Pass the GIAC Audit GSNA GSNA Questions and answers with CertsForce

System hardening is a term used for securing an operating system. It can be achieved by installing the latest service packs, removing unused protocols and services, and limiting the number of users with administrative privileges.

In Unix, the /etc/sudoers file contains a list of users with special privileges along with the commands that they can execute. Answer: A is incorrect. In Unix, the /proc/meminfo file shows information about the memory usage, both physical and swap. Answer: B is incorrect. In Unix, the /etc/sysconfig/amd file is the configuration file that is used to configure the auto mount daemon. Answer: C is incorrect. In Unix, the /proc/modules file shows the kernel modules that are currently loaded.

EAP-TLS can use only a public key certificate as the authentication technique. It is supported by all manufacturers of wireless LAN hardware and software. The requirement for a client-side certificate, however unpopular it may be, is what gives EAP-TLS its authentication strength and illustrates the classic convenience vs. security trade-off. Answer: D is incorrect. EAP-TLS provides the highest level of security. Answer: A is incorrect. EAP-TLS uses a public key certificate for server authentication.

The basic features of Unix are as follows: Multi-user: It supports more than one user to access the system simultaneously through a set of terminals attached to a system. Multi-tasking: A user can execute multiple programs at the same time from a single terminal. Time sharing: The operating system shares CPU time among tasks. Portability: It is highly portable across hardware. Modularity: It allows only needed modules to be loaded into the memory. File structure: It has an inverted tree like file structure, with files and directories created within the file structure. Security: All files can be individually protected using read, write, and execute permissions for the user, group, and others. Network support: It uses the TCP/IP protocol. Advanced graphics: CAD-CAM applications perform the best in a Unix System with its varied support for graphics card.

The following are the purposes of audit records on an information system: Troubleshooting Investigation An IT audit is the process of collecting and evaluating records of an organization's information systems, practices, and operations. The evaluation of records provides evidence to determine if the information systems are safeguarding assets, maintaining data integrity, and operating effectively and efficiently enough to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement. Audit records are also used to troubleshoot system issues. Answer: A, B are incorrect. The audit records cannot be used for backup and upgradation purposes.

In order to take a snapshot of the router running configuration and archive running configuration of the router to persistent storage, you should secure the boot configuration of the router using the secure boot-config command. Answer: D is incorrect. You can enable the image resilience, if you want to secure the Cisco IOS image. Answer: C is incorrect. By verifying the security of bootset, you can examine whether or not the Cisco IOS Resilient Configuration is enabled and the files in the bootset are secured.

Answer: B is incorrect. By restoring an archived primary bootset, you can restore a primary bootset from a secure archive after an NVRAM has been erased or a disk has been formatted.

There are a number of errors one could find in a Windows Server 2003 DNS log. They are as follows: The DNS server could not create a Transmission Control Protocol. The DNS server could not open socket for address. The DNS server could not initialize the Remote Procedure Call (RPC) service. The DNS server could not bind the main datagram socket. The DNS Server service relies on Active Directory to store and retrieve information for Active Directory-integrated zones. And several active directory errors are possible. Answer: A is incorrect. DNS Servers do not create FTP connections. Answer: B is incorrect. A DNS server looks up a name to return an IP, it would not and cannot connect to a domain name, it must connect to an IP address.

According to the scenario, John is performing the Steganography technique for sending malicious data. Steganography is an art and science of hiding information by embedding harmful messages within other seemingly harmless messages. It works by replacing bits of unused data, such as graphics, sound, text, and HTML, with bits of invisible information in regular computer files. This hidden information can be in the form of plain text, cipher text, or even in the form of images. Answer: A is incorrect. Web ripping is a technique in which the attacker copies the whole structure of a Web site to the local disk and obtains all files of the Web site. Web ripping helps an attacker to trace the loopholes of the Web site. Answer: D is incorrect. Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of the people to trick someone rather than their technical skills. A user should always distrust people who ask him for his account name or password, computer name, IP address, employee ID, or other information that can be misused. Answer: C is incorrect. John is not performing email spoofing. In email spoofing, an attacker sends emails after writing another person's mailing address in the from field of the email id.

The TCP 172.16.1.0/24 any any 443 HTTPs permit rule is used to allow internal users to access secure external websites. Answer: A is incorrect. The TCP 172.16.1.0/24 any any 80 HTTP permit rule is used to allow internal users to access external websites (secure & unsecure both). Answer: C is incorrect. The TCP 172.16.1.0/24 any any 80 HTTP deny rule is used to deny internal users to access external websites. Answer: B is incorrect. The TCP 172.16.1.0/24 any any 25 SMTP permit rule is used to allow internal mail servers to deliver mails to external mail servers.

The following types of software are safety critical software: Software that is used to apply a critical decision-making process Software that is used to manage or monitor safety critical functions Software that intervenes when an unsafe condition is present or is about to happen Software that executes on the same target system as safety critical software Software that impacts the systems on which safety critical software runs Software that manages safety critical data including display of safety critical information Software that is used to validate and verify safety critical software Answer: D is incorrect. Software that is used to manage or monitor safety critical functions is known as safety critical software. Answer: C is incorrect. Software that intervenes when an unsafe condition is present or is about to happen is known as safety critical software.