GSNA GIAC Exam Questions and Free Practice Test

Question 49

- (Topic 1)
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. You want to run two programs, foo and bar. You also want to ensure that bar is executed if and
only if foo has executed successfully. Which of the following command sequences will John use to accomplish the task?

A. foo; bar;

B. foo || bar;

C. foo | bar;

D. foo && bar;

Correct Answer:D

According to the scenario, John will execute the foo && bar; command. Because of the && operator, bar will execute if and only if foo completes successfully. Answer A is incorrect. The foo; bar; command sequence will run foo and bar in a sequential manner, but the successful completion of the first command does not matter. Answer B is incorrect. The foo || bar; command sequence will run the bar if and only if foo fails to complete successfully. Answer C is incorrect. In the foo | bar; command sequence, the output of the foo command will be the input for the bar command.

Question 50

- (Topic 2)
You work as the Network Technician for XYZ CORP. The company has a Linux-based network. You are working on the Red Hat operating system. You want to view only the last 4 lines of a file named /var/log/cron. Which of the following commands should you use to accomplish the task?

A. tail -n 4 /var/log/cron

B. tail /var/log/cron

C. cat /var/log/cron

D. head /var/log/cron

Correct Answer:A

The tail -n 4 /var/log/cron command will show the last four lines of the file /var/log/cron.

Question 51

- (Topic 1)
You work as a Network Administrator for ABC Inc. The company uses a secure wireless network. John complains to you that his computer is not working properly. What type of security audit do you need to conduct to resolve the problem?

A. Non-operational audit

B. Dependent audit

C. Independent audit

D. Operational audit

Correct Answer:C

An independent audit is an audit that is usually conducted by external or outside resources. It is the process of reviewing detailed audit logs for the following purposes: To examine the system activities and access logs To assess the adequacy of system methods To assess the adequacy of system controls To examine compliance with established enterprise network system policies To examine compliance with established enterprise network system procedures To examine effectiveness of enabling, support, and core processes Answer B is incorrect. It is not a valid type of security audit. Answer D is incorrect. It is done to examine the operational and ongoing activities within a network. Answer B is incorrect. It is not a valid type of security audit. Answer D is incorrect. It is done to examine the operational and ongoing activities within a network. Answer A is incorrect. It is not a valid type of security audit.

Question 52

- (Topic 1)
A Web developer with your company wants to have wireless access for contractors that come in to work on various projects. The process of getting this approved takes time. So rather than wait, he has put his own wireless router attached to one of the network ports in his department. What security risk does this present?

A. None, adding a wireless access point is a common task and not a security risk.

B. It is likely to increase network traffic and slow down network performance.

C. This circumvents network intrusion detection.

D. An unauthorized WAP is one way for hackers to get into a network.

Correct Answer:D

Any unauthorized Wireless Access Point (WAP) is a serious security breach. Its configuration might be very unsecure. For example it might not use encryption or MAC filtering, thus allowing anyone in range to get on the network.

Question 53

- (Topic 2)
Which of the following statements about data integrity of a container are true? (Choose two)

A. It ensures that a hacker cannot alter the contents of an HTTP message while it is in transit from a container to a client.

B. Data integrity ensures that information is made available to users who are authorized to access it.

C. Data integrity ensures that information has not been modified by a third party while it is in transit.

D. It ensures that an eavesdropper cannot read an HTTP message being sent from a client to a container.

Correct Answer:AC

Data integrity ensures that information has not been modified, altered, or destroyed by a third party while it is in transit. Data integrity ensures that the data received is same as the data that was sent. Moreover, no one can tamper with the data during transmission from source to destination.
It also ensures that a hacker cannot alter the contents of an HTTP message while it is in transit from the container to the client. This will be accomplished through the use of HTTPS. The HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer. The HTTPS encrypts and decrypts the page requests and page information between the client browser and the Web server using a Secure Socket Layer. Answer D is incorrect. This answer option describes confidentiality. Answer B is incorrect. This answer option also describes confidentiality.

Question 54

- (Topic 3)
Sarah works as a Web Developer for XYZ CORP. She develops a Web site for the company. She uses tables in the Web site. Sarah embeds three tables within a table. What is the technique of embedding tables within a table known as?

A. Nesting tables

B. Stacking tables

C. CSS tables

D. Horned tables

Correct Answer:A

In general, nesting means embedding a construct inside another. Nesting tables is a technique in which one or more tables are embedded within a table. Answer B, C, D are incorrect. There are no techniques such as stacking tables, horned tables, or CSS tables.

START GSNA EXAM