GNSA Online Practice Questions and Answers

Correct Answer:

George will click on the Allow a program through Windows Firewall link to open the Windows Firewall Settings dialog box. He will then insert a check mark in the File and Printer Sharing checkbox in the Exceptions tab of the Windows Firewall Settings dialog box.

Correct Answer:

The company policy states that you cannot install the Firewall Client software or configure the Web Proxy service on any client computer. Therefore, you will have to configure all client computers as SecureNAT clients. The users are unable to

access Internet Web sites because you have enabled the Ask unauthenticated users for identification check box. SecureNAT clients do not provide user name or computer name information to ISA Server when making requests. Hence, all

SecureNAT client requests are denied.

To resolve the issue, you will have to disable the Ask unauthenticated users for identification check box.

Correct Answer: D

Detection risks are the risks that an auditor will not be able to find what they are looking to detect. Hence, it becomes tedious to report negative results when material conditions (faults) actually exist. Detection risk includes two types of risk:

Sampling risk: This risk occurs when an auditor falsely accepts or erroneously rejects an audit sample.

Nonsampling risk: This risk occurs when an auditor fails to detect a condition because of not applying the appropriate procedure or using procedures inconsistent with the audit objectives (detection faults). Answer: A is incorrect. Residual risk

is the risk or danger of an action or an event, a method or a (technical) process that, although being abreast with science, still conceives these dangers, even if all theoretically possible safety measures would be applied (scientifically

conceivable measures). The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). In the economic context, residual means "the quantity left over at the end of a process; a remainder".

Answer: B is incorrect. Inherent risk, in auditing, is the risk that the account or section being audited is materially misstated without considering internal controls due to error or fraud. The assessment of inherent risk depends on the

professional judgment of the auditor, and it is done after assessing the business environment of the entity being audited.

Answer: C is incorrect. A secondary risk is a risk that arises as a straight consequence of implementing a risk response. The secondary risk is an outcome of dealing with the original risk. Secondary risks are not as rigorous or important as

primary risks, but can turn out to be so if not estimated and planned properly.

Correct Answer: C

The nmap -O -p switch can be used to perform TCP/IP stack fingerprinting. Nmap is a free open-source utility for network exploration and security auditing. It is used to discover computers and services on a computer network, thus creating a

"map" of the network. Just like many simple port scanners, Nmap is capable of discovering passive services. In addition, Nmap may be able to determine various details about the remote computers. These include operating system, device

type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows

etc.

Answer: B is incorrect. The nmap -sU -p switch can be used to perform UDP port scanning.

Answer: A is incorrect. The nmap -sS switch is used to perform a TCP half scan. TCP SYN scanning is also known as half-open scanning because in this a full TCP connection is never opened.

Answer: D is incorrect. The nmap -sT switch is used to perform a TCP full scan.

Correct Answer: C

Structure mining is used to examine data related to the structure of a particular Web site.

Answer: D is incorrect. Usage mining is used to examine data related to a particular user's browser as well as data gathered by forms the user may have submitted during Web transactions.

Correct Answer: C

War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers - hackers that specialize in computer security - for password guessing. Answer: A is incorrect. Warkitting is a combination of wardriving and rootkitting. In a warkitting attack, a hacker replaces the firmware of an attacked router. This allows them to control all trafficfor the victim, and could even permit them to disable SSL by replacing HTML content as it is being downloaded. Warkitting was identified by Tsow, Jakobsson, Yang, and Wetzel in 2006. Their discovery indicated that 10% of the wireless routers were susceptible to WAPjacking (malicious configuring of the firmware settings, but making no modification on the firmware itself) and 4.4% of wireless routers were vulnerable to WAPkitting (subverting the router firmware). Their analysis showed that the volume of credential theft possible through Warkitting exceeded the estimates of credential theft due to phishing. Answer: D is incorrect. In the computer hacking scene of the 1980s, demon dialing was a technique by which a computer is used to repeatedly dial a number (usually to a crowded modem pool) in an attempt to gain access immediately after another user had hung up. The expansion of accessible Internet service provider connectivity since that time more or less rendered the practice obsolete. The term "demon dialing" derives from the Demon Dialer product from Zoom Telephonics, Inc., a telephone device produced in the 1980s which repeatedly dialed busy telephone numbers under control of an extension phone. Answer: B is incorrect. War driving, also called access pointmapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, one needs a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources.

Correct Answer: ACD

A dual-homed host is one of the firewall architectures for implementing preventive security. It provides the first-line defense and protection technology for keeping untrusted bodies from compromising information security by violating trusted

network space as shown in the image below:

A dual-homed host (or bastion host) is a system fortified with two network interfaces (NICs) that sits between an un-trusted network (like the Internet) and trusted network (such as a corporate network) to provide secure access. Dual-homed,

or bastion, is a general term for proxies, gateways, firewalls, or any server that provides secured applications or services directly to an untrusted network.

A dual-homed host also hassome disadvantages, which are as follows:

1.

It can provide services by proxying them.

2.

User accounts may unexpectedly enable services a user may not consider secure.

3.

It provides services when users log on to the dual-homed host directly.

Answer: B is incorrect. Dual-Homed Host Firewall Architecture can provide a very high level of control.

Correct Answer: D

In Unix, the /etc/sudoers file contains a list of users with special privileges along with the commands that they can execute. Answer: A is incorrect. In Unix, the /proc/meminfo file shows information about the memory usage, both physical and swap. Answer: B is incorrect. In Unix, the /etc/sysconfig/amd file is the configuration filethat is used to configure the auto mount daemon. Answer: C is incorrect. In Unix, the /proc/modules file shows the kernel modules that are currently loaded.

Correct Answer: B

You can use the tr command to convert all lowercase letters of a text file to uppercase. The tr command is used to translate, squeeze, and/or delete characters from standard input, writing to standard output. If you want to change all lowercase letters to uppercase, you will use the tr [a-z] [A-Z] command. commands cannot translate the text from one form to another.

Correct Answer: A

Here, you will use the history !user command to search the most recent command that starts with the string 'user'. In the bash shell, the history command is used to view the recently executed commands. History is on by default. A user can turn off history using the command set +o history and turn it on using set -o history. An environment variable HISTSIZE is used to inform bash about how many history lines should be kept. The following commands are frequently used to view and manipulate history: