GNSA Online Practice Questions and Answers

Correct Answer: C

Sarah should use the Cascading Style Sheet (CSS) while creating Web pages. This will give her greater control over the appearance and presentation of the Web pages and will also enable her to precisely specify the display attributes and the appearance of elements on the Web pages.

Correct Answer: A

Check the antivirus log and see if it is detecting your file as a virus and deleting it. All antivirus programs have a certain rate of false positives. Since the file is being deleted from all computers, it seems likely that your antivirus has mistakenly

identified that file as a virus.

Answer: D is incorrect. The firewall log can help you identify traffic entering or leaving your network, but won't help with files being deleted. Answer: B is incorrect. An IDS log would help you identify possible attacks, but this scenario is unlikely

to be from an external attack.

Answer: C is incorrect. Your system log can only tell you what is happening on that individual computer.

Correct Answer: B

Web site traffic depends upon the number of users who are able to locate a Web site. Search engines are one of the most frequently used tools to locate Web sites. They perform searches on the basis of keywords contained in the Web pages of a Web site. Keywords are simple text strings that are associated with one or more topics of a Web page. Misspelled keywords prevent Web pages from being displayed in the search results.

Correct Answer: B

CAATs (Computer Assisted Auditing Techniques) are used to test application controls as well as perform substantive tests on sample items. Following are the types of CAATs:

Generalized Audit Software (GAS): It allows the auditor to perform tests on computer files and databases.

Custom Audit Software (CAS): It is generally written by auditors for specific audit tasks. CAS is necessary when the organization's computer system is not compatible with the auditor's GAS or when the auditor wants to conduct some testing

that may not be possible with the GAS.

Test Data: The auditor uses test data for testing the application controls in the client's computer programs. The auditor includes simulated valid and invalid test data, used to test the accuracy of the computer system's operations. This

technique can be used to check data validation controls and error detection routines, processing logic controls, and arithmetic calculations, to name a few.

Parallel Simulation: The auditor must construct a computer simulation that mimics the client's production programs.

Integrated TestFacility: The auditor enters test data along with actual data in a normal application run.

Correct Answer: C

John is performing cookie poisoning. In cookie poisoning, an attacker modifies the value of cookies before sending them back to the server. On modifying the cookie values, an attacker can log in to any other user account and can perform identity theft. The following figure explains how cookie poisoning occurs:

For example: The attacker visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1.

Original cookie values: ItemID1= 2 ItemPrice1=900 ItemID2=1 ItemPrice2=200

Modified cookie values: ItemID1= 2 ItemPrice1=1 ItemID2=1 ItemPrice2=1

Now, the attacker clicks the Buy button and the prices are sent to the server that calculates the total price.

Another use of a Cookie Poisoning attack is to pretend to be another user after changing the username in the cookie values:

Original cookie values: LoggedIn= True Username = Mark

Modified cookie values: LoggedIn= True Username = Admin

Now, after modifying the cookie values, the attacker can do the admin login.

Answer: A is incorrect. A cross site scripting attack is one in which an attacker enters malicious data into a Website. For example, the attacker posts a message that contains malicious code to any newsgroup site. When another user views

this message, the browser interprets this code and executes it and, as a result, the attacker is able to take control of the user's system. Cross site scripting attacks require the execution of client-side languages such as JavaScript,

Java,VBScript, ActiveX, Flash, etc. within a user's Webenvironment. With the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking, etc.

Correct Answer: D

According to the scenario, you want to perform banner grabbing to retrieve information about the Webserver being used by we-are-secure. For this, you will use the httprint tool to accomplish the task. httprint is a fingerprinting tool that is

based on Web server characteristics to accurately identify Web servers. It works even when Web server may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. It can also be

used to detect Web enabled devices that do not contain a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings for identification, and an attacker can also add

signatures to the signature database.

Answer: A is incorrect. Wget is a Website copier that is used to analyze the vulnerabilities of a Website offline.

Answer: C is incorrect. Whisker is an HTTP/Web vulnerability scanner that is written in the PERL language. Whisker runs on both the Windows and UNIX environments. It provides functions for testing HTTP servers for many known security

holes, particularly the presence of dangerous CGIs.

Answer: B is incorrect. WinSSLMiM is an HTTPS Man in the Middle attacking tool. It includes FakeCert, a tool used to make fake certificates. It can be used to exploit the Certificate Chain vulnerability in Internet Explorer.

Correct Answer: AC

Data integrity ensures that information has not been modified, altered, or destroyed by a third party while it is in transit. Data integrity ensures that the data received is same as the data that was sent. Moreover, no one can tamper with the

data during transmission from source to destination.

It also ensures that a hacker cannot alter the contents of an HTTP message while it is in transit from the container to the client. This will be accomplished through the use of HTTPS. The HTTPS stands for Hypertext Transfer Protocol over

Secure Socket Layer. The HTTPS encrypts and decrypts the page requests and page information between the client browser and the Web server using a Secure Socket Layer.

Answer: D is incorrect. This answer option describes confidentiality.

Answer: B is incorrect. This answer option also describes confidentiality.

Correct Answer: CD

The following are the purposes of audit records on an information system:

Troubleshooting

Investigation

An IT audit is the process of collecting and evaluating records of an organization's information systems, practices, and operations. The evaluation of records provides evidence to determine if the information systems are safeguarding assets,

maintaining data integrity, and operating effectively and efficiently enough to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of

attestation engagement. Audit records are also used to troubleshoot system issues.

Answers A, B are incorrect. The audit records cannot be used for backup and upgradation purposes.

Correct Answer: A

In general, nesting means embedding a construct inside another. Nesting tables is a technique in which one or more tables are embedded within a table. Answer: B, C, D are incorrect. There are no techniques such as stacking tables, horned tables, or CSS tables.

Correct Answer: D

Circumstantial evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person. Answer: B is incorrect. Corroborating evidence is evidence that tends to support a

proposition that is already supported by some evidence. Answer: A is incorrect. Incontrovertible evidence is a colloquial term for evidence introduced to prove a fact that is supposed to be so conclusive that there can be no other truth as to the

matter; evidence so strong, it overpowers contrary evidence, directing a fact-finder to a specific and certain conclusion.

Answer: C is incorrect. Direct evidence is testimony proof for any evidence, which expressly or straight-forwardly proves the existence of a fact.