GSNA Online Practice Questions and Answers

Correct Answer: C

Sarah should use the Cascading Style Sheet (CSS) while creating Web pages. This will give her greater control over the appearance and presentation of the Web pages and will also enable her to precisely specify the display attributes and the appearance of elements on the Web pages.

Correct Answer: C

An independent audit is an audit that is usually conducted by external or outside resources. It is the process of reviewing detailed audit logs for the following purposes:

1.

To examine the system activities and access logs

2.

To assess the adequacy of system methods

3.

To assess the adequacy of system controls

4.

To examine compliance with established enterprise network system policies

5.

To examine compliance with established enterprise network system procedures

6.

To examine effectiveness of enabling, support, and core processes Answer: B is incorrect. It is not a valid type of security audit. Answer: D is incorrect. It is done to examine the operational and ongoing activities within a network. Answer: B is incorrect. It is not a valid type of security audit. Answer: D is incorrect. It is done to examine the operational and ongoing activities within a network. Answer: A is incorrect. It is not a valid type of security audit.

Correct Answer: B

Authorization is a process that verifies whether a user has permission to access a Web resource. A Web server can restrict access to some of its resources to only those clients that log in using a recognized username and password. To be

authorized, a user must first be authenticated. Answer: C is incorrect. Verifying username and password describes the mechanism of authentication. Authentication is the process of verifying the identity of a user. This is usually done using a

user name and password. This process compares the provided user name and password with those stored in the database of an authentication server.

Answer: D is incorrect. Sending data so that no one can alter it on the way describes the mechanism of data integrity. Data integrity is a mechanism that ensures that the data is not modified during transmission from source to destination.

This means that the data received at the destination should be exactly the same as that sent from the source.

Answer: A is incorrect. Sending secret data such as credit card information describes the mechanism of confidentiality. Confidentiality is a mechanism that ensures that only the intended, Authorized recipients are able to read data. The data is

so encrypted that even if an unauthorized user gets access to it, he will not get any meaning out of it.

Correct Answer: ACD

NetStumbler is one of the most famous wireless auditing tools. It works with a wide variety of cards. If it is loaded on a computer, it can be used to detect 802.11 networks. It can easily identify the SSIDs and security tools. It can even identify the channel being used. This tool can also be integrated with the GPS to identify the exact location of AP for plotting onto a map. Answer: B is incorrect. It can identify the channel being used. NetStumbler can be used for a variety of services:

1.

For war driving

2.

To verify network configurations

3.

To find locations with poor coverage in a WLAN

4.

To detect causes of wireless interference

5.

To detect unauthorized ("rogue") access points

6.

To aim directional antennas for long-haul WLAN links

Correct Answer: BCD

There are many purposes of conducting risk analysis, which are as follows:

1.

To try to quantify the possible impact or loss of a threat

2.

To analyze exposure to risk in order to support better decision-making and proper management of those risks

3.

To support risk-based audit decisions

4.

To assist the auditor in determining the audit objectives

5.

To assist the auditor in identifying the risks and threats Answer: A is incorrect. The analysis of risk does not ensure absolute safety. The main purpose of using a risk-based audit strategy is to ensure that the audit adds value with meaningful information.

Correct Answer: B

The Common Gateway Interface (CGI) specification is used for creating executable programs that run on a Web server. CGI defines the communication link between a Web server and Web applications. It gives a network or Internet resource access to specific programs. For example, when users submit an HTML form on a Web site, CGI is used to pass this information to a remote application for processing, and retrieve the results from the application. It then returns these results to the user by means of an HTML page. Answer: A is incorrect. CGI programs do not execute on routers.

Correct Answer: CD

Secure Sockets Layer (SSL) is a protocol used to transmit private documents via the Internet. SSL uses a combination of public key and symmetric encryption to provide communication privacy, authentication, and message integrity. Using the SSL protocol, clients and servers can communicate in a way that prevents eavesdropping and tampering of data on the Internet. Many Web sites use the SSL protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:. By default, SSL uses port 443 for secured communication. For a SSL connection between a Web browser and Web server, you must enter https, for example, "https:// www.vzen.com", instead of http as the protocol type in the URL. This will instruct the Web browser to use a different port for communication. SSL uses TCP port 443 for communication.

Correct Answer: C

Packet filtering firewalls work on the first three layers of the OSI reference model, which means all the work is done between the network and physical layers. When a packet originates from the sender and filters through a firewall, the device checks for matches to any of the packet filtering rules that are configured in the firewall and drops or rejects the packet accordingly. In a software firewall, packet filtering is done by a program called a packet filter. The packet filter examines the header of each packet based on a specific set of rules, and on that basis, decides to prevent it from passing (called DROP) or allow it to pass (called ACCEPT). A packet filter passes or blocks packets at a network interface based on source and destination addresses, ports, or protocols. The process is used in conjunction with packet mangling and Network Address Translation (NAT). Packet filtering is often part of a firewall program for protecting a local network from unwanted intrusion. This type of firewall can be best used for network perimeter security. Answer: B is incorrect. An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees. An IDS cannot directly detect attacks within properly encrypted traffic. An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, Trojan horses, and worms). Answer: A is incorrect. A proxy server exists between a client's Web-browsing program and a real Internet server. The purpose of the proxy server is to enhance the performance of user requests and filter requests. A proxy server has a database called cache where the most frequently accessed Web pages are stored. The next time such pages are requested, the proxy server is able to suffice the request locally, thereby greatly reducing the access time. Only when a proxy server is unable to fulfill a request locally does it forward the request to a real Internet server. The proxy server can also be used for filtering user requests. This may be done in order to prevent the users from visiting non-genuine sites. Answer: D is incorrect. A honeypot is a term in computer terminology used for a trap that is set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, and monitored, and which seems to contain information or a resource of value to attackers.

Correct Answer: BD

The following are the drawbacks of the NTLM Web Authentication Scheme:

1.

NTLM Web authentication is not entirely safe because NTLM hashes (or challenge/response pairs) can be cracked with the help of brute force password guessing. The "cracking" program would repeatedly try all possible passwords,

hashing each and comparing the result to the hash that the malicious user has obtained. When it discovers a match, the malicious user will know that the password that produced the hash is the user's password.

2.

This authentication technique works only with Microsoft Internet Explorer. Answer: A, C are incorrect. NTLM authentication does not send the user's password (or hashed representation of the password) across the network. Instead, NTLM

authentication utilizes challenge/ response mechanisms to ensure that the actual password never traverses the network. How does it work? When the authentication process begins, the client sends a login request to the telnet server. The

server replies with a randomly generated 'token' to the client. The client hashes the currently logged-on user's cryptographically protected password with the challenge and sends the resulting "response" to the server. The server receives the

challenge-hashed response and compares it in the following manner:

The server takes a copy of the original token.

Now it hashes the token against the user's password hash from its own user account database. If the received response matches the expected response, the user is successfully authenticated to the host.

Correct Answer: CD

The following are the purposes of audit records on an information system:

1.

Troubleshooting

2.

Investigation

An IT audit is the process of collecting and evaluating records of an organization's information systems, practices, and operations. The evaluation of records provides evidence to determine if the information systems are safeguarding assets,

maintaining data integrity, and operating effectively and efficiently enough to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of

attestation engagement. Audit records are also used to troubleshoot system issues.

Answers A, B are incorrect. The audit records cannot be used for backup and upgradation purposes.