At ValidExamDumps, we consistently monitor updates to the GIAC GSNA exam questions by GIAC. Whenever our team identifies changes in the exam questions,exam objectives, exam focus areas or in exam requirements, We immediately update our exam questions for both PDF and online practice exams. This commitment ensures our customers always have access to the most current and accurate questions. By preparing with these actual questions, our customers can successfully pass the GIAC Systems and Network Auditor exam on their first attempt without needing additional materials or study guides.
Other certification materials providers often include outdated or removed questions by GIAC in their GIAC GSNA exam. These outdated questions lead to customers failing their GIAC Systems and Network Auditor exam. In contrast, we ensure our questions bank includes only precise and up-to-date questions, guaranteeing their presence in your actual exam. Our main priority is your success in the GIAC GSNA exam, not profiting from selling obsolete exam questions in PDF or Online Practice Test.
You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. You have configured a firewall on the network. A filter has been applied to block all the ports. You want to enable sending and receiving of emails on the network. Which of the following ports will you open?
Each correct answer represents a complete solution. Choose two.
In order to enable email communication, you will have to open ports 25 and 110. Port 25 is used by SMTP to send emails. Port 110 is used by POP3 to receive emails.
Which of the following tools monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack
tools?
Wireless intrusion prevention system (WIPS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use
of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator
whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices.
Rogue devices can spoof MAC address of an authorized network device as their own. WIPS uses fingerprinting approach to weed out devices
with spoofed MAC addresses. The idea is to compare the unique signatures exhibited by the signals emitted by each wireless device against
the known signatures of pre-authorized, known wireless devices.
Answer B is incorrect. An Intrusion detection system (IDS) is used to detect unauthorized attempts to access and manipulate computer
systems locally or through the Internet or an intranet. It can detect several types of attacks and malicious behaviors that can compromise the
security of a network and computers. This includes network attacks against vulnerable services, unauthorized logins and access to sensitive
data, and malware (e.g. viruses, worms, etc.). An IDS also detects attacks that originate from within a system. In most cases, an IDS has
three main components: Sensors, Console, and Engine. Sensors generate security events. A console is used to alert and control sensors and
to monitor events. An engine is used to record events and to generate security alerts based on received security events. In many IDS
implementations, these three components are combined into a single device. Basically, following two types of IDS are used :
Network-based IDS
Host-based IDS
Answer A is incorrect. Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It
logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including
Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).
The three main modes in which Snort can be configured are as follows:
Sniffer mode: It reads the packets of the network and displays them in a continuous stream on the console.
Packet logger mode: It logs the packets to the disk.
Network intrusion detection mode: It is the most complex and configurable configuration, allowing Snort to analyze network traffic for
matches against a user-defined rule set.
Answer C is incorrect. A firewall is a tool to provide security to a network. It is used to protect an internal network or intranet against
unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic
between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports.
With the appropriate command.
You want to search the most recent command that starts with the string 'user'. For this, you will enter the command to get the desired result.
the history !user command to search the most recent command that starts with the string 'user'. In the bash shell, the history command is
used to view the recently executed commands. History is on by default. A user can turn off history using the command set +o history and turn
it on using set -o history. An environment variable HISTSIZE is used to inform bash about how many history lines should be kept. The
following commands are frequently used to view and manipulate history:
You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to do RARP mapping from hardware mapping addresses to IP addresses. Which of the following Unix configuration files can you use to accomplish the task?
In Unix, the /etc/ethers file is used by system administrators for RARP mapping from hardware mapping addresses to IP addresses.
Answer A is incorrect. In Unix, the /etc/dhcpd.conf file is the configuration file for the DHCP server daemon.
Answer C is incorrect. In Unix, the /etc/exports file describes exported file systems for NFS services.
Answer B is incorrect. In Unix, the /etc/motd file automatically displays the message of the day after a successful login.
Which of the following does an anti-virus program update regularly from its manufacturer's Web site?
An anti-virus program updates the virus definition file regularly from the anti-virus manufacturer's Web site.
Antivirus (or anti-virus) software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such
programs may also prevent and remove adware, spyware, and other forms of malware. Traditional antivirus software solutions run virus
scanners on schedule, on demand and some run scans in real time. If a virus or malware is located, the suspect file is usually placed into a
quarantine to terminate its chances of disrupting the system. Traditional antivirus solutions scan and compare against a publicized and
regularly updated dictionary of malware otherwise known as a blacklist. Some antivirus solutions have additional options that employ a
heuristic engine which further examines the file to see if it is behaving in a similar manner to previous examples of malware. A new technology
utilized by a few antivirus solutions is whitelisting; this technology first checks if the file is trusted and only questions those that are not. With
the addition of wisdom of crowds, antivirus solutions backup other antivirus techniques by harnessing the intelligence and advice of a
community of trusted users to protect each other.
Answer C is incorrect. A service pack is a collection of Fixes and Patches in a single product. A service pack can be used to handle a
large number of viruses and bugs or to update an operating system with advanced and better capabilities. A service pack usually contains a
number of file replacements.
Answer A is incorrect. Hotfix is a collection of files used by Microsoft for software updates that are released between major service pack
releases. A hotfix is about a problem, occurring under specific circumstances, which cannot wait to be fixed till the next service pack release.
Hotfixes are generally related to security problems. Hence, it is essential to fix these problems as soon as possible.
Answer B is incorrect. An anti-virus program does not update Permissions regularly from its manufacturer's Web site.
