GIAC GSNA Exam Questions

Hyena supports the following group management functions:

Full group administration such as add, modify, delete, and copy

Rename groups

Copy groups from one computer to another

View both direct and indirect (nested) group members for one or more groups [only for Active Directory]

View all group members, including for multiple groups/entire domain [only for Active Directory]

Answer D is incorrect. All group members can neither be viewed nor managed until the new server is linked to Active Directory.

An event-based token, by its nature, has a long life span. They work on the one-time password principle and so once used, the next

password is generated. Often the user has a button to press to receive this new code via either a token or via an SMS message. All

CRYPTOCard's tokens are event-based rather than time-based.

Answer C is incorrect. Bluetooth tokens are often combined with a USB token, and hence work in both a connected and a disconnected

state. Bluetooth authentication works when closer than 32 feet (10 meters). If the Bluetooth is not available, the token must be inserted into

a USB input device to function.

Answer A is incorrect. Virtual tokens are a new concept in multi-factor authentication first introduced in 2005 by security company

Sestus. Virtual tokens work by sharing the token generation process between the Internet website and the user's computer and have the

advantage of not requiring the distribution of additional hardware or software. In addition, since the user's device is communicating directly

with the authenticating website, the solution is resistant to man-in-the-middle attacks and similar forms of online fraud.

Answer D is incorrect. Single sign-on software tokens are used by the multiple, related, but independent software systems. Some

types of single sign-on (SSO) solutions, like enterprise single sign-on, use this token to store software that allows for seamless authentication

and password filling. As the passwords are stored on the token, users need not remember their passwords and therefore can select more

secure passwords, or have more secure passwords assigned.

The TCP 172.16.1.0/24 any any 443 HTTPs permit rule is used to allow internal users to access secure external websites.

Answer A is incorrect. The TCP 172.16.1.0/24 any any 80 HTTP permit rule is used to allow internal users to access external

websites (secure & unsecure both).

Answer C is incorrect. The TCP 172.16.1.0/24 any any 80 HTTP deny rule is used to deny internal users to access external websites.

Answer B is incorrect. The TCP 172.16.1.0/24 any any 25 SMTP permit rule is used to allow internal mail servers to deliver mails to

external mail servers.

Following are the limitations of cross site request forgeries to be successful:

Following are the limitations of cross site request forgeries to be successful:

1.The attacker must target either a site that doesn't check the Referer header (which is common) or a victim with a browser or plugin bug

that allows Referer spoofing (which is rare).

2.The attacker must find a form submission at the target site that does something useful to the attacker (e.g., transfers money, or

changes the victim's e-mail address or password).

3.The attacker must determine the right values for all the form inputs: if any of them are required to be secret authentication values or

IDs that the attacker can't guess, the attack will fail.

4.The attacker must lure the victim to a Web page with malicious code while the victim is logged in to the target site.

Since, the attacker can't see what the target Web site sends back to the victim in response to the forged requests, unless he exploits a cross-

site scripting or other bug at the target Web site. Similarly, the attacker can only 'click' any links or submit any forms that come up after the

initial forged request, if the subsequent links or forms are similarly predictable. (Multiple 'clicks' can be simulated by including multiple images

on a page, or by using JavaScript to introduce a delay between clicks).

Answer C and D are incorrect. These two options are the preventions from cross site request forgeries. Web sites can be prevented

from cross site request forgeries (CSRF) by applying the following countermeasures available:

Requiring authentication in GET and POST parameters, not only cookies.

Checking the HTTP Referer header.

Ensuring there's no crossdomain.xml file granting unintended access to Flash movies.

Limiting the lifetime of authentication cookies.

Requiring a secret, user-specific token in all form submissions prevents CSRF; the attacker's site can't put the right token in its submissions.

Individual Web users can do relatively little to prevent cross-site request forgery. Logging out of sites and avoiding their 'remember me'

features can mitigate CSRF risk; not displaying external images or not clicking links in 'spam' or unreliable e-mails may also help.

In the pre-attack phase, there are seven steps, which have been defined by the EC-Council, as follows:

1.Information gathering

2.Determining network range

3.Identifying active machines

4.Finding open ports and applications

5.OS fingerprinting

6.Fingerprinting services

7.Mapping the network

Answer C is incorrect. In the enumeration phase, the attacker gathers information such as the network

user and group names, routing

tables, and Simple Network Management Protocol (SNMP) data. The techniques used in this phase are as follows:

1.Obtaining Active Directory information and identifying vulnerable user accounts

2.Discovering NetBIOS names

3.Employing Windows DNS queries

4.Establishing NULL sessions and queries