Curious about Actual GIAC Management & Leadership (GSNA) Exam Questions?

Correct : C

Packet filtering firewalls work on the first three layers of the OSI reference model, which means all the work is done between the network and

physical layers. When a packet originates from the sender and filters through a firewall, the device checks for matches to any of the packet

filtering rules that are configured in the firewall and drops or rejects the packet accordingly. In a software firewall, packet filtering is done by a

program called a packet filter. The packet filter examines the header of each packet based on a specific set of rules, and on that basis, decides

to prevent it from passing (called DROP) or allow it to pass (called ACCEPT). A packet filter passes or blocks packets at a network interface

based on source and destination addresses, ports, or protocols. The process is used in conjunction with packet mangling and Network

Address Translation (NAT). Packet filtering is often part of a firewall program for protecting a local network from unwanted intrusion. This type

of firewall can be best used for network perimeter security.

Answer B is incorrect. An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at

accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. These attempts may take the

form of attacks, as examples, by crackers, malware and/or disgruntled employees. An IDS cannot directly detect attacks within properly

encrypted traffic. An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and

trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks

such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).

Answer A is incorrect. A proxy server exists between a client's Web-browsing program and a real Internet server. The purpose of the

proxy server is to enhance the performance of user requests and filter requests. A proxy server has a database called cache where the most

frequently accessed Web pages are stored. The next time such pages are requested, the proxy server is able to suffice the request locally,

thereby greatly reducing the access time. Only when a proxy server is unable to fulfill a request locally does it forward the request to a real

Internet server. The proxy server can also be used for filtering user requests. This may be done in order to prevent the users from visiting

non-genuine sites.

Answer D is incorrect. A honeypot is a term in computer terminology used for a trap that is set to detect, deflect, or in some manner

counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to

be part of a network, but is actually isolated, and monitored, and which seems to contain information or a resource of value to attackers.

Correct : A, D

Ad Hoc Association is a type of attack in which an attacker tries to connect directly to an unsecured station to circumvent the AP security or to

attack the station. Any wireless card or USB adapter can be used to perform this attack.

Answer B and C are incorrect. The MacChanger and SirMACsAlot tools are used to perform MAC spoofing attacks.

Correct : D

The pr command is used to format text files according to the specified options. This command is usually used to paginate or columnate files for

printing.

Answer B is incorrect. The ps command reports the status of processes that are currently running on a Linux computer.

Answer A is incorrect. The wc command is used to count the number of bytes, words, and lines in a given file or in the list of files.

Answer C is incorrect. The tail command is used to display the last few lines of a text file or piped data.

Correct : B

The hard or soft NFS mount options are used to specify whether a program using a file via an NFS connection should stop and wait (hard) for the server to come back online, if the host serving the exported file system is unavailable, or if it should report an error.

Answer A is incorrect. The intr NFS mount option allows NFS requests to be interrupted if the server goes down or cannot be reached.

Answer C is incorrect. The nfsvers=2 or nfsvers=3 NFS mount options are used to specify which version of the NFS protocol to use.

Answer D is incorrect. The fsid=num NFS mount option forces the file handle and file attributes settings on the wire to be num.

Correct : C, D

The getSession() method of the HttpServletRequest interface returns the current session associated with the request, or creates a new

session if no session exists. The method has two syntaxes as follows:

public HttpSession getSession(): This method creates a new session if it does not exist.

public HttpSession getSession(boolean create): This method becomes similar to the above method if create is true, and returns the

current session if create is false. It returns null if no session exists.

Answer B is incorrect. The getSession(false) method returns a pre-existing session. It returns null if the

client has no session

associated with it.

Answer A and E are incorrect. There is no such method as getNewSession() in Java.