Pass the GIAC Audit GSNA GSNA Questions and answers with ExamsMirror

Disabling SSID broadcast will free up bandwidth in a WLAN environment. It is used to enhance security of a Wireless LAN (WLAN). It makes difficult for attackers to find the access point (AP). It is also used by enterprises to prevent curious people from trying to access the WLAN.

Various authorities have created differing taxonomies to distinguish the various types of IT audits. Goodman & Lawless state that there are three specific systematic approaches to carry out an IT audit: Technological innovation process audit: This audit constructs a risk profile for existing and new projects. The audit will assess the length and depth of the company's experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization and industry structure. Innovative comparison audit: This audit is an analysis of the innovative abilities of the company being audited in comparison to its competitors. This requires examination of company's research and development facilities, as well as its track record in actually producing new products. Technological position audit: This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either "base", "key", "pacing", or "emerging". Answer: D is incorrect. These are the audits to verify that controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.

Packet filtering is a method that allows or restricts the flow of specific types of packets to provide security. It analyzes the incoming and outgoing packets and lets them pass or stops them at a network interface based on the source and destination addresses, ports, or protocols. Packet filtering provides a way to define precisely which type of IP traffic is allowed to cross the firewall of an intranet. IP packet filtering is important when users from private intranets connect to public networks, such as the Internet.

Blue jacking is the process of using another bluetooth device that is within range (about 30' or less) and sending unsolicited messages to the target. Answer: B is incorrect. Blue snarfing is a process whereby the attacker actually takes control of the phone. Perhaps copying data or even making calls. Answer: C is incorrect. A virus would not cause unsolicited messages. Adware might, but not a virus. Answer: A is incorrect. Spam would not be limited to when the person was in a crowded area.

Data mining is a process of sorting through data to identify patterns and establish relationships. Following are the data mining parameters: Association: Looking for patterns where one event is connected to another event. Sequence or path analysis: Looking for patterns where one event leads to another later event. Classification: Looking for new patterns (may result in a change in the way the data is organized but is acceptable). Clustering: Finding and visually documenting groups of facts not previously known. Forecasting: Discovering patterns in data that can lead to reasonable predictions about the future (This area of data mining is known as predictive analytics).

PSK cracking is an attack technique in which an attacker tries to intercept the successful handshake and then uses a dictionary attack to retrieve the shared key. Answer: A is incorrect. Shared key guessing is an attack technique in which an intruder by use of various cracking tools tries to guess the shared key of a wireless network and gain access to it. Answer: C is incorrect. A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities. A dictionary attack uses a brute-force technique of successively trying all the words in an exhaustive list (from a pre-arranged list of values). In contrast with a normal brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words in a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries, or simple, easily-predicted variations on words, such as appending a digit. Answer: B is incorrect. In a brute force attack, an attacker uses software that tries a large number of the keys combinations in order to get a password. To prevent such attacks, users should create passwords more difficult to guess, e.g., using a minimum of six characters, alphanumeric combinations, and lower-upper case combinations, etc.

LEAP can use only password hash as the authentication technique. Not only LEAP, but EAP-TLS, EAP-TTLS, and PEAP also support dynamic key encryption and mutual authentication. Answer: C is incorrect. LEAP provides only a moderate level of security. Answer: B is incorrect. LEAP uses password hash for server authentication.

The perfect data access auditing solution would address the following six questions: 1.Who accessed the data? 2.When was the data accessed? 3.Which computer program or client software was used to access the data? 4.From what location on the network was the data accessed? 5.What was the SQL query that accessed the data? 6.Was access to the data successfully done; and if so, how many rows of data were retrieved? Answer: C is incorrect. In the perfect data access auditing solution, it cannot be determined for whom the data is being accessed. Only the person accessing the data can be identified.

In Unix, the hdparm command is used to get or set hard disk geometry parameters, cylinders, heads, and sectors. Answer: C is incorrect. In Unix, the mkfs command initializes a Unix filesystem. This is a front end that runs a separate program depending on the filesystem's type. Answer: A is incorrect. In Unix, the mke2fs command creates a Unix second extended filesystem. Answer: B is incorrect. In Unix, the mkswap command sets up a Unix swap area on a device or file.

'Audit account logon events' is one of the nine audit settings that can be configured on a Windows computer. This performs auditing whenever a user logs on or off from a different computer in which the computer performing the auditing is used for validating the account, for example, when a user logs on to a Windows XP Professional computer, but gets authenticated by a domain controller. The event would be generated on the domain controller, as it is actually being used for validating the user. Answer: A is incorrect. Audit account management is one of the nine audit settings that can be configured on a Windows computer. This option is enabled to audit each event that is related to a user managing an account in the user database on the computer where the auditing is configured. These events include the following: Creating a user account Adding a user account to a group Renaming a user account Changing password for a user account This option is also used to audit the changes to the domain account of the domain controllers. Answer: C is incorrect. The 'Audit directory service access' option is enabled to capture the events that are related to the users accessing the Active Directory object which has been configured to track user access through the System Access Control List (SACL) of the object. Answer: B is incorrect. The 'Audit logon events' option is enabled to audit each event that is related to a user logging on to, logging off from, or making a network connection to the computer configured to audit logon events.