GSNA GIAC Exam Questions and Free Practice Test

Question 25

- (Topic 2)
Which of the following statements are true about security risks? (Choose three)

A. They can be removed completely by taking proper actions.

B. They are considered an indicator of threats coupled with vulnerability.

C. They can be mitigated by reviewing and taking responsible actions based on possible risks.

D. They can be analyzed and measured by the risk analysis process.

Correct Answer:BCD

In information security, security risks are considered an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. These risks can be analyzed and measured by the risk analysis process. Answer A is incorrect. Security risks can never be removed completely but can be mitigated by taking proper actions.

Question 26

- (Topic 3)
Mark is an attacker. He wants to discover wireless LANs by listening to beacons or sending probe requests and thereby provide a launch point for further attacks. Which of the following tools can he use to accomplish the task?

A. DStumbler

B. Wellenreiter

C. KisMAC

D. Airmon-ng

Correct Answer:ACD

War driving is an attack in which the attacker discovers wireless LANs by listening to beacons or sending probe requests, thereby providing a launch point for further attacks. Airmon-ng, DStumbler, KisMAC, MacStumbler, NetStumbler, Wellenreiter, and WiFiFoFum are the tools that can be used to perform a war driving attack. Answer B is incorrect. Wellenreiter is a tool that is used to perform MAC spoofing attacks.

Question 27

- (Topic 4)
Which of the following tools is used for port scanning?

A. L0phtcrack

B. NSLOOKUP

C. NETSH

D. Nmap

Correct Answer:D

The nmap utility, also commonly known as port scanner, is used to view the open ports on a Linux computer. It is used by administrators to determine which services are available for external users. This utility helps administrators in deciding whether to disable the services that are not being used in order to minimize any security risk. Answer B is incorrect. NSLOOKUP is a tool for diagnosing and troubleshooting Domain Name System (DNS) problems. It performs its function by sending queries to the DNS server and obtaining detailed responses at the command prompt. This information can be useful for diagnosing and resolving name resolution issues, verifying whether or not the resource records are added or updated correctly in a zone, and debugging other server-related problems. This tool is installed along with the TCP/IP protocol through the Control Panel. Answer C is incorrect. NETSH is a command line tool to configure TCP/IP settings such as the IP address, Subnet Mask, Default Gateway, DNS, WINS addresses, etc. Answer A is incorrect. L0phtcrack is a tool which identifies and remediate security vulnerabilities that result from the use of weak or easily guessed passwords. It recovers Windows and Unix account passwords to access user and administrator accounts.

Question 28

- (Topic 2)
Which of the following statements about packet filtering is true?

A. It allows or restricts the flow of specific types of packets to provide security.

B. It is used to send confidential data on the public network.

C. It allows or restricts the flow of encrypted packets to provide security.

D. It is used to store information about confidential data.

Correct Answer:A

Packet filtering is a method that allows or restricts the flow of specific types of packets to provide security. It analyzes the incoming and outgoing packets and lets them pass or stops them at a network interface based on the source and destination addresses, ports, or protocols. Packet filtering provides a way to define precisely which type of IP traffic is allowed to cross the firewall of an intranet. IP packet filtering is important when users from private intranets connect to public networks, such as the Internet.

Question 29

- (Topic 4)
Victor wants to use Wireless Zero Configuration (WZC) to establish a wireless network connection using his computer running on Windows XP operating system. Which of the following are the most likely threats to his computer? (Choose two)

A. Information of probing for networks can be viewed using a wireless analyzer and may be used to gain access.

B. Attacker can use the Ping Flood DoS attack if WZC is used.

C. Attacker by creating a fake wireless network with high power antenna cause Victor's computer to associate with his network to gain access.

D. It will not allow the configuration of encryption and MAC filterin

E. Sending information is not secure on wireless network.

Correct Answer:AC

Wireless Zero Configuration (WZC), also known as Wireless Auto Configuration, or WLAN AutoConfig is a wireless connection management utility included with Microsoft Windows XP and later operating systems as a service that dynamically selects a wireless network to connect to based on a user's preferences and various default settings. This can be used instead of, or in the absence of, a wireless network utility from the manufacturer of a computer's wireless networking device. The drivers for the wireless adapter query the NDIS Object IDs and pass the available network names to the service. WZC also introduce some security threats, which are as follows: WZC will probe for networks that are already connected. This information can be viewed by anyone using a wireless analyzer and can be used to set up fake access points to connect. WZC attempts to connect to the wireless network with the strongest signal. Attacker can create fake wireless networks with high- power antennas and cause computers to associate with his access point. Answer D is incorrect. WZC does not interfere in the configuration of encryption and MAC filtering. Answer B is incorrect. In a ping flood attack, an attacker sends a large number of ICMP packets to the target computer using the ping command, i.e., ping -f target_IP_address. When the target computer receives these packets in large quantities, it does not respond and hangs.

Question 30

- (Topic 3)
Which of the following statements are true about MS-CHAPv2?

A. It is a connectionless protocol.

B. It provides an authenticator-controlled password change mechanism.

C. It is subject to offline dictionary attacks.

D. It can be replaced with EAP-TLS as the authentication mechanism for PPTP.

Correct Answer:BCD

MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet. MS-CHAPv2 has various features such as: It is enabled by negotiating CHAP Algorithm 0x80 (0x81 for MS-CHAPv2) in LCP option 3, Authentication Protocol. It provides an authenticator-controlled password change mechanism. It provides an authenticator- controlled authentication retry mechanism. It defines failure codes returned in the Failure packet message field. With weak passwords, MS-CHAPv2 is subject to offline dictionary attacks; hence, it can be replaced with EAP-TLS as the authentication mechanism for PPTP.

START GSNA EXAM