Pass the GIAC Audit GSNA GSNA Questions and answers with CertsForce

In computer security, the term vulnerability is a weakness which allows an attacker to reduce a system's Information Assurance. A computer or a network can be vulnerable due to the following reasons: Complexity: Large, complex systems increase the probability of flaws and unintended access points. Familiarity: Using common, well-known code, software, operating systems, and/or hardware increases the probability an attacker has or can find the knowledge and tools to exploit the flaw. Connectivity: More physical connections, privileges, ports, protocols, and services and time each of those are accessible increase vulnerability. Password management flaws: The computer user uses weak passwords that could be discovered by brute force. The computer user stores the password on the computer where a program can access it. Users re-use passwords between many programs and websites. Fundamental operating system design flaws: The operating system designer chooses to enforce sub optimal policies on user/program management. For example, operating systems with policies such as default permit grant every program and every user full access to the entire computer. This operating system flaw allows viruses and malware to execute commands on behalf of the administrator. Internet Website Browsing: Some Internet websites may contain harmful Spyware or Adware that can be installed automatically on the computer systems. After visiting those websites, the computer systems become infected and personal information will be collected and passed on to third party individuals. Software bugs: The programmer leaves an exploitable bug in a software program. The software bug may allow an attacker to misuse an application. Unchecked user input: The program assumes that all user input is safe. Programs that do not check user input can allow unintended direct execution of commands or SQL statements (known as Buffer overflows, SQL injection or other non-validated inputs).

Answer: B, C are incorrect. Use of common software and common code can make a network vulnerable.

According to the scenario, John will use "nmap -v -O 208.100.2.25" to detect the operating system of the we-are-secure server. Here, -v is used for verbose and -O is used for TCP/IP fingerprinting to guess the remote operating system. John may also use the DNS name of we-are-secure instead of using the IP address of the we-are-secure server. So, he can also use the nmap command "nmap -v -O www.we-are-secure.com ". Answer: C is incorrect. "nc -v -n 208.100.2.25 80" is a Netcat command, which is used to banner grab for getting information about the

According to the standards of ISACA, an auditor should hold the following responsibilities: Planning the IT audit engagement based on an assessed level of risk. Designing audit procedures of irregular and illegal acts. Reviewing the results of the audit procedures. Assuming that acts are not isolated. Determining why the internal control system failed for that act. Conducting additional audit procedures. Evaluating the results of the expanded audit procedures. Reporting all facts and circumstances of the irregular and illegal acts. Distributing the report to the appropriate internal parties, such as managers. Answer: D is incorrect. The auditor is not responsible for applying security policies.

Applications other than those supplied or approved by the company shall not be installed on any computer. Answer: A, B, D are incorrect. All of these statements stand true in the 'acceptable use statement' portion of the firewall policy.

Pervasive IS controls are a subset of general controls that contains some extra definitions focusing on the management of monitoring a specific technology. A pervasive order or control determines the direction and behavior required for technology to function properly. The pervasive control permeates the area by using a greater depth of control integration over a wide area of influence. Answer: B is incorrect. General controls are the parent class of controls that governs all areas of a business. An example of general controls includes the separation duties that prevent employees from writing their own paychecks and creating accurate job descriptions. General controls define the structure of an organization, establish HR policies, monitor workers and the work environment, as well as support budgeting, auditing, and reporting. Answer: A is incorrect. Detailed IS controls are controls used for manipulating the on-going tasks in an organization. Some of the specific tasks require additional detailed controls to ensure that the workers perform their job correctly. These controls refer to some specific tasks or steps to be performed such as: The way system security parameters are set. How input data is verified before being accepted into an application. How to lock a user account after unsuccessful logon attempts. How the department handles acquisitions, security, delivery, implementation, and support of IS services. Answer: C is incorrect. Application controls are embedded in programs. It constitutes the lowest subset in the control family. An activity should be filtered through the general controls, then the pervasive controls and detailed controls, before reaching the application controls level. Controls in the higher level category help in protecting the integrity of the applications and their data. The management is responsible to get applications tested prior to production through a recognized test method. The goal of this test is to provide a technical certificate that each system meets the requirement.

A screened host provides added security by using Internet access to deny or permit certain traffic from the Bastion Host. Answer: D is incorrect. A network interface card provides a physical connection between computers within a network.

Answer: B is incorrect. Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a private network. It is the boundary between the Internet and an internal network, usually a combination of firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a large enterprise network or corporate network the ability to use the Internet while still maintaining its security. Answer: A is incorrect. A proxy server facilitates a more efficient use of the Internet connection bandwidth and hides the real IP addresses of computers located behind the proxy.

WinSSLMiM is an HTTPS Man in the Middle attacking tool. It includes FakeCert, a tool used to make fake certificates. It can be used to exploit the Certificate Chain vulnerability in Internet Explorer. The tool works under Windows 9x/2000. For example, Generate fake certificate: fc -s www.we-are-secure.com -f fakeCert.crt Launch WinSSLMiM: wsm -f fakeCert.crt Answer: D is incorrect. Brutus is a password cracking tool that performs both dictionary and brute force attacks in which passwords are randomly generated from given characters. Brute forcing can be performed on the following authentications: HTTP (Basic Authentication) HTTP (HTML Form/CGI) POP3 (Post Office Protocol v3) FTP (File Transfer Protocol) SMB (Server Message Block) Telnet Answer: A is incorrect. Obiwan is a Web password cracking tool that is used to perform brute force and hybrid attacks. It is effective against HTTP connections for Web servers that allow unlimited failed login attempts by the user. Obiwan uses wordlists as well as alphanumeric characters as possible passwords. Answer: B is incorrect. Netcat is a freely available networking utility that reads and writes data across network connections by using the TCP/IP protocol. Netcat has the following features: It provides outbound and inbound connections for TCP and UDP ports. It provides special tunneling such as UDP to TCP, with the possibility of specifying all network parameters. It is a good port scanner. It contains advanced usage options, such as buffered send-mode (one line every N seconds), and hexdump (to stderr or to a specified file) of transmitted and received data. It is an optional RFC854 telnet code parser and responder.

Data aggregation is any process in which information is gathered and expressed in a summary form, for purposes such as statistical analysis. A common aggregation purpose is to get more information about particular groups based on specific variables such as age, profession, or income. The information about such groups can then be used for Web site personalization to choose content and advertising likely to appeal to an individual belonging to one or more groups for which data has been collected. For example, a site that sells music CDs might advertise certain CDs based on the age of the user and the data aggregate for their age group. Online analytic processing (OLAP) is a simple type of data aggregation in which the marketer uses an online reporting mechanism to process the information. Answer: B is incorrect. Data aggregation can be user-based. Personal data aggregation services offer the user a single point for collection of their personal information from other Web sites. The customer uses a single master personal identification number (PIN) to give them access to their various accounts (such as those for financial institutions, airlines, book and music clubs, and so on). Performing this type of data aggregation is sometimes referred to as "screen scraping."

A relational database is a collection of data items organized as a set of formally-described tables from which data can be accessed or reassembled in many different ways without having to reorganize the database tables. Answer: B is incorrect. The standard user and application program interface to a relational database is the structured query language (SQL). Answer: A is incorrect. In addition to being relatively easy to create and access, a relational database has the important advantage of being easy to extend. Answer: D is incorrect. A relational database is a set of tables containing data fitted into predefined categories. Each table (which is sometimes called a relation) contains one or more data categories in columns. Each row contains a unique instance of data for the categories defined by the columns.