New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Audit GSNA GSNA GIAC Study Notes

Page: 3 / 14
Total 368 questions

GIAC Systems and Network Auditor Questions and Answers

Question 9

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

Options:

A.

Disaster recovery plan

B.

Continuity of Operations Plan

C.

Business continuity plan

D.

Contingency plan

Question 10

John works as a professional Ethical Hacker. He has been assigned a project to test the security of He performs Web vulnerability scanning on the We-are-secure server. The output of the scanning test is as follows: C.\whisker.pl -h target_IP_address -- whisker / v1.4.0 / rain forest puppy / -- = - = - = - = - = = Host: target_IP_address = Server: Apache/1.3.12 (Win32) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22 + 200 OK: HEAD /cgi-bin/printenv John recognizes /cgi-bin/printenv vulnerability ( 'Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?

Options:

A.

With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.

B.

'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.

C.

The countermeasure to 'printenv' vulnerability is to remove the CGI script.

D.

This vulnerability helps in a cross site scripting attack.

Question 11

Adam works as a Security Analyst for Umbrella Inc. He is retrieving large amount of log data from syslog servers and network devices such as Router and switches. He is facing difficulty in analyzing the logs that he has retrieved. To solve this problem, Adam decides to use software called Sawmill. Which of the following statements are true about Sawmill?

Options:

A.

It incorporates real-time reporting and real-time alerting.

B.

It is used to analyze any device or software package, which produces a log file such as Web servers, network devices (switches & routers etc.), syslog servers etc.

C.

It is a software package for the statistical analysis and reporting of log files.

D.

It comes only as a software package for user deployment.

Question 12

Choose the benefits of deploying switches over hubs in your infrastructure. (Choose two)

Options:

A.

Layer 2 switches allow for the creation of Virtual LANs providing options for further segmentation and security.

B.

Switches lower the number of collisions in the environment.

C.

Switches create an environment best suited for half duplex communications. This improves network performance and the amount of available bandwidth.

D.

Layer 2 switches increase the number of broadcast domains in the environment.

Page: 3 / 14
Total 368 questions