Pass the GIAC Audit GSNA GSNA Questions and answers with CertsForce

You will use the mv /foo /bar command to move the whole directory /foo to /bar. The mv command moves files and directories from one directory to another or renames a file or directory. mv must always be given at least two arguments. The first argument is given as a source file. The second argument is interpreted as the destination. If destination is an existing directory, the source file is moved to that directory with the same name as the source. If the destination is any other directory, the source file is moved and/or renamed to that destination name. Syntax : mv [options] source destination Some important options used with mv command are as follows:

C:\Documents and Settings\user-nwz\Desktop\1.JPG

Answer: A is incorrect. The mv /bar /foo command will move the whole /bar directory to the /foo directory. Answer: B, D are incorrect. These are not valid Linux commands.

In Unix, the /etc/sysconfig/init file is used to set terminal characteristics and environment variables. Answer: B is incorrect. In Unix, the /proc/net file contains status information about the network protocols. Answer: C is incorrect. In Unix, the /etc/sysconfig/network-scripts/ifcfg-interface file is the configuration file used to define a network interface. Answer: A is incorrect. In Unix, the /etc/sysconfig/routed file is used to set up the dynamic routing policies.

The Internal Audit Association lists the following as key components of a database audit: Create an inventory of all database systems and use classifications. This should include production and test data. Keep it up-to-date. Classify data risk within the database systems. Monitoring should be prioritized for high, medium, and low risk data. Implement an access request process that requires database owners to authorize the "roles" granted to database accounts (roles as in Role Based Access and not the native database roles). Analyze access authority. Users with higher degrees of access permission should be under higher scrutiny, and any account for which access has been suspended should be monitored to ensure access is denieA, Dttempts are identified. Assess application coverage. Determine what applications have built-in controls, and prioritize database auditing accordingly. All privileged user access must have audit priority. Legacy and custom applications are the next highest priority to consider, followed by the packaged applications. Ensure technical safeguards. Make sure access controls are set properly. Audit the activities. Monitor data changes and modifications to the database structure, permission and user changes, and data viewing activities. Consider using network-based database activity monitoring appliances instead of native database audit trails. Archive, analyze, review, and report audit information. Reports to auditors and IT managers must communicate relevant audit information, which can be analyzed and reviewed to determine if corrective action is required. Organizations that must retain audit data for long-term use should archive this information with the ability to retrieve relevant data when needed. The first five steps listed are to be performed by the auditor manually. Answer: B, D are incorrect. These tasks are best achieved by using an automated solution.

A Cascading Style Sheet (CSS) is a separate text file that keeps track of design and formatting information, such as colors, fonts, font sizes, and margins, used in Web pages. CSS is used to provide Web site authors greater control on the appearance and presentation of their Web pages. It has codes that are interpreteA, Dpplied by the browser on to the Web pages and their elements. CSS files have .css extension.

There are three types of Cascading Style Sheets: External Style Sheet Embedded Style Sheet Inline Style Sheet

An anomaly based Intrusion Detection System will monitor the network for any activity that is outside normal parameters (i.e. an anomaly) and inform you of it. Answer: C is incorrect. Antivirus software, while important, won't help detect the activities of intruders. Answer: B is incorrect. Performance monitors are used to measure normal network activity and look for problems such as bottlenecks. Answer: A is incorrect. A protocol analyzer does detect if a given protocol is moving over a particular network segment.

As 802.1x and WEP are configured, this step will enable the secure wireless network communication. For authentication, you have configured the PEAP-MS-CHAP v2 protocol. This protocol can be used for authentication on wireless networks, but it cannot use a public key infrastructure (PKI). No certificate can be issued without a PKI. Smart cards cannot be used for authentication without certificates. Hence, the laptop users will not be able to use smart cards for getting authenticated.

There are three goals of risk management as follows: Identifying the risk Assessing the impact of potential threats Finding an economic balance between the impact of the risk and the cost of the countermeasure Answer: D is incorrect. Identifying the accused does not come under the scope of risk management.

Piggybacking refers to access of a wireless Internet connection by bringing one's own computer within the range of another's wireless connection, and using that service without the subscriber's explicit permission or knowledge. It is a legally and ethically controversial practice, with laws that vary in jurisdictions around the world. While completely outlawed in some jurisdictions, it is permitted in others. The process of sending data along with the acknowledgment is called piggybacking. Answer: C is incorrect. Bluebugging is an attack used only in a Bluetooth network. Bluebugging is a form of bluetooth attack often caused by a lack of awareness. Bluebugging tools allow attacker to "take control" of the victim's phone via the usage of the victim's Bluetooth phone headset. It does this by pretending to be the users bluetooth headset and therefore "tricking" the phone to obey its call commands. Answer: D is incorrect. A worm is a software program that uses computer networks and security holes to replicate itself from one computer to another. It usually performs malicious actions, such as using the resources of computers as well as shutting down computers. Answer: B is incorrect. A Denial-of-Service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network. It is also known as a network saturation attack or bandwidth consumption attack. Attackers perform DoS attacks by sending a large number of protocol packets to the network. The effects of a DoS attack are as follows: Saturates network resources Disrupts connections between two computers, thereby preventing communications between services Disrupts services to a specific computer Causes failure to access a Web site Results in an increase in the amount of spam A Denial-of-Service attack is very common on the Internet because it is much easier to accomplish. Most of the DoS attacks rely on the weaknesses in the TCP/IP protocol.

The tag is used to specify each cell of the table. It can be used only within a row in a table. The ROWSPAN attribute of the tag specifies the number of rows that a cell spans over in a table. Since, the first cell of the table spans over three rows, Sam will use . specifies the number of columns that the head row contains. Answer: C is incorrect. Placing the tags given in this option at lines 3 and 4 will create the following table: Answer: A, B are incorrect. There are no attributes such as SPAN and SPANWIDTH for the tag.

Ryan can either choose WEP or WPA-PSK wireless protocol to set an ad hoc wireless network.

Answer: A is incorrect. WPA2-EAP cannot be chosen for an ad hoc wireless network, as it requires RADIUS (Remote Authentication Dial- In User Service) server for authentication. Answer: D is incorrect. WPA-EAP cannot be chosen for an ad hoc wireless network, as it requires RADIUS (Remote Authentication Dial-In User Service) server for authentication.