GIAC GSNA - GIAC Systems and Network Auditor

'Printenv' vulnerability allows an attacker to input specially crafted links and/or other malicious scripts. For example, http://www/cgi-bin/printenv/ Since 'printenv' is just an example CGI script (It comes with various versions of the Apache Web server.) that has no real use and has its own problems, there is no problem in removing it. Answer: B is incorrect. 'Printenv' does not maintain any log file of user activities.

The routing table displays various RIP and Connected routes. There is no routing entry for 10.10.100.0/24, but there is a default route in the routing table using 172.18.1.1 as the next hop router. Given that 10.10.100.0/24 does not have a direct entry in the routing table, RouterA will forward traffic to the default route next hop address of 172.18.1.1. Answer: A is incorrect. The address does not appear in the routing table as a next hop router, in addition to being an actual subnet number for 192.168.10.0/24. Answer: C is incorrect. 172.18.50.1 is the next hop for reaching 192.168.11.0. Answer: B is incorrect. 172.18.60.1 is the next hop for reaching 192.168.12.0.

The action taken will fulfill the internal resource security concern. It has nothing to do with the secured communication. Firewall is used to protect the network from external attacks by hackers. Firewall prevents direct communication between computers in the network and the external computers, through the Internet. Instead, all communication is done through a proxy server, outside the organization's network, which decides whether or not it is safe to let a file pass through. To achieve the secured communication goal, you will have to configure a virtual private network (VPN) between the two offices.

The getSession() method of the HttpServletRequest interface returns the current session associated with the request, or creates a new session if no session exists. The method has two syntaxes as follows: public HttpSession getSession(): This method creates a new session if it does not exist. public HttpSession getSession(boolean create): This method becomes similar to the above method if create is true, and returns the current session if create is false. It returns null if no session exists. Answer: B is incorrect. The getSession(false) method returns a pre-existing session. It returns null if the client has no session associated with it.

Cascading style sheets (CSS) are used so that the Web site authors can exercise greater control on the appearance and presentation of their Web pages. And also because they increase the ability to precisely point to the location and look of elements on a Web page and help in creating special effects. Cascading Style Sheets have codes, which are interpreteA, Dpplied by the browser on to the Web pages and their elements. There are three types of cascading style sheets. External Style Sheets Embedded Style Sheets Inline Style Sheets External Style Sheets are used whenever consistency in style is required throughout a Web site. A typical external style sheet uses a .css file extension, which can be edited using a text editor such as a Notepad. Embedded Style Sheets are used for defining styles for an active page. Inline Style Sheets are used for defining individual elements of a page. Reference: TechNet, Contents: Microsoft Knowledgebase, February 2000 issue PSS ID Number: Q179628

The MARGINHEIGHT and MARGINWIDTH attributes are used in the tag to adjust the top and left margins of a Web page to be displayed in Netscape Navigator. Specifying MARGINHEIGHT="0" and MARGINWIDTH="0" within the tag will create a borderless page structure when viewed in Netscape Navigator. Answer: D is incorrect. The TOPMARGIN and LEFTMARGIN attributes are used in the tag to adjust the top and left margins of a Web page to be displayed in Internet Explorer. Specifying TOPMARGIN="0" and LEFTMARGIN="0" within the tag will create a borderless page structure when viewed in Internet Explorer. Answer: C is incorrect. These attributes are used to adjust margins and not to delete text from margins.

LEAP can use only password hash as the authentication technique. Not only LEAP, but EAP-TLS, EAP-TTLS, and PEAP also support dynamic key encryption and mutual authentication. Answer: C is incorrect. LEAP provides only a moderate level of security. Answer: B is incorrect. LEAP uses password hash for server authentication.

The HttpSessionActivationListener interface notifies an attribute that the session is about to be activated or passivated. Methods of this interface are as follows: public void sessionDidActivate(HttpSessionEvent session): It notifies the attribute that the session has just been moved to a different JVM. public void sessionWillPassivate(HttpSessionEvent se): It notifies the attribute that the session is about to move to a different JVM. Answer: B, C are incorrect. These functions are performed by the HttpSessionBindingListener interface. The HttpSessionBindingListener interface causes an object of the implementing class to be notified when it is added to or removed from a session. The HttpSessionBindingListener interface has the following methods: public void valueBound(event): This method takes an object of type HttpSessionBindingEvent as an argument. It notifies the object when it is bound to a session. public void valueUnbound(HttpSessionBindingEvent event): This method takes an object of type HttpSessionBindingEvent as an argument. It notifies the object when it is unbound from a session.

Brutus can be used to perform brute force attacks, dictionary attacks, or hybrid attacks.

System hardening is a term used for securing an operating system. It can be achieved by installing the latest service packs, removing unused protocols and services, and limiting the number of users with administrative privileges.