GSNA GIAC Systems and Network Auditor Free Practice Exam Questions (2025 Updated)

To ensure fault tolerance among the servers and to get the highest possible level of security and encryption for OWA clients, you must install two front-end Exchange 2000 servers. Place the new servers on the perimeter network and configure load balancing between them. To enhance security, you should also configure Certificate Services and create a rule on the firewall to redirect port 443 to the servers. The most secure firewall configuration is placing a firewall on either side of the front-end servers. This isolates the front-end servers in a perimeter network, commonly referred to as a demilitarized zone (DMZ). It is always better to configure more than one front-end server to get fault tolerance.

A proxy server is a very important element for firewall applications. The services that it provides are as follows: Hide network resources: Proxy replaces the network IP address with a single IP address. Multiple systems can use a single IP address. Logging: A proxy server can log incoming and outgoing access, allowing a user to see every possible details of successful and failed connections. Cache: A proxy server can save information obtained from the Internet. It regularly updates these copies and automatically shows these pages, and will thus not need to access the Internet to view them.

The pr command is used to format text files according to the specified options. This command is usually used to paginate or columnate files for printing. Answer: B is incorrect. The ps command reports the status of processes that are currently running on a Linux computer. Answer: A is incorrect. The wc command is used to count the number of bytes, words, and lines in a given file or in the list of files. Answer: C is incorrect. The tail command is used to display the last few lines of a text file or piped data.

A Cascading Style Sheet (CSS) is a separate text file that keeps track of design and formatting information, such as colors, fonts, font sizes, and margins, used in Web pages. CSS is used to provide Web site authors greater control on the appearance and presentation of their Web pages. It has codes that are interpreteA, Dpplied by the browser on to the Web pages and their elements. CSS files have .css extension. There are three types of Cascading Style Sheets: External Style Sheet Embedded Style Sheet Inline Style Sheet Answer: A is incorrect. A style sheet is a set of additional tags used to describe the appearance of individual HTML tags. These tags can

By not broadcasting your SSID some simple war driving tools won't detect your network. However you should be aware that there are tools that will still detect networks that are not broadcasting their SSID across your network. Answer: D is incorrect. While MAC filtering may help prevent a hacker from accessing your network, it won't keep him or her from finding your network.

A port scanner is often used on the periphery of a network by either administrators or hackers. It will tell you what ports are open. By determining what ports are open, you know what services are exposed to the outside world. For example, if port 80 is open, then HTTP traffic is allowed, meaning there should be a Web server on the network. Answer: A is incorrect. Network mappers give a topography of the network, letting you know what is on your network and where it is connected. Answer: B is incorrect. A protocol analyzer does detect if a given protocol is moving over a particular network segment, thus would detect services working on that segment. However, a port scanner is a better tool for detecting all the ports that are open. Answer: D is incorrect. Packet sniffers are used to intercept traffic and to detect the contents of that traffic.

Storage and retention policies will determine how long you keep records (such as records of customers Web activity), how you will store them, and how you will dispose of them. This will allow you to know what records you should still have on hand should a legal request for such records come in. Answer: C is incorrect. User policies might determine what a customer has access to, but won't help you identify what they actually did access. Answer: A is incorrect. Group policies are usually pertinent to network administration, not the open and uncontrolled environment of an ISP. Answer: B is incorrect. Backup policies dictate how data is backed up and stored.

Base64 encryption encoding, which can easily be decoded, is used in the basic authentication method. Answer: B is incorrect. The Md5 hashing technique is used in the digest authentication method. Answer: A is incorrect. The HMAC_MD5 hashing technique is used in the NTLMv2 authentication method. Answer: C is incorrect. DES (ECB mode) is used in the NTLMv1 authentication method.

A screened host provides added security by using Internet access to deny or permit certain traffic from the Bastion Host. Answer: D is incorrect. A network interface card provides a physical connection between computers within a network.

Answer: B is incorrect. Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a private network. It is the boundary between the Internet and an internal network, usually a combination of firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a large enterprise network or corporate network the ability to use the Internet while still maintaining its security. Answer: A is incorrect. A proxy server facilitates a more efficient use of the Internet connection bandwidth and hides the real IP addresses of computers located behind the proxy.

According to the question, the output displays that the interface is administratively down. Administratively down means that the interface is shut down. In order to up the interface, you will have to open the interface with the no shutdown command. Answer: A is incorrect. Had there been a physical problem with the interface, the output would not have displayed "administratively down". Instead, the output would be as follows: serial0 is down, line protocol is down Answer: B is incorrect. You cannot run this command on a router that is powered off. Answer: C is incorrect. Encapsulation has nothing to do with the output displayed in the question.

You will use the mv /foo /bar command to move the whole directory /foo to /bar. The mv command moves files and directories from one directory to another or renames a file or directory. mv must always be given at least two arguments. The first argument is given as a source file. The second argument is interpreted as the destination. If destination is an existing directory, the source file is moved to that directory with the same name as the source. If the destination is any other directory, the source file is moved and/or renamed to that destination name. Syntax : mv [options] source destination Some important options used with mv command are as follows:

C:\Documents and Settings\user-nwz\Desktop\1.JPG

Answer: A is incorrect. The mv /bar /foo command will move the whole /bar directory to the /foo directory. Answer: B, D are incorrect. These are not valid Linux commands.

According to the scenario, John will use "nmap -v -O 208.100.2.25" to detect the operating system of the we-are-secure server. Here, -v is used for verbose and -O is used for TCP/IP fingerprinting to guess the remote operating system. John may also use the DNS name of we-are-secure instead of using the IP address of the we-are-secure server. So, he can also use the nmap command "nmap -v -O www.we-are-secure.com ". Answer: C is incorrect. "nc -v -n 208.100.2.25 80" is a Netcat command, which is used to banner grab for getting information about the

The fdisk command is a menu-based command available with Unix for hard disk configuration. This command can perform the following tasks: Delete a partition on a hard disk. Create a partition on a hard disk. Change the partition type. Display the partition table. Answer: B is incorrect. In Unix, the exportfs command is used to set up filesystems to export for nfs (network file sharing). Answer: A is incorrect. In Unix, the fdformat command formats a floppy disk. Answer: C is incorrect. In Unix, the fsck command is used to add new blocks to a filesystem. This command must not be run on a mounted file system.

Magic Lantern works both as an encryption-cracking tool and as a keylogger. Answer: C is incorrect. Alchemy Remote Executor is a system management tool that allows Network Administrators to execute programs on remote network computers without leaving their workplace. From the hacker's point of view, it can be useful for installing keyloggers, spyware, Trojans, Windows rootkits and such. One necessary condition for using the Alchemy Remote Executor is that the user/attacker must have the administrative passwords of the remote computers on which the malware is to be installed. Answer: B is incorrect. The KeyGhost keylogger is a hardware keylogger that is used to log all keystrokes on a computer. It is a tiny device that clips onto the keyboard cable. Once the KeyGhost keylogger is attached to the computer, it quietly logs every key pressed on the keyboard into its own internal Flash memory (just as with smart cards). When the log becomes full, it overwrites the oldest keystrokes with the newest ones. Answer: D is incorrect. SocketShield provides a protection shield to a computer system against malware, viruses, spyware, and various types of keyloggers. SocketShield provides protection at the following two levels: 1.Blocking: In this level, SocketShield uses a list of IP addresses that are known as purveyor of exploits. All http requests for any page in these domains are simply blocked. 2.Shielding: In this level, SocketShield blocks all the current and past IP addresses that are the cause of unauthorized access.

There are several denial of service (DoS) attacks that specifically use broadcast traffic to flood a targeted computer. Seeing an unexplained spike in broadcast traffic could be an indicator of an attempted denial of service attack. Answer: D is incorrect. Viruses can cause an increase in network traffic, and it is possible for that to be broadcast traffic. However, a DoS attack is more likely than a virus to cause this particular problem. Answer: C is incorrect. A syn flood does not cause increased broadcast traffic. Answer: A is incorrect. A misconfigured router could possibly cause an increase in broadcast traffic. However, this a recent problem, the router is unlikely to be the issue.

The sync command is used to flush filesystem buffers. It ensures that all disk writes have been completed before the processor is halted or rebooted. Generally, it is preferable to use reboot or halt to shut down a system, as they may perform additional actions such as resynchronizing the hardware clock and flushing internal caches before performing a final sync. Answer: B is incorrect. In Unix, the tune2fs command is used to adjust tunable filesystem parameters on the second extended filesystems. Answer: A is incorrect. In Unix, the swapon command is used to activate a swap partition. Answer: C is incorrect. In Unix, the swapoff command is used to de-activate a swap partition.

Audit account management is one of the nine audit settings that can be configured on a Windows computer. This option is enabled to audit each event that is related to a user managing an account in the user database on the computer where the auditing is configured. These events include the following: Creating a user account Adding a user account to a group Renaming a user account Changing password for a user account This option is also used to audit the changes to the domain account of the domain controllers.

WinSSLMiM is an HTTPS Man in the Middle attacking tool. It includes FakeCert, a tool used to make fake certificates. It can be used to exploit the Certificate Chain vulnerability in Internet Explorer. The tool works under Windows 9x/2000. For example, Generate fake certificate: fc -s www.we-are-secure.com -f fakeCert.crt Launch WinSSLMiM: wsm -f fakeCert.crt Answer: D is incorrect. Brutus is a password cracking tool that performs both dictionary and brute force attacks in which passwords are randomly generated from given characters. Brute forcing can be performed on the following authentications: HTTP (Basic Authentication) HTTP (HTML Form/CGI) POP3 (Post Office Protocol v3) FTP (File Transfer Protocol) SMB (Server Message Block) Telnet Answer: A is incorrect. Obiwan is a Web password cracking tool that is used to perform brute force and hybrid attacks. It is effective against HTTP connections for Web servers that allow unlimited failed login attempts by the user. Obiwan uses wordlists as well as alphanumeric characters as possible passwords. Answer: B is incorrect. Netcat is a freely available networking utility that reads and writes data across network connections by using the TCP/IP protocol. Netcat has the following features: It provides outbound and inbound connections for TCP and UDP ports. It provides special tunneling such as UDP to TCP, with the possibility of specifying all network parameters. It is a good port scanner. It contains advanced usage options, such as buffered send-mode (one line every N seconds), and hexdump (to stderr or to a specified file) of transmitted and received data. It is an optional RFC854 telnet code parser and responder.

A firewall is a tool to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Firewalls often have network address translation (NAT) functionality. The hosts protected behind a firewall commonly have addresses in the private address range. Firewalls have such functionality to hide the true address of protected hosts. Firewalls are used by administrators to control Internet access based on keyword restriction. Some proxy firewalls can cache data so that clients can access frequently requested data from the local cache instead of using the Internet connection to request it. This is convenient for cutting down on unnecessary bandwidth consumption. Answer: B is incorrect. It is an area where a firewall faces difficulty in securing the network. It is the area where employees make alternate connections to the Internet for their personal use, resulting in useless rendering of the firewall.