnerabilities that result from the use of weak or easily guessed passwords. It recovers Windows and Unix account passwords to access user and administrator accounts.

NEW QUESTION 17
......