Meilleur GIAC GSSP-JaVa G2700 test formation guide

Vous pouvez comparer un peu les Q&As dans les autres sites web que lesquelles de Pass4Test, c'est pas difficile à trouver que la Q&A GIAC GSSP-JaVa est plus complète. Vous pouvez télécharger le démo gratuit à prendre un essai de la qualité de Pass4Test. La raison de la grande couverture des questions et la haute qualité des réponses vient de l'expérience riche et la connaissances professionnelles des experts de Pass4Test. La nouvelle Q&A de GIAC GSSP-JaVa lancée par l'équipe de Pass4Test sont bien populaire par les candidats.

Pas besoin de beaucoup d'argent et de temps, vous pouvez passer le test GIAC G2700 juste avec la Q&A de GIAC G2700 offerte par Pass4Test qui vous offre le test simulation bien proche de test réel.

Le guide d'étude sorti de Pass4Test comprend les expériences résumées par nos experts, les matériaux et les Q&As à propos de test Certification GIAC GSSP-JaVa. Notre bonne réputation dans l'industrie IT sera une assurance 100% à réussir le test GIAC GSSP-JaVa. Afin de vous permettre de choisir Pass4Test, vous pouvez télécharger gratuitement le démo de Q&A tout d'abord.

Code d'Examen: GSSP-JaVa
Nom d'Examen: GIAC (GIAC Secure Software Programmer – Java)
Questions et réponses: 275 Q&As

Code d'Examen: G2700
Nom d'Examen: GIAC (GIAC Certified ISO-2700 Specialist Practice Test)
Questions et réponses: 453 Q&As

Pass4Test est un site web de vous offrir particulièrement les infos plus chaudes à propos de test Certification GIAC GSSP-JaVa. Pour vous assurer à nous choisir, vous pouvez télécharger les Q&As partielles gratuites. Pass4Test vous promet un succès 100% du test GIAC GSSP-JaVa.

Aujoud'hui, c'est une société de l'informatique. Beaucoup d'organisations peut provider l'outil de se former pour le test Certification GIAC GSSP-JaVa. Mais on doit admettre que ces site n'ont pas la capacité à offrir une bonne Q&A, elles sont généralement très vagues et sans les points. C'est loin d'attirer les attentions des candidats.

GSSP-JaVa Démo gratuit à télécharger: http://www.pass4test.fr/GSSP-JaVa.html

NO.1 Which of the following classes is an engine class that provides an opaque representation of
cryptographic parameters?
A. DSAPublicKeySpec
B. AlgorithmParameterGenerator
C. DSAParameterSpec
D. AlgorithmParameters
Answer: D

GIAC examen   GSSP-JaVa examen   GSSP-JaVa examen

NO.2 Which of the following elements are the subelements of the mime-mapping element in a
deployment descriptor file?
Each correct answer represents a complete solution. Choose all that apply.
A. exception-type
B. error-code
C. extension
D. mime-type
E. servlet-class
Answer: C,D

GIAC   GSSP-JaVa examen   GSSP-JaVa examen   GSSP-JaVa examen   certification GSSP-JaVa

NO.3 Mark works as a Programmer for InfoTech Inc. He develops the following deployment descriptor code.
<web-app . . . .
>
<display-name>A Secure Application</display-name><servlet>
..
.
<security-role-ref
>
<role-name>Manager</role-name>
<role-link>Admin</role-link>
</security-role-ref>
</servlet>
<security-role>
<role-name>Programmer</role-name>
</security-role>
<security-role>
<role-name>Admin</role-name>
</security-role>
<security-role>
<role-name>Employee</role-name>
</security-role>
</web-app>
Which of the following is a valid isUserInRole() method call that can be made if request is the
HttpServletRequest request?
A. request.isUserInRole("Programmer");
B. request.isUserInRole("Manager");
C. request.isUserInRole("Admin");
D. request.isUserInRole("Employee");
Answer: B

GIAC examen   certification GSSP-JaVa   certification GSSP-JaVa   certification GSSP-JaVa   GSSP-JaVa examen

NO.4 You work as a Software Developer for UcTech Inc. You create a session using the HttpSession
interface. You want the attributes to be informed when the session is moved from one JVM to another and
also when an attribute is added or removed from the session. Which of the following interfaces can you
use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
A. HttpSessionBindingListener
B. HttpSessionListener
C. HttpSessionActivationListener
D. HttpSessionAttributeListener
Answer: C,D

certification GIAC   certification GSSP-JaVa   GSSP-JaVa examen   GSSP-JaVa examen

NO.5 Which of the following statements about programmatic security are true?
Each correct answer represents a complete solution. Choose all that apply.
A. The bean provider is responsible for writing code for programmatic security.
B. It is also called as instance level security.
C. It is implemented using methods of the EJBContext interface.
D. It is implemented using the methods of the UserTransaction interface.
Answer: A,B,C

certification GIAC   certification GSSP-JaVa   GSSP-JaVa examen   GSSP-JaVa examen

NO.6 Given a code of a class named PrintString that prints a string.
1. public class PrintString{
2. public static void main(String args[]){
3. /*insert code here */
4. /* insert code here */
5. System.out.println(str);
6. }
7. }
Which of the following code fragments can be inserted in the class PrintString to print the output
"4247"?
Each correct answer represents a complete solution. Choose all that apply.
A. StringBuilder str= new StringBuilder("123456789");
str.delete(0,3).replace(1,3,"24").delete(4,6);
B. StringBuffer str= new StringBuffer("123456789");
str.delete(0,3).replace(1,3,"24").delete(4,6);
C. StringBuffer str=new StringBuffer("123456789");
str.substring(3,6).delete(1,2).insert(1,"24");
D. StringBuilder str= new StringBuilder("123456789");
str.deleteCharAt(6).replace(1,3,"24").delete(0,3);
E. String str="123456789";
str=(str-"123").replace(1,3,"24")-"89";
Answer: A,B

certification GIAC   certification GSSP-JaVa   GSSP-JaVa examen

NO.7 Mark works as a Programmer for InfoTech Inc. He develops a deployment descriptor code that contains
three valid
<security-constraint> elements.
All of them constraining a Web resource Res1, the
<auth-constraint> sub-element of the <security-constraint>
elements are as follows.
<auth-constraint>Admin</auth-constraint>
<auth-constraint>Manager</auth-constraint>
<auth-constraint/>
Which of the following can access the resource Res1?
A. Only Manager can access the resource.
B. No one can access the resource.
C. Everyone can access the resource.
D. Only Admin can access the resource.
Answer: B

certification GIAC   certification GSSP-JaVa   certification GSSP-JaVa   certification GSSP-JaVa

NO.8 John works as a Software Developer for VenTech Inc. He writes the following code using Java.
public class vClass extends Thread
{
public static void main(String args[])
{
vClass vc=new vClass();
vc.run();
}
public void start()
{
for(int k=0;k<20;k++)
{
System.out.println("The value of k = "+k);
}
}
}
What will happen when he attempts to compile and execute the application.?
A. The application will compile successfully and the values from 0 to 19 will be displayed as the output.
B. A compile-time error will occur indicating that no run() method is defined for the Thread class.
C. A runtime error will occur indicating that no run() method is defined for the Thread class.
D. The application will compile successfully but will not display anything as the output.
Answer: D

certification GIAC   GSSP-JaVa   GSSP-JaVa examen

Le meilleur matériel de formation examen GIAC GSEC

Vous pouvez télécharger le démo gratuit pour prendre un essai. Vous aurez plus confiance sur Pass4Test. N'hésitez plus à choisir la Q&A GIAC GSEC comme votre guide d'étude.

Pass4Test est un site de provider les chances à se former avant le test Certification IT. Il y a de différentes formations ciblées aux tous candidats. C'est plus facile à passer le test avec la formation de Pass4Test. Parmi les qui ont déjà réussi le test, la majorité a fait la préparation avec la Q&A de Pass4Test. Donc c'est pourquoi, Pass4Test a une bonne réputation dansn l'Industrie IT.

Code d'Examen: GSEC
Nom d'Examen: GIAC (GIAC Security Essentials Certification)
Questions et réponses: 280 Q&As

Le test Certification GIAC GSEC est une chance précieuse à augmenter vos connaissances de technologie informatique dans l'industrie IT. Il attire beaucoup de professionls à participer ce test. Pass4Test peut vous offrir les outils de formation particuliers à propos de test GIAC GSEC. Vous réaliserez plus tôt votre rêve avec la Q&A écrite par l'équipe professionnelle de Pass4Test. Pass4Test se contribue à vous donner un coup de main pour réussir le test GIAC GSEC.

Pass4Test vous promet de vous aider à passer le test GIAC GSEC, vous pouvez télécharger maintenant les Q&As partielles de test GIAC GSEC en ligne. Il y a encore la mise à jour gratuite pendant un an pour vous. Si vous malheureusement rater le test, votre argent sera 100% rendu.

Choisir le Pass4Test peut vous aider à réussir 100% le test GIAC GSEC qui change tout le temps. Pass4Test peut vous offrir les infos plus nouvelles. Dans le site de Pass4Test le servie en ligne est disponible toute la journée. Si vous ne passerez pas le test, votre argent sera tout rendu.

GSEC Démo gratuit à télécharger: http://www.pass4test.fr/GSEC.html

NO.1 You have a customer who wants to put wireless internet in his remote cabin. The cabin is many miles
from any other building with internet connectivity or access points. What should you recommend?
A. DSL
B. FIOS connection
C. Satellite internet
D. Microwave connection
Answer: C

GIAC examen   GSEC examen   certification GSEC   certification GSEC   GSEC examen

NO.2 Which of the following frequencies are used by wireless standard 802.11n to operate? Each correct
answer represents a complete solution. Choose two.
A. 1 Ghz
B. 2 Ghz
C. 2.4 Ghz
D. 5 Ghz
Answer: C, D

GIAC examen   certification GSEC   GSEC examen   certification GSEC   GSEC examen

NO.3 Which of the following statements are true about satellite broadband Internet access? Each correct
answer represents a complete solution. Choose two.
A. It is among the least expensive way of gaining broadband Internet access.
B. It is among the most expensive way of gaining broadband Internet access.
C. This type of internet access has low latency compared to other broadband services.
D. This type of internet access has high latency compared to other broadband services.
Answer: B, D

GIAC examen   GSEC   GSEC examen   GSEC examen   GSEC

NO.4 Which of the following statements regarding Secure Sockets Layer (SSL) are true? Each correct
answer represents a complete solution. Choose all that apply.
A. SSL provides message integrity to prevent alteration to the message.
B. During SSL session, information is encrypted to prevent unauthorized disclosure.
C. SSL can process credit cards.
D. SSL can support 128-bit encryption.
Answer: A,B,D

GIAC   GSEC   certification GSEC   GSEC examen

NO.5 Which of the following ports is the default port for IMAP4 protocol?
A. TCP port 443
B. TCP port 143
C. TCP port 25
D. TCP port 80
Answer: B

certification GIAC   GSEC examen   GSEC   GSEC examen   GSEC examen

NO.6 Which of the following is not an encryption technology?
A. Blowfish
B. KILL
C. 3DES
D. MD5
Answer: B

GIAC examen   GSEC   GSEC examen   GSEC

NO.7 The /cat/etc/passwd file on a client computer contains the following entry: Martha:x:::::bin/false
Which of the following is true for Martha?
A. Martha's password is x.
B. Martha has full access on the computer.
C. Martha has limited access on the computer.
D. Martha has been denied access on the computer.
Answer: D

GIAC   GSEC   GSEC examen   GSEC   certification GSEC   GSEC examen

NO.8 Which of the following is NOT the feature of SELinux in the Red Hat enterprise Linux?
A. SELinux does not provide Kernel-level security.
B. All process and files have a context.
C. SELinux implements Mandatory Access Control (MAC) security in Red Hat Enterprise Linux.
D. SELinux applies to all users, including root.
Answer: A

certification GIAC   GSEC examen   GSEC examen   GSEC examen   certification GSEC

Aujoud'hui, c'est une société de l'informatique. Beaucoup d'organisations peut provider l'outil de se former pour le test Certification GIAC GSEC. Mais on doit admettre que ces site n'ont pas la capacité à offrir une bonne Q&A, elles sont généralement très vagues et sans les points. C'est loin d'attirer les attentions des candidats.

Meilleur GIAC GISP test formation guide

C'est pas facile à passer le test Certification GIAC GISP, choisir une bonne formation est le premier bas de réussir, donc choisir une bonne resource des informations de test GIAC GISP est l'assurance du succès. Pass4Test est une assurance comme ça. Une fois que vous choisissez le test GIAC GISP, vous allez passer le test GIAC GISP avec succès, de plus, un an de service en ligne après vendre est gratuit pour vous.

Si vous travaillez quand même très dur et dépensez beaucoup de temps pour préparer le test GIAC GISP, mais ne se savez pas du tout c'est où le raccourci pour passer le test certification, Pass4Test peut vous donner une solution efficace. Vous vous sentirez magiquement jouer un effet multiplicateur.

Beaucoup de gens trouvent difficile à passer le test GIAC GISP, c'est juste parce que ils n'ont pas bien choisi une bonne Q&A. Vous penserez que le test GIAC GISP n'est pas du tout autant dur que l'imaginer. Le produit de Pass4Test non seulement comprend les Q&As qui sont impressionnées par sa grande couverture des Questions, mais aussi le service en ligne et le service après vendre.

Code d'Examen: GISP
Nom d'Examen: GIAC (GIAC Information Security Professional)
Questions et réponses: 659 Q&As

Il y a nombreux façons à vous aider à réussir le test GIAC GISP. Le bon choix est l'assurance du succès. Pass4Test peut vous offrir le bon outil de formation, lequel est une documentation de qualité. La Q&A de test GIAC GISP est recherchée par les experts selon le résumé du test réel. Donc l'outil de formation est de qualité et aussi autorisé, votre succès du test GIAC GISP peut bien assuré. Nous allons mettre le jour successivement juste pour répondre les demandes de tous candidats.

GISP Démo gratuit à télécharger: http://www.pass4test.fr/GISP.html

NO.1 Sam works as a Web Developer for McRobert Inc. He wants to control the way in which a Web
browser receives information and downloads content from Web sites. Which of the following browser
settings will Sam use to accomplish this?
A. Proxy server
B. Security
C. Cookies
D. Certificate
Answer: B

GIAC   GISP   GISP   certification GISP

NO.2 Which of the following statements about DMZ are true?
Each correct answer represents a complete solution. Choose two.
A. It is an anti-virus software that scans the incoming traffic on an internal network.
B. It is the boundary between the Internet and a private network.
C. It contains company resources that are available on the Internet, such as Web servers and FTP
servers.
D. It contains an access control list (ACL).
Answer: B,C

GIAC   certification GISP   GISP examen   GISP examen   certification GISP

NO.3 Which methods help you to recover your data in the event of a system or hard disk failure?
Each correct answer represents a complete solution. Choose two.
A. Install a RAID system
B. Use data encryption
C. Install and use a tape backup unit
D. Install UPS systems on all important devices
Answer: A,C

certification GIAC   GISP examen   GISP examen   GISP examen

NO.4 Which of the following statements about Switched Multimegabit Data Service (SMDS) are true?
Each correct answer represents a complete solution. Choose two.
A. It is a logical connection between two devices.
B. It uses fixed-length (53-byte) packets to transmit information.
C. It supports speeds of 1.544 Mbps over Digital Signal level 1 (DS-1) transmission facilities.
D. It is a high-speed WAN networking technology used for communication over public data networks
Answer: C,D

GIAC   GISP examen   GISP   certification GISP   GISP examen

NO.5 Which of the following statements about Digest authentication are true?
Each correct answer represents a complete solution. Choose two.
A. In Digest authentication, passwords are sent across a network as clear text, rather than as a has value.
B. Digest authentication is used by wireless LANs, which follow the IEEE 802.11 standard.
C. In Digest authentication, passwords are sent across a network as a hash value, rather than as clear
text.
D. Digest authentication is a more secure authentication method as compared to Basic authentication.
Answer: C,D

certification GIAC   GISP examen   GISP   certification GISP

NO.6 When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known
as __________.
A. False positive
B. False negative
C. True negative
D. True positive
Answer: A

GIAC   GISP   GISP examen   certification GISP   GISP

NO.7 Fill in the blank with the appropriate value.
Service Set Identifiers (SSIDs) are case sensitive text strings that have a maximum length of_______
characters.
A. 32
Answer: A

GIAC   GISP   GISP

NO.8 Which of the following is a technique used to attack an Ethernet wired or wireless network?
A. DNS poisoning
B. Keystroke logging
C. Mail bombing
D. ARP poisoning
Answer: D

certification GIAC   GISP   GISP   GISP

NO.9 Which of the following protocols is used to verify the status of a certificate?
A. CEP
B. HTTP
C. OSPF
D. OCSP
Answer: D

GIAC   GISP   certification GISP   GISP examen

NO.10 Which of the following are the benefits of information classification for an organization?
A. It helps identify which information is the most sensitive or vital to an organization.
B. It ensures that modifications are not made to data by unauthorized personnel or processes.
C. It helps identify which protections apply to which information.
D. It helps reduce the Total Cost of Ownership (TCO).
Answer: A,C

certification GIAC   GISP   GISP examen   GISP

NO.11 Which of the following heights of fence deters only casual trespassers?
A. 3 to 4 feet
B. 2 to 2.5 feet
C. 8 feet
D. 6 to 7 feet
Answer: A

GIAC   GISP examen   GISP   GISP   GISP

NO.12 You work as a Network Administrator for NetTech Inc. The company has a network that consists of 200
client computers and ten database servers. One morning, you find that a hacker is accessing
unauthorized data on a database server on the network. Which of the following actions will you take to
preserve the evidences?
Each correct answer represents a complete solution. Choose three.
A. Prevent a forensics experts team from entering the server room.
B. Preserve the log files for a forensics expert.
C. Prevent the company employees from entering the server room.
D. Detach the network cable from the database server.
Answer: B,C,D

GIAC   GISP   GISP examen   GISP

NO.13 Which of the following attacks involves multiple compromised systems to attack a single target?
A. Brute force attack
B. DDoS attack
C. Dictionary attack
D. Replay attack
Answer: B

certification GIAC   GISP   certification GISP

NO.14 Which of the following are used to suppress paper or wood fires?
Each correct answer represents a complete solution. Choose two.
A. Water
B. Kerosene
C. CO2
D. Soda acid
Answer: A,D

GIAC   GISP   GISP   GISP   GISP

NO.15 Which of the following refers to encrypted text.?
A. Plaintext
B. Cookies
C. Hypertext
D. Ciphertext
Answer: D

GIAC   GISP examen   certification GISP   GISP examen

NO.16 Which of the following terms refers to the protection of data against unauthorized access?
A. Auditing
B. Recovery
C. Confidentiality
D. Integrity
Answer: C

GIAC   certification GISP   GISP   GISP examen

NO.17 Which of the following policies is set by a network administrator to allow users to keep their emails and
documents for a fixed period of time?
A. Retention policy
B. Password policy
C. Audit policy
D. Backup policy
Answer: A

GIAC   GISP   GISP   certification GISP   GISP

NO.18 Which of the following functions are performed by a firewall?
Each correct answer represents a complete solution. Choose all that apply.
A. It hides vulnerable computers that are exposed to the Internet.
B. It logs traffic to and from the private network.
C. It enhances security through various methods, including packet filtering, circuit-level filtering, and
application filtering.
D. It blocks unwanted traffic.
Answer: A,B,C,D

certification GIAC   GISP examen   GISP   GISP

NO.19 Which of the following statements about a fiber-optic cable are true?
Each correct answer represents a complete solution. Choose three.
A. It is immune to electromagnetic interference (EMI).
B. It can transmit undistorted signals over great distances.
C. It has eight wires twisted into four pairs.
D. It uses light pulses for signal transmission.
Answer: A,B,D

GIAC   certification GISP   certification GISP   GISP   GISP

NO.20 Which of the following protocols is used to establish a secure TELNET session over TCP/IP?
A. SSL
B. PGP
C. IPSEC
D. SSH
Answer: D

certification GIAC   certification GISP   GISP   GISP examen   GISP examen

NO.21 Which of the following statements about role-based access control (RBAC) model is true?
A. In this model, a user can access resources according to his role in the organization.
B. In this model, the permissions are uniquely assigned to each user account.
C. In this model, the same permission is assigned to each user account.
D. In this model, the users can access resources according to their seniority.
Answer: A

certification GIAC   GISP   GISP   GISP examen

NO.22 Which of the following are methods used for authentication?
Each correct answer represents a complete solution. Choose all that apply.
A. Smart card
B. Biometrics
C. Username and password
D. Magnetic stripe card
Answer: A,B,C,D

GIAC examen   GISP examen   GISP   GISP   GISP examen

NO.23 Which of the following statements about the bridge are true?
Each correct answer represents a complete solution. Choose two.
A. It filters traffic based on IP addresses.
B. It forwards broadcast packets.
C. It assigns a different network address per port.
D. It filters traffic based on MAC addresses.
Answer: B,D

GIAC examen   GISP   GISP   certification GISP   GISP

NO.24 Which of the following statements about smurf is true?
A. It is an ICMP attack that involves spoofing and flooding.
B. It is a UDP attack that involves spoofing and flooding.
C. It is a denial of service (DoS) attack that leaves TCP ports open.
D. It is an attack with IP fragments that cannot be reassembled.
Answer: A

GIAC   GISP   GISP   GISP

NO.25 Which of the following is a remote access protocol that supports encryption?
A. PPP
B. SNMP
C. UDP
D. SLIP
Answer: A

certification GIAC   certification GISP   GISP   GISP examen   GISP examen

NO.26 Which of the following types of attacks slows down or stops a server by overloading it with requests?
A. Vulnerability attack
B. Impersonation attack
C. Network attack
D. DoS attack
Answer: D

GIAC   certification GISP   GISP   GISP

NO.27 Which of the following is the best way of protecting important data against virus attack?
A. Updating the anti-virus software regularly.
B. Taking daily backup of data.
C. Using strong passwords to log on to the network.
D. Implementing a firewall.
Answer: A

GIAC examen   certification GISP   GISP   GISP   GISP examen   GISP

NO.28 Which of the following is the most secure authentication method?
A. Certificate-based authentication
B. Basic authentication
C. Digest authentication
D. Integrated Windows authentication
Answer: A

GIAC   GISP   GISP examen   GISP

NO.29 Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources
that are required for them. Which of the following access control models will he use?
A. Role-Based Access Control
B. Discretionary Access Control
C. Mandatory Access Control
D. Policy Access Control
Answer: A

GIAC   GISP examen   GISP examen   GISP

NO.30 Which of the following steps can be taken to protect laptops and data they hold?
Each correct answer represents a complete solution. Choose all that apply.
A. Use slot locks with cable to connect the laptop to a stationary object.
B. Keep inventory of all laptops including serial numbers.
C. Harden the operating system.
D. Encrypt all sensitive data.
Answer: A,B,C,D

GIAC examen   certification GISP   GISP   certification GISP

Pass4Test peut offrir la facilité aux candidats qui préparent le test GIAC GISP. Nombreux de candidats choisissent le Pass4Test à préparer le test et réussir finalement à la première fois. Les experts de Pass4Test sont expérimentés et spécialistes. Ils profitent leurs expériences riches et connaissances professionnelles à rechercher la Q&A GIAC GISP selon le résumé de test réel GIAC GISP. Vous pouvez réussir le test à la première fois sans aucune doute.

GIAC meilleur examen GSSP-JaVa, questions et réponses

On doit faire un bon choix pour passer le test GIAC GSSP-JaVa. C'est une bonne affaire à choisir la Q&A de Pass4Test comme le guide d'étude, parce que vous allez obtenir la Certification GIAC GSSP-JaVa en dépensant d'un petit invertissement. D'ailleur, la mise à jour gratuite pendant un an est aussi gratuite pour vous. C'est vraiment un bon choix.

La Q&A lancée par Pass4Test est bien poupulaire. Pass4Test peut non seulement vous permettre à appendre les connaissances professionnelles, et aussi les expériences importantes résumées par les spécialistes dans l'Industrie IT. Pass4Test est un bon fournisseur qui peut répondre une grande demande des candidats. Avec l'aide de Pass4Test, vous aurez la confiance pour réussir le test. Vous n'aurez pas aucune raison à refuser le Pass4Test.

Le test GIAC GSSP-JaVa est très important dans l'Industrie IT, tous les professionnels le connaîssent ce fait. D'ailleur, c'est difficile à réussir ce test, toutefois le test GIAC GSSP-JaVa est une bonne façon à examiner les connaissances professionnelles. Un gens avec le Certificat GIAC GSSP-JaVa sera apprécié par beaucoup d'entreprises. Pass4Test est un fournisseur très important parce que beaucoup de candidats qui ont déjà réussi le test preuvent que le produit de Pass4Test est effectif. Vous pouvez réussir 100% le test GIAC GSSP-JaVa avec l'aide de Pass4Test.

Le produit de Pass4Test peut assurer les candidats à réussir le test GIAC GSSP-JaVa à la première fois, mais aussi offrir la mise à jour gratuite pendant un an, les clients peuvent recevoir les ressources plus nouvelles. Pass4Test n'est pas seulement un site, mais aussi un bon centre de service.

Pass4Test est un site à offrir les Q&As de tout les tests Certification IT. Chez Pass4Test, vous pouvez trouvez de meilleurs matériaux. Nos guides d'étude vous permettent de réussir le test Certification GIAC GSSP-JaVa sans aucune doute, sinon nous allons rendre votre argent d'acheter la Q&A et la mettre à jour tout de suite, en fait, c'est une situation très rare. Bien que il existe plusieurs façons à améliorer votre concurrence de carrière, Pass4Test est lequel plus efficace : Moins d'argent et moins de temps dépensés, plus sûr à passer le test Certification. De plus, un an de service après vendre est gratuit pour vous.

Pass4Test vous permet à réussir le test Certification sans beaucoup d'argents et de temps dépensés. La Q&A GIAC GSSP-JaVa est recherchée par Pass4Test selon les résumés de test réel auparavant, laquelle est bien liée avec le test réel.

Code d'Examen: GSSP-JaVa
Nom d'Examen: GIAC (GIAC Secure Software Programmer – Java)
Questions et réponses: 275 Q&As

GSSP-JaVa Démo gratuit à télécharger: http://www.pass4test.fr/GSSP-JaVa.html

NO.1 Given a code of a class named PrintString that prints a string.
1. public class PrintString{
2. public static void main(String args[]){
3. /*insert code here */
4. /* insert code here */
5. System.out.println(str);
6. }
7. }
Which of the following code fragments can be inserted in the class PrintString to print the output
"4247"?
Each correct answer represents a complete solution. Choose all that apply.
A. StringBuilder str= new StringBuilder("123456789");
str.delete(0,3).replace(1,3,"24").delete(4,6);
B. StringBuffer str= new StringBuffer("123456789");
str.delete(0,3).replace(1,3,"24").delete(4,6);
C. StringBuffer str=new StringBuffer("123456789");
str.substring(3,6).delete(1,2).insert(1,"24");
D. StringBuilder str= new StringBuilder("123456789");
str.deleteCharAt(6).replace(1,3,"24").delete(0,3);
E. String str="123456789";
str=(str-"123").replace(1,3,"24")-"89";
Answer: A,B

GIAC   GSSP-JaVa   GSSP-JaVa   GSSP-JaVa examen   GSSP-JaVa

NO.2 Which of the following elements are the subelements of the mime-mapping element in a
deployment descriptor file?
Each correct answer represents a complete solution. Choose all that apply.
A. exception-type
B. error-code
C. extension
D. mime-type
E. servlet-class
Answer: C,D

GIAC examen   certification GSSP-JaVa   GSSP-JaVa   GSSP-JaVa   GSSP-JaVa

NO.3 Which of the following statements about a JAR file are true?
Each correct answer represents a complete solution. Choose all that apply.
A. It cannot be accessed through a class path, nor they can be used by java and javac.
B. It is used to compress and archive data.
C. It can be moved from one computer to another.
D. It is created by using the jar command.
Answer: B,C,D

GIAC   GSSP-JaVa examen   certification GSSP-JaVa

NO.4 John works as a Programmer for Technostar Inc. He writes the following code using Java.
1. class WrapperClass{
2. public static void main(String[] argv){
3. String str2 = Double.toString(12);
4. String str1 = Double.toHexString(12);
5. System.out.println(str1+str2);
6. }
7. }
What will happen when John attempts to compile and execute the code?
A. It will not compile because the Double class does not contain the toHexString() method.
B. It will compile and execute successfully and will display 8p312 as the output.
C. It will compile and execute successfully and will display 0x1.8p312.0 as the output.
D. It will not compile because the Double class does not contain the toString() method.
Answer: C

GIAC   GSSP-JaVa examen   certification GSSP-JaVa   certification GSSP-JaVa   GSSP-JaVa

NO.5 Mark writes a class Practice.java. This class needs to access the com.bar.Test class that is stored in
the Test.jar file in the directory /practice. How would you compile your code?
A. javac -classpath /practice/Test.jar Practice.java
B. javac -classpath /practice/ Practice.java
C. javac -classpath /practice/Test.jar/com/bar Practice.java
D. javac -classpath /practice Practice.java
Answer: A

GIAC   GSSP-JaVa   GSSP-JaVa   certification GSSP-JaVa

NO.6 Which of the following methods of the EJBContext interface can be called by both the BMT and CMT
beans?
Each correct answer represents a complete solution. Choose all that apply.
A. getCallerPrincipal()
B. getRollbackOnly()
C. getUserTransaction()
D. isCallerInRole()
Answer: A,D

GIAC   GSSP-JaVa   GSSP-JaVa examen   GSSP-JaVa

NO.7 You have written the following code snippet.
1. public class Read {
2. protected int ReadText(int x) { return 0; }
3. }
4. class Text extends Read {
5. /*insert code here*/
6. }
Which of the following methods, inserted independently at line 5, will compile?
Each correct answer represents a complete solution. Choose all that apply.
A. private int ReadText(long x) { return 0; }
B. protected long ReadText(int x, int y) { return 0; }
C. protected long ReadText(long x) { return 0; }
D. protected int ReadText(long x) { return 0; }
E. private int ReadText(int x) { return 0; }
F. public int ReadText(int x) { return 0; }
G. protected long ReadText(int x) { return 0; }
Answer: A,B,C,D,F

GIAC   GSSP-JaVa examen   certification GSSP-JaVa   GSSP-JaVa   GSSP-JaVa

NO.8 Which of the following statements is true?
A. All UTF characters are eight bits long.
B. All UTF characters are all sixteen bits long.
C. All UTF characters are twenty four bits long.
D. All bytecode characters are sixteen bits long.
E. All unicode characters are sixteen bits long.
Answer: E

GIAC examen   certification GSSP-JaVa   GSSP-JaVa

NO.9 You work as a Software Developer for UcTech Inc. You create a session using the HttpSession
interface. You want the attributes to be informed when the session is moved from one JVM to another and
also when an attribute is added or removed from the session. Which of the following interfaces can you
use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
A. HttpSessionBindingListener
B. HttpSessionListener
C. HttpSessionActivationListener
D. HttpSessionAttributeListener
Answer: C,D

certification GIAC   GSSP-JaVa   GSSP-JaVa examen   GSSP-JaVa examen   GSSP-JaVa

NO.10 Mark works as a Programmer for InfoTech Inc. He develops the following deployment descriptor code.
<web-app . . . .
>
<display-name>A Secure Application</display-name><servlet>
..
.
<security-role-ref
>
<role-name>Manager</role-name>
<role-link>Admin</role-link>
</security-role-ref>
</servlet>
<security-role>
<role-name>Programmer</role-name>
</security-role>
<security-role>
<role-name>Admin</role-name>
</security-role>
<security-role>
<role-name>Employee</role-name>
</security-role>
</web-app>
Which of the following is a valid isUserInRole() method call that can be made if request is the
HttpServletRequest request?
A. request.isUserInRole("Programmer");
B. request.isUserInRole("Manager");
C. request.isUserInRole("Admin");
D. request.isUserInRole("Employee");
Answer: B

GIAC   GSSP-JaVa   GSSP-JaVa   GSSP-JaVa

NO.11 Mark works as a Programmer for InfoTech Inc. He develops a Website that uses HTML and processes
HTML validation. Which of the following are the advantages of the HTML application?
Each correct answer represents a complete solution. Choose all that apply.
A. It provides password protection for a Web page or directory
B. It can be accessed by more visitors.
C. It provides faster loading.
D. It is easier to update and maintain the site.
E. It protects the source or images of a HTML Web page.
F. It puts less load on the server.
Answer: B,C,D,F

GIAC   GSSP-JaVa   GSSP-JaVa   GSSP-JaVa

NO.12 Which of the following statements are true?
Each correct answer represents a complete solution. Choose all that apply.
A. An inner class cannot be defined as private.
B. An inner class cannot be defined as protected.
C. An inner class can be defined as private.
D. An inner class can extend another class.
Answer: C,D

GIAC examen   GSSP-JaVa   GSSP-JaVa   GSSP-JaVa   GSSP-JaVa

NO.13 Which of the following statements correctly describe the features of the singleton pattern?
Each correct answer represents a complete solution. Choose all that apply.
A. Singletons are used to control object creation by limiting the number to one but allowing the flexibility to
create more objects if the situation changes.
B. Singletons can only be stateless, providing utility functions that need no more information than their
parameters.
C. A singleton class may disappear if no object holds a reference to the Singleton object, and it will be
reloaded later when the singleton is needed again.
D. The behavior of a singleton can be obtained by static fields and methods such as
java.lang.Math.sin(double).
Answer: A,C,D

GIAC   GSSP-JaVa examen   certification GSSP-JaVa

NO.14 You work as a programmer for PassGuide.Inc. You have a session object named session1 with an
attribute named Attribute1, and an HttpSessionBindingEvent object binding1 bound to session1.
Which of the following will be used to retrieve Attribute1?
Each correct answer represents a complete solution. Choose all that apply.
A. Object obj=binding1.getSession().getAttribute("Attribute1");
B. Object obj=binding1.getAttribute("Attribute1");
C. Long MyAttribute=session1.getAttribute("Attribute1");
D. String str1=session1.getAttribute("Attribute1");
E. Object obj=session1.getAttribute("Attribute1");
Answer: A,E

GIAC   GSSP-JaVa examen   GSSP-JaVa examen   GSSP-JaVa

NO.15 Mark works as a Programmer for InfoTech Inc. He develops a deployment descriptor code that contains
three valid
<security-constraint> elements.
All of them constraining a Web resource Res1, the
<auth-constraint> sub-element of the <security-constraint>
elements are as follows.
<auth-constraint>Admin</auth-constraint>
<auth-constraint>Manager</auth-constraint>
<auth-constraint/>
Which of the following can access the resource Res1?
A. Only Manager can access the resource.
B. No one can access the resource.
C. Everyone can access the resource.
D. Only Admin can access the resource.
Answer: B

GIAC examen   certification GSSP-JaVa   certification GSSP-JaVa   certification GSSP-JaVa   GSSP-JaVa examen

NO.16 Which of the following classes is an engine class that provides an opaque representation of
cryptographic parameters?
A. DSAPublicKeySpec
B. AlgorithmParameterGenerator
C. DSAParameterSpec
D. AlgorithmParameters
Answer: D

GIAC examen   GSSP-JaVa examen   GSSP-JaVa

NO.17 John works as a Software Developer for VenTech Inc. He writes the following code using Java.
public class vClass extends Thread
{
public static void main(String args[])
{
vClass vc=new vClass();
vc.run();
}
public void start()
{
for(int k=0;k<20;k++)
{
System.out.println("The value of k = "+k);
}
}
}
What will happen when he attempts to compile and execute the application.?
A. The application will compile successfully and the values from 0 to 19 will be displayed as the output.
B. A compile-time error will occur indicating that no run() method is defined for the Thread class.
C. A runtime error will occur indicating that no run() method is defined for the Thread class.
D. The application will compile successfully but will not display anything as the output.
Answer: D

GIAC   GSSP-JaVa   GSSP-JaVa   GSSP-JaVa   certification GSSP-JaVa

NO.18 Which of the following statements about programmatic security are true?
Each correct answer represents a complete solution. Choose all that apply.
A. The bean provider is responsible for writing code for programmatic security.
B. It is also called as instance level security.
C. It is implemented using methods of the EJBContext interface.
D. It is implemented using the methods of the UserTransaction interface.
Answer: A,B,C

GIAC examen   GSSP-JaVa   certification GSSP-JaVa   GSSP-JaVa examen   GSSP-JaVa

NO.19 Which of the following deployment descriptor elements must contain the <transport-guarantee>
element as its mandatory sub-element?
A. <user-data-constraint>
B. <web-resource-collection>
C. <auth-constraint>
D. <login-config>
Answer: A

GIAC   GSSP-JaVa examen   GSSP-JaVa   GSSP-JaVa   certification GSSP-JaVa

NO.20 Which of the following functions are performed by methods of the
HttpSessionActivationListener interface?
Each correct answer represents a complete solution. Choose all that apply.
A. Notifying the object when it is bound to a session.
B. Notifying an attribute that a session has just migrated from one JVM to another.
C. Notifying the object when it is unbound from a session.
D. Notifying an attribute that a session is about to migrate from one JVM to another.
Answer: B,D

GIAC   GSSP-JaVa   GSSP-JaVa   GSSP-JaVa examen   GSSP-JaVa

Si vous hésitez encore à nous choisir, vous pouvez tout d'abord télécharger le démo gratuit dans le site Pass4Test pour connaître mieux la fiabilité de Pass4Test. Nous avons la confiance à vous promettre que vous allez passer le test GIAC GSSP-JaVa à la première fois.

Guide de formation plus récente de GIAC GCFW

Vous pouvez tout d'abord télécharger le démo GIAC GCFW gratuit dans le site Pass4Test. Une fois que vous décidez à choisir le Pass4Test, Pass4Test va faire tous efforts à vous permettre de réussir le test. Si malheureusement, vous ne passez pas le test, nous allons rendre tout votre argent.

Il demande les connaissances professionnelles pour passer le test GIAC GCFW. Si vous manquez encore ces connaissances, vous avez besoin de Pass4Test comme une resourece de ces connaissances essentielles pour le test. Pass4Test et ses experts peuvent vous aider à renfocer ces connaissances et vous offrir les Q&As. Pass4Test fais tous efforts à vous aider à se renforcer les connaissances professionnelles et à passer le test. Choisir le Pass4Test peut non seulement à obtenir le Certificat GIAC GCFW, et aussi vous offrir le service de la mise à jour gratuite pendant un an. Si malheureusement, vous ratez le test, votre argent sera 100% rendu.

Choisir le produit fait avec tous efforts des experts de Pass4Test vous permet à réussir 100% le test Certification IT. Le produit de Pass4Test est bien certifié par les spécialistes dans l'Industrie IT. La haute qualité du produit Pass4Test ne vous demande que 20 heures pour préparer, et vous allez réussir le test GIAC GCFW à la première fois. Vous ne refuserez jamais pour le choix de Pass4Test, parce qu'il symbole le succès.

Code d'Examen: GCFW
Nom d'Examen: GIAC (GIAC Certified Firewall Analyst)
Questions et réponses: 391 Q&As

Si vous travaillez quand même très dur et dépensez beaucoup de temps pour préparer le test GIAC GCFW, mais ne se savez pas du tout c'est où le raccourci pour passer le test certification, Pass4Test peut vous donner une solution efficace. Vous vous sentirez magiquement jouer un effet multiplicateur.

But que Pass4Test n'offre que les produits de qualité est pour vous aider à réussir le test GIAC GCFW 100%. Le test simulation offert par Pass4Test est bien proche de test réel. Si vous ne pouvez pas passer le test GIAC GCFW, votre argent sera tout rendu.

Le test GIAC GCFW est bien populaire dans l'Industrie IT. Mais ça coûte beaucoup de temps pour bien préparer le test. Le temps est certainemetn la fortune dans cette société. L'outil de formation offert par Pass4Test ne vous demande que 20 heures pour renforcer les connaissances essentales pour le test GIAC GCFW. Vous aurez une meilleure préparation bien que ce soit la première fois à participer le test.

Pour vous laisser savoir mieux que la Q&A GIAC GCFW produit par Pass4Test est persuadante, le démo de Q&A GIAC GCFW est gratuit à télécharger. Sous l'aide de Pass4Test, vous pouvez non seulement passer le test à la première fois, mais aussi économiser vos temps et efforts. Vous allez trouver les questions presque même que lesquels dans le test réel. C'est pourquoi tous les candidats peuvent réussir le test GIAC GCFW sans aucune doute. C'est aussi un symbole d'un meilleur demain de votre carrière.

GCFW Démo gratuit à télécharger: http://www.pass4test.fr/GCFW.html

NO.1 A packet filtering firewall inspects each packet passing through the network and accepts or rejects it
based on user-defined rules. Based on which of the following information are these rules set to filter the
packets?
Each correct answer represents a complete solution. Choose all that apply.
A. Layer 4 protocol information
B. Actual data in the packet
C. Interface of sent or received traffic
D. Source and destination Layer 3 address
Answer: A,C,D

GIAC examen   GCFW   GCFW examen   GCFW examen

NO.2 Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to
secure access to the network of the company from all possible entry points. He segmented the network
into several subnets and installed firewalls all over the network. He has placed very stringent rules on all
the firewalls, blocking everything in and out except the ports that must be used. He does need to have
port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still
worried about the programs like Hping2 that can get into a network through covert channels.
Which of the following is the most effective way to protect the network of the company from an attacker
using Hping2 to scan his internal network?
A. Block ICMP type 13 messages
B. Block ICMP type 3 messages
C. Block all outgoing traffic on port 21
D. Block all outgoing traffic on port 53
Answer: A

GIAC   certification GCFW   GCFW

NO.3 Which of the following intrusion detection systems (IDS) monitors network traffic and compares it
against an established baseline?
A. Network-based
B. File-based
C. Signature-based
D. Anomaly-based
Answer: D

GIAC   GCFW   GCFW

NO.4 Which of the following IDs is used to reassemble the fragments of a datagram at the destination point?
A. IP identification number
B. SSID
C. MAK ID
D. IP address
Answer: A

GIAC   GCFW examen   GCFW   GCFW   GCFW

NO.5 You work as a Network Architect for Tech Perfect Inc. The company has a corporate LAN network. You
will have to perform the following tasks:
l Limit events that occur from security threats such as viruses, worms, and spyware.
l Restrict access to the network based on identity or security posture.
Which of the following services will you deploy in the network to accomplish the tasks?
A. NetFlow
B. Protocol-Independent Multicast
C. Network Admission Control
D. Firewall Service Module
Answer: C

GIAC   certification GCFW   certification GCFW   certification GCFW   GCFW

NO.6 You work as a Security Manger for Tech Perfect Inc. The company has a Windows-based network.
You want to scroll real-time network traffic to a command console in a readable format. Which of the
following command line utilities will you use to accomplish the task?
A. WinPcap
B. WinDump
C. iptables
D. libpcap
Answer: B

GIAC examen   GCFW   GCFW

NO.7 Which of the following components are usually found in an Intrusion detection system (IDS).?
Each correct answer represents a complete solution. Choose two.
A. Firewall
B. Console
C. Gateway
D. Modem
E. Sensor
Answer: B,E

GIAC examen   GCFW   GCFW   GCFW   certification GCFW

NO.8 Which of the following is the default port for POP3?
A. 25
B. 21
C. 80
D. 110
Answer: B

certification GIAC   certification GCFW   certification GCFW   GCFW

NO.9 You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP network. You have
been assigned a task to configure security mechanisms for the network of the company. You have
decided to configure a packet filtering firewall. Which of the following may be the reasons that made you
choose a packet filtering firewall as a security mechanism?
Each correct answer represents a complete solution. Choose all that apply.
A. It makes security transparent to end-users which provide easy use of the client application s.
B. It prevents application-layer attacks.
C. It is easy to install packet filtering firewalls in comparison to the other network security sol utions.
D. It easily matches most of the fields in Layer 3 packets and Layer 4 segment headers, and thus,
provides a lot of flexibility in implementing security policies.
Answer: A,C,D

GIAC   certification GCFW   GCFW examen   certification GCFW   certification GCFW

NO.10 Which of the following devices is used to identify out-of-date software versions, applicable patches,
system upgrades, etc?
A. Retinal scanner
B. Fingerprint reader
C. Smart card reader
D. Vulnerability scanner
Answer: D

GIAC   certification GCFW   GCFW   certification GCFW   GCFW   certification GCFW

NO.11 Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing
(APR), is a technique used to attack an Ethernet wired or wireless network. ARP spoofing may allow an
attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether.
The principle of ARP spoofing is to send fake ARP messages to an Ethernet LAN.
What steps can be used as a countermeasure of ARP spoofing?
Each correct answer represents a complete solution. Choose all that apply.
A. Using ARP Guard utility
B. Using smash guard utility
C. Using static ARP entries on servers, workstation and routers
D. Using ARP watch utility
E. Using IDS Sensors to check continually for large amount of ARP traffic on local subnets
Answer: A,C,D,E

certification GIAC   certification GCFW   GCFW examen   GCFW examen

NO.12 Which of the following ICMPv6 neighbor discovery messages is sent by hosts to request an immediate
router advertisement, instead of waiting for the next scheduled advertisement?
A. Router Advertisement
B. Neighbor Advertisement
C. Router Solicitation
D. Neighbor Solicitation
Answer: C

GIAC   GCFW   certification GCFW

NO.13 WinDump, tcpdump, and Wireshark specify which fields of information libpcap should record.
Which of the following filters do they use in order to accomplish the task?
A. Berkeley Packet Filter
B. IM filter
C. Web filter
D. FIR filter
Answer: A

GIAC examen   GCFW   GCFW examen

NO.14 Which of the following are the reasons that network administrators use Access Control Lists?
Each correct answer represents a complete solution. Choose two.
A. Encrypting data to be routed
B. Removing weak user password
C. Controlling VTY access into a router
D. Filtering traffic as it passes through a router
Answer: C,D

GIAC   certification GCFW   GCFW   GCFW

NO.15 Which of the following proxy servers is placed anonymously between the client and remote server and
handles all of the traffic from the client?
A. Web proxy server
B. Open proxy server
C. Forced proxy server
D. Caching proxy server
Answer: C

certification GIAC   GCFW examen   certification GCFW

NO.16 Which of the following algorithms is used as a default algorithm for ESP extension header in IPv6?
A. Electronic Codebook (ECB) Mode
B. Cipher Block Chaining (CBC) Mode
C. Propagating Cipher Block Chaining (PCBC) Mode
D. Cipher Feedback (CFB) Mode
Answer: B

GIAC   GCFW   GCFW   GCFW   certification GCFW

NO.17 Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to
investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer
runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He
knows that in Windows operating system, the data is searched in pre-defined steps for proper and
efficient analysis. Which of the following is the correct order for searching data on a Windows based
system?
A. Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
B. Volatile data, file slack, registry, memory dumps, file system, system state backup, interne t traces
C. Volatile data, file slack, file system, registry, memory dumps, system state backup, interne t traces
D. Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps
Answer: C

GIAC   GCFW   certification GCFW   GCFW   GCFW

NO.18 Which of the following are the countermeasures against a man-in-the-middle attack?
Each correct answer represents a complete solution. Choose all that apply.
A. Using Secret keys for authentication.
B. Using public key infrastructure authentication.
C. Using Off-channel verification.
D. Using basic authentication.
Answer: A,B,C

GIAC   GCFW   GCFW   certification GCFW   GCFW examen

NO.19 Which of the following statements are true about an IDP rule base notification?
A. It can be defined as reusable logical entities that the user can apply to the rules.
B. When an action is performed, a notification defines how to log information.
C. It is used to specify the type of network traffic that has to be monitored for attacks.
D. It directs an IDP to drop or close the connection.
Answer: B

GIAC   GCFW examen   GCFW   GCFW   GCFW

NO.20 A scenario involves a pool of users with private IP addresses who need to access the Internet;
however, the company has a limited number of IP addresses and needs to ensure users occupy only one
public IP address.
Which technology is used to allow a pool of users to share one global IP address for Internet access?
A. Port Address Translation
B. Per-user Address Translation
C. Pool Address Translation
D. Private Address Translation
Answer: A

GIAC   certification GCFW   GCFW   certification GCFW

NO.21 Choose the best explanation for the resulting error when entering the command below.
A. The command is attempting to create a standard access list with extended access list param eters.
B. The ACL commands should be entered from the (config-router) configuration mode.
C. The wildcard mask is not provided for the source and destination addresses.
D. The port number given does not correspond with the proper transport protocol.
Answer: A

certification GIAC   certification GCFW   GCFW   certification GCFW   GCFW

NO.22 Which of the following types of Intrusion Detection Systems consists of an agent on a host that identifies
intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files,
capability/acl databases) and other host activities and state?
A. HIDS
B. NIDS
C. APIDS
D. PIDS
Answer: A

GIAC examen   GCFW   certification GCFW   GCFW

NO.23 Which of the following is an attack with IP fragments that cannot be reassembled?
A. Dictionary attack
B. Smurf attack
C. Teardrop attack
D. Password guessing attack
Answer: C

GIAC examen   certification GCFW   GCFW examen   certification GCFW   GCFW

NO.24 Which of the following number ranges is used for the IP Standard ACL?
A. 100-199
B. 1000-1099
C. 600-699
D. 1-99
Answer: D

GIAC   GCFW   GCFW   GCFW   GCFW   GCFW

NO.25 Which of the following limits the number of packets seen by tcpdump?
A. BPF-based filter
B. Recipient filtering
C. Sender filtering
D. IFilters
Answer: A

certification GIAC   GCFW examen   GCFW   GCFW

NO.26 Which of the following statements about the traceroute utility are true?
Each correct answer represents a complete solution. Choose all that apply.
A. It generates a buffer overflow exploit by transforming an attack shell code so that the new attack shell
code cannot be recognized by any Intrusion Detection Systems.
B. It uses ICMP echo packets to display the Fully Qualified Domain Name (FQDN) and the IP address of
each gateway along the route to the remote host.
C. It records the time taken for a round trip for each packet at each router.
D. It is an online tool that performs polymorphic shell code attacks.
Answer: B,C

GIAC examen   GCFW   GCFW examen   certification GCFW   GCFW examen   GCFW examen

NO.27 Which of the following can be monitored by using the host intrusion detection system (HIDS)?
Each correct answer represents a complete solution. Choose two.
A. Computer performance
B. File system integrity
C. Storage space on computers
D. System files
Answer: B,D

GIAC   GCFW examen   GCFW examen   GCFW

NO.28 Which of the following protocols does IPsec use to perform various security functions in the network?
Each correct answer represents a complete solution. Choose all that apply.
A. Skinny Client Control Protocol
B. Authentication Header
C. Encapsulating Security Payload
D. Internet Key Exchange
Answer: B,C,D

certification GIAC   GCFW   certification GCFW

NO.29 John works as a professional Ethical Hacker. He has been assigned a project for testing the security of
www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on
the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task,
he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the
new signature of the virus does not match the old signature, which is entered in the IDS signature
database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion
attacks is John performing?
A. Session splicing attack
B. Evasion attack
C. Polymorphic shell code attack
D. Insertion attack
Answer: C

certification GIAC   GCFW   certification GCFW

NO.30 Which of the following commands configures a router to encrypt all passwords entered after the
command has been executed, as well as all passwords already on the running configuration?
A. no service password-encryption
B. enable password-encryption
C. no enable password-encryption
D. service password-encryption
Answer: D

certification GIAC   GCFW   GCFW

Pass4Test peut offrir la facilité aux candidats qui préparent le test GIAC GCFW. Nombreux de candidats choisissent le Pass4Test à préparer le test et réussir finalement à la première fois. Les experts de Pass4Test sont expérimentés et spécialistes. Ils profitent leurs expériences riches et connaissances professionnelles à rechercher la Q&A GIAC GCFW selon le résumé de test réel GIAC GCFW. Vous pouvez réussir le test à la première fois sans aucune doute.

Pass4Test offre de GIAC GSNA matériaux d'essai

Pass4Test est un site particulier à offrir les guides de formation à propos de test certificat IT. La version plus nouvelle de Q&A GIAC GSNA peut répondre sûrement une grande demande des candidats. Comme tout le monde le connait, le certificat GIAC GSNA est un point important pendant l'interview dans les grandes entreprises IT. Ça peut expliquer un pourquoi ce test est si populaire. En même temps, Pass4Test est connu par tout le monde. Choisir le Pass4Test, choisir le succès. Votre argent sera tout rendu si malheureusement vous ne passe pas le test GIAC GSNA.

Pass4Test est un site d'offrir la bonne Q&A GIAC GSNA. Le produit offert par Pass4Test peut vous aider à réussir ce test très difficile. Si vous ajoutez le produit au panier, vous allez économiser le temps et l'effort. Le produiti Pass4Test est bien réputé dans l'Idustrie IT.

Le produit de Pass4Test que vous choisissez vous met le pied sur la première marche du pic de l'Industrie IT, et vous serez plus proche de votre rêve. Les matériaux offerts par Pass4Test peut non seulement vous aider à réussir le test GIAC GSNA, mais encore vous aider à se renforcer les connaissances professionnelles. Le service de la mise à jour pendant un an est aussi gratuit pour vous.

Passer le test GIAC GSNA, obtenir le Passport peut améliorer la perspective de votre carrière et vous apporter plus de chances à développer votre boulot. Pass4Test est un site très convenable pour les candidats de test Certification GIAC GSNA. Ce site peut offrir les informations plus nouvelles et aussi provider les bonnes chances à se former davantage. Ce sont les points essentiels pour votre succès de test Certification GIAC GSNA.

Code d'Examen: GSNA
Nom d'Examen: GIAC (GIAC Systems and Network Auditor)
Questions et réponses: 368 Q&As

GSNA Démo gratuit à télécharger: http://www.pass4test.fr/GSNA.html

NO.1 You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You
want to print the super block and block the group information for the filesystem present on a system.
Which of the following Unix commands can you use to accomplish the task?
A. e2fsck
B. dump
C. dumpe2fs
D. e2label
Answer: C

certification GIAC   GSNA   GSNA   GSNA examen   GSNA examen

NO.2 Which of the following allows the use of multiple virtual servers using different DNS names resolved by
the same IP address?
A. HTTP 1.1
B. JAVA
C. HTML
D. VPN
Answer: A

GIAC   GSNA   GSNA   GSNA   GSNA   GSNA

NO.3 Sarah works as a Web Developer for XYZ CORP. She is creating a Web site for her company. Sarah
wants greater control over the appearance and presentation of Web pages. She wants the ability to
precisely specify the display attributes and the appearance of elements on the Web pages. How will she
accomplish this?
A. Use the Database Design wizard.
B. Make two templates, one for the index page and the other for all other pages.
C. Use Cascading Style Sheet (CSS).
D. Make a template and use it to create each Web page.
Answer: C

certification GIAC   GSNA examen   GSNA

NO.4 You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You
want to set some terminal characteristics and environment variables. Which of the following Unix
configuration files can you use to accomplish the task?
A. /etc/sysconfig/routed
B. /proc/net
C. /etc/sysconfig/network-scripts/ifcfg-interface
D. /etc/sysconfig/init
Answer: D

GIAC   GSNA   GSNA examen   certification GSNA   GSNA   GSNA

NO.5 You run the wc -c file1.txt command. If this command displays any error message, you want to store the
error message in the error.txt file. Which of the following commands will you use to accomplish the task?
A. wc -c file1.txt >>error.txt
B. wc -c file1.txt 1>error.txt
C. wc -c file1.txt 2>error.txt
D. wc -c file1.txt >error.txt
Answer: C

GIAC   GSNA   certification GSNA

NO.6 You work as a Network Auditor for XYZ CORP. The company has a Windows-based network. While
auditing the company's network, you are facing problems in searching the faults and other entities that
belong to it. Which of the following risks may occur due to the existence of these problems?
A. Residual risk
B. Inherent risk
C. Secondary risk
D. Detection risk
Answer: D

certification GIAC   GSNA   certification GSNA   GSNA   GSNA

NO.7 John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based
network. John is working as a root user on the Linux operating system. He wants to forward all the kernel
messages to the remote host having IP address 192.168.0.1. Which of the following changes will he
perform in the syslog.conf file to accomplish the task?
A. kern.* @192.168.0.1
B. !*.* @192.168.0.1
C. !kern.* @192.168.0.1
D. *.* @192.168.0.1
Answer: A

GIAC   GSNA   GSNA examen   certification GSNA

NO.8 John works as a professional Ethical Hacker. He has been assigned the project of testing the security of
www.we-are-secure.com. He wants to use Kismet as a wireless sniffer to sniff the Weare-secure network.
Which of the following IEEE-based traffic can be sniffed with Kismet?
A. 802.11g
B. 802.11n
C. 802.11b
D. 802.11a
Answer: A,B,C,D

GIAC   GSNA   certification GSNA   GSNA

NO.9 A Web developer with your company wants to have wireless access for contractors that come in to
work on various projects. The process of getting this approved takes time. So rather than wait, he has put
his own wireless router attached to one of the network ports in his department. What security risk does
this present?
A. None, adding a wireless access point is a common task and not a security risk.
B. It is likely to increase network traffic and slow down network performance.
C. This circumvents network intrusion detection.
D. An unauthorized WAP is one way for hackers to get into a network.
Answer: D

GIAC   GSNA   GSNA examen   GSNA   GSNA examen   GSNA examen

NO.10 Which of the following is Microsoft's implementation of the file and application server for the Internet
and private intranets?
A. Internet Server Service (ISS)
B. Internet Server (IS)
C. WWW Server (WWWS)
D. Internet Information Server (IIS)
Answer: D

GIAC   GSNA   GSNA

NO.11 John works as a contract Ethical Hacker. He has recently got a project to do security checking for
www.we-are-secure.com. He wants to find out the operating system of the we-are-secure server in the
information gathering step. Which of the following commands will he use to accomplish the task? (Choose
two)
A. nc 208.100.2.25 23
B. nmap -v -O www.we-are-secure.com
C. nc -v -n 208.100.2.25 80
D. nmap -v -O 208.100.2.25
Answer: B,D

certification GIAC   GSNA   GSNA   GSNA   GSNA examen

NO.12 George works as an office assistant in Soft Well Inc. The company uses the Windows Vista operating
system. He wants to disable a program running on a computer. Which of the following Windows Defender
tools will he use to accomplish the task?
A. Allowed items
B. Quarantined items
C. Options
D. Software Explorer
Answer: D

GIAC   GSNA   GSNA examen   GSNA   GSNA

NO.13 Which of the following statements are true about locating rogue access points using WLAN discovery
software such as NetStumbler, Kismet, or MacStumbler if you are using a Laptop integrated with Wi-Fi
compliant MiniPCI card? (Choose two)
A. These tools can determine the rogue access point even when it is attached to a wired network.
B. These tools can determine the authorization status of an access point.
C. These tools cannot detect rogue access points if the victim is using data encryption.
D. These tools detect rogue access points if the victim is using IEEE 802.11 frequency bands.
Answer: B,D

certification GIAC   GSNA examen   GSNA   GSNA   GSNA examen

NO.14 Which of the following statements about the traceroute utility are true?
A. It uses ICMP echo packets to display the Fully Qualified Domain Name (FQDN) and the IP address of
each gateway along the route to the remote host.
B. It records the time taken for a round trip for each packet at each router.
C. It is an online tool that performs polymorphic shell code attacks.
D. It generates a buffer overflow exploit by transforming an attack shell code so that the new attack shell
code cannot be recognized by any Intrusion Detection Systems.
Answer: A,B

GIAC   GSNA   GSNA   GSNA

NO.15 Which of the following is a wireless auditing tool that is used to pinpoint the actual physical location of
wireless devices in the network?
A. KisMAC
B. Ekahau
C. Kismet
D. AirSnort
Answer: B

certification GIAC   GSNA   certification GSNA   GSNA

NO.16 John works as a Security Professional. He is assigned a project to test the security of www.we-
are-secure.com. John wants to get the information of all network connections and listening ports in the
numerical form. Which of the following commands will he use?
A. netstat -e
B. netstat r
C. netstat -s
D. netstat an
Answer: D

GIAC   certification GSNA   certification GSNA   GSNA examen   GSNA examen

NO.17 You work as a Network Administrator for XYZ CORP. The company has a Windows Active
Directory-based single domain single forest network. The functional level of the forest is Windows Server
2003. The company's management has decided to provide laptops to its sales team members. These
laptops are equipped with smart card readers. The laptops will be configured as wireless network clients.
You are required to accomplish the following tasks: The wireless network communication should be
secured. The laptop users should be able to use smart cards for getting authenticated. In order to
accomplish the tasks, you take the following steps: Configure 802.1x and WEP for the wireless
connections. Configure the PEAP-MS-CHAP v2 protocol for authentication. What will happen after you
have taken these steps?
A. Both tasks will be accomplished.
B. The laptop users will be able to use smart cards for getting authenticated.
C. The wireless network communication will be secured.
D. None of the tasks will be accomplished.
Answer: C

GIAC examen   GSNA   GSNA examen

NO.18 You work as a Network Administrator for XYZ CORP. The company has a Windows Server 2008
network environment. The network is configured as a Windows Active Directory-based single forest single
domain network. You have installed a Windows Server 2008 computer. You have configured auditing on
this server. The client computers of the company use the Windows XP Professional operating system.
You want to audit each event that is related to a user managing an account in the user database on the
computer where the auditing is configured. To accomplish the task, you have enabled the Audit account
management option on the server. Which of the following events can be audited by enabling this audit
option.?
A. Access to an Active Directory object
B. Change of password for a user account
C. Addition of a user account to a group
D. Creation of a user account
Answer: B,C,D

certification GIAC   GSNA examen   GSNA examen   GSNA   GSNA   GSNA

NO.19 Which of the following tools works both as an encryption-cracking tool and as a keylogger?
A. Magic Lantern
B. KeyGhost Keylogger
C. Alchemy Remote Executor
D. SocketShield
Answer: A

GIAC   certification GSNA   GSNA

NO.20 You check performance logs and note that there has been a recent dramatic increase in the amount of
broadcast traffic. What is this most likely to be an indicator of?
A. Misconfigured router
B. DoS attack
C. Syn flood
D. Virus
Answer: B

GIAC   GSNA   GSNA   GSNA

Le test GIAC GSNA est bien populaire dans l'Industrie IT. Donc il y a de plus en plus de gens à participer le test GIAC GSNA. En fait, c'est pas facile à passer le test si on n'a pas une formation particulière. Pass4Test peut vous aider à économiser le temps et les efforts à réussir le test Certification.

GIAC meilleur examen GCFA, questions et réponses

Certification GIAC GCFA est un des tests plus importants dans le système de Certification GIAC. Les experts de Pass4Test profitent leurs expériences et connaissances professionnelles à rechercher les guides d'étude à aider les candidats du test GIAC GCFA à réussir le test. Les Q&As offertes par Pass4Test vous assurent 100% à passer le test. D'ailleurs, la mise à jour pendant un an est gratuite.

Choisir le produit fait avec tous efforts des experts de Pass4Test vous permet à réussir 100% le test Certification IT. Le produit de Pass4Test est bien certifié par les spécialistes dans l'Industrie IT. La haute qualité du produit Pass4Test ne vous demande que 20 heures pour préparer, et vous allez réussir le test GIAC GCFA à la première fois. Vous ne refuserez jamais pour le choix de Pass4Test, parce qu'il symbole le succès.

Les spécialistes d'expérience de Pass4Test ont fait une formation ciblée au test GIAC GCFA. Cet outil de formation est convenable pour les candidats de test GIAC GCFA. Pass4Test n'offre que les produits de qualité. Vous aurez une meilleure préparation à passer le test avec l'aide de Pass4Test.

Le produit de Pass4Test peut assurer les candidats à réussir le test GIAC GCFA à la première fois, mais aussi offrir la mise à jour gratuite pendant un an, les clients peuvent recevoir les ressources plus nouvelles. Pass4Test n'est pas seulement un site, mais aussi un bon centre de service.

Code d'Examen: GCFA
Nom d'Examen: GIAC (GIAC Certified Forensics Analyst)
Questions et réponses: 316 Q&As

Le test GIAC GCFA est le premier pas pour promouvoir dans l'Industrie IT, mais aussi la seule rue ramenée au pic de succès. Le test GIAC GCFA joue un rôle très important dans cette industrie. Et aussi, Pass4Test est un chaînon inevitable pour réussir le test sans aucune doute.

Le test simulation GIAC GCFA sorti par les experts de Pass4Test est bien proche du test réel. Nous sommes confiant sur notre produit qui vous permet à réussir le test GIAC GCFA à la première fois. Si vous ne passe pas le test, votre argent sera tout rendu.

Vous aurez une assurance 100% à réussir le test GIAC GCFA si vous choisissez le produit de Pass4Test. Si malheuresement, vous ne passerez pas le test, votre argent seront tout rendu.

GCFA Démo gratuit à télécharger: http://www.pass4test.fr/GCFA.html

NO.1 Adam works as an Incident Handler for Umbrella Inc. He is informed by the senior authorities that the
server of the marketing department has been affected by a malicious hacking attack. Supervisors are also
claiming that some sensitive data are also stolen. Adam immediately arrived to the server room of the
marketing department and identified the event as an incident. He isolated the infected network from the
remaining part of the network and started preparing to image the entire system. He captures volatile data,
such as running process, ram, and network connections.
Which of the following steps of the incident handling process is being performed by Adam?
A. Recovery
B. Eradication
C. Identification
D. Containment
Answer: D

certification GIAC   GCFA   GCFA examen

NO.2 Which of the following encryption methods uses AES technology?
A. Dynamic WEP
B. Static WEP
C. TKIP
D. CCMP
Answer: D

GIAC   certification GCFA   GCFA   GCFA   certification GCFA

NO.3 Which of the following modules of OS X kernel (XNU) provides the primary system program interface?
A. BSD
B. LIBKERN
C. I/O Toolkit
D. Mach
Answer: A

GIAC examen   GCFA   certification GCFA   GCFA   certification GCFA

NO.4 Adam works as a Computer Hacking Forensic Investigator for a garment company in the United States.
A project has been assigned to him to investigate a case of a disloyal employee who is suspected of
stealing design of the garments, which belongs to the company and selling those garments of the same
design under different brand name. Adam investigated that the company does not have any policy related
to the copy of design of the garments. He also investigated that the trademark under which the employee
is selling the garments is almost identical to the original trademark of the company. On the grounds of
which of the following laws can the employee be prosecuted.?
A. Trademark law
B. Cyber law
C. Copyright law
D. Espionage law
Answer: A

GIAC   GCFA   GCFA

NO.5 Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to
investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer
runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He
knows that in Windows operating system, the data is searched in pre-defined steps for proper and
efficient analysis. Which of the following is the correct order for searching data on a Windows based
system?
A. Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
B. Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps
C. Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
D. Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces
Answer: D

certification GIAC   GCFA examen   GCFA examen   certification GCFA   GCFA examen   GCFA

NO.6 You work as a Network Administrator for Perfect Solutions Inc. You install Windows 98 on a computer.
By default, which of the following folders does Windows 98 setup use to keep the registry tools?
A. $SYSTEMROOT$REGISTRY
B. $SYSTEMROOT$WINDOWS
C. $SYSTEMROOT$WINDOWSREGISTRY
D. $SYSTEMROOT$WINDOWSSYSTEM32
Answer: B

GIAC examen   GCFA examen   GCFA examen   GCFA

NO.7 Which of the following attacks saturates network resources and disrupts services to a specific
computer?
A. Teardrop attack
B. Polymorphic shell code attack
C. Denial-of-Service (DoS) attack
D. Replay attack
Answer: C

certification GIAC   GCFA examen   GCFA   GCFA   GCFA

NO.8 Adam works as a Security Administrator for Umbrella Inc. He is responsible for securing all 15 servers
of the company. To successfully accomplish the task, he enables the hardware and software firewalls and
disables all unnecessary services on all the servers. Sales manager of the company asks Adam to run
emulation software on one of the servers that requires the telnet service to function properly. Adam is
concerned about the security of the server, as telnet can be a very large security risk in an organization.
Adam decides to perform some footprinting, scanning, and penetration testing on the server to checkon
the server to check the security. Adam telnets into the server and writes the following command:
HEAD / HTTP/1.0
After pressing enter twice, Adam gets the following results:
Which of the following tasks has Adam just accomplished?
A. Poisoned the local DNS cache of the server.
B. Submitted a remote command to crash the server.
C. Grabbed the banner.
D. Downloaded a file to his local computer.
Answer: C

GIAC examen   certification GCFA   GCFA   certification GCFA

NO.9 Which of the following tools can be used to perform tasks such as Windows password cracking,
Windows enumeration, and VoIP session sniffing?
A. John the Ripper
B. L0phtcrack
C. Obiwan
D. Cain
Answer: D

GIAC examen   GCFA   certification GCFA   certification GCFA

NO.10 You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to
investigate e-mail information of an employee of the company. The suspected employee is using an
online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer will
you review to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
A. History folder
B. Temporary Internet Folder
C. Download folder
D. Cookies folder
Answer: A,B,D

certification GIAC   certification GCFA   GCFA examen   certification GCFA

NO.11 You want to upgrade a partition in your computer's hard disk drive from FAT to NTFS. Which of the
following DOS commands will you use to accomplish this?
A. FORMAT C: /s
B. CONVERT C: /fs:ntfs
C. SYS C:
D. FDISK /mbr
Answer: B

GIAC   certification GCFA   certification GCFA   certification GCFA   GCFA examen   GCFA examen

NO.12 You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008
network environment. The network is configured as a Windows Active Directory-based single forest single
domain network. The network is configured on IP version 6 protocol. All the computers on the network are
connected to a switch device. One day, users complain that they are unable to connect to a file server.
You try to ping the client computers from the server, but the pinging fails. You try to ping the server's own
loopback address, but it fails to ping. You restart the server, but the problem persists.
What is the most likely cause?
A. The cable that connects the server to the switch is broken.
B. Automatic IP addressing is not working.
C. The switch device is not working.
D. The server is configured with unspecified IP address.
E. The server's NIC is not working.
Answer: E

GIAC   GCFA   GCFA examen   certification GCFA

NO.13 You work as a Web developer for ABC Inc. You want to investigate the Cross-Site Scripting attack on
your company's Web site. Which of the following methods of investigation can you use to accomplish the
task?
Each correct answer represents a complete solution. Choose all that apply.
A. Review the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL
to the company's site.
B. Look at the Web server's logs and normal traffic logging.
C. Use Wireshark to capture traffic going to the server and then searching for the requests going to the
input page, which may give log of the malicious traffic and the IP address of the source.
D. Use a Web proxy to view the Web server transactions in real time and investigate any
communication with outside servers.
Answer: A,B,D

GIAC examen   GCFA examen   GCFA   GCFA

NO.14 Which of the following methods is used by forensic investigators to acquire an image over the network
in a secure manner?
A. DOS boot disk
B. Linux Live CD
C. Secure Authentication for EnCase (SAFE)
D. EnCase with a hardware write blocker
Answer: C

certification GIAC   GCFA   GCFA examen   GCFA

NO.15 Adam, a malicious hacker has successfully gained unauthorized access to the Linux system of
Umbrella Inc. Web server of the company runs on Apache. He has downloaded sensitive documents and
database files from the computer. After performing these malicious tasks, Adam finally runs the following
command on the Linux command box before disconnecting. for (( i =
0;i<11;i++ )); do
dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda done
Which of the following actions does Adam want to perform by the above command?
A. Making a bit stream copy of the entire hard disk for later download.
B. Deleting all log files present on the system.
C. Wiping the contents of the hard disk with zeros.
D. Infecting the hard disk with polymorphic virus strings.
Answer: C

GIAC   GCFA   certification GCFA   certification GCFA   GCFA examen   GCFA

NO.16 Which of the following is the correct order of loading system files into the main memory of the system,
when the computer is running on Microsoft's Windows XP operating system?
A. NTLDR, BOOT.ini, HAL.dll, NTDETECT.com, NTOSKRNL.exe
B. NTLDR, BOOT.ini, NTDETECT.com, HAL.dll, NTOSKRNL.exe
C. NTLDR, BOOT.ini, HAL.dll, NTDETECT.com, NTOSKRNL.exe
D. BOOT.ini, HAL.dll, NTDETECT.com, NTLDR, NTOSKRNL.exe
Answer: B

GIAC examen   GCFA examen   certification GCFA   GCFA

NO.17 A firewall is a combination of hardware and software, used to provide security to a network. It is used
to protect an internal network or intranet against unauthorized access from the Internet or other outside
networks. It restricts inbound and outbound access and can analyze all traffic between an internal
network and the Internet. Users can configure a firewall to pass or block packets from specific IP
addresses and ports. Which of the following tools works as a firewall for the Linux 2.4 kernel?
A. OpenSSH
B. IPTables
C. IPChains
D. Stunnel
Answer: B

certification GIAC   GCFA   GCFA   GCFA examen   GCFA

NO.18 Which of the following Acts enacted in United States allows the FBI to issue National Security Letters
(NSLs) to Internet service providers (ISPs) ordering them to disclose records about their customers?
A. Wiretap Act
B. Computer Fraud and Abuse Act
C. Economic Espionage Act of 1996
D. Electronic Communications Privacy Act of 1986
Answer: D

certification GIAC   GCFA   certification GCFA

NO.19 Which of the following type of file systems is not supported by Linux kernel?
A. vFAT
B. NTFS
C. HFS
D. FAT32
Answer: D

GIAC   GCFA   certification GCFA   GCFA examen   GCFA

NO.20 Mark works as a security manager for SofTech Inc. He is using a technique for monitoring what the
employees are doing with corporate resources. Which of the following techniques is being used by Mark
to gather evidence of an ongoing computer crime if a member of the staff is e-mailing company's secrets
to an opponent?
A. Electronic surveillance
B. Civil investigation
C. Physical surveillance
D. Criminal investigation
Answer: A

GIAC examen   GCFA   certification GCFA   certification GCFA   GCFA examen   GCFA

NO.21 You work as a Network Administrator for Blue Bell Inc. You want to install Windows XP
Professional on your computer, which already has Windows Me installed. You want to configure your
computer to dual boot between Windows Me and Windows XP Professional. You have a single 40GB
hard disk.
Which of the following file systems will you choose to dual-boot between the two operating
systems?
A. NTFS
B. FAT32
C. CDFS
D. FAT
Answer: B

GIAC   GCFA   certification GCFA

NO.22 John works as a professional Ethical Hacker. He has been assigned the project of testing the security of
www.we-are-secure.com. He receives the following e-mail:
The e-mail that John has received is an example of __________.
A. Virus hoaxes
B. Spambots
C. Social engineering attacks
D. Chain letters
Answer: D

GIAC examen   GCFA   GCFA   GCFA   GCFA examen

NO.23 Fill in the blank with the appropriate name.
_____is a list, which specifies the order of volatility of data in a Windows based system.
A. RFC 3227
Answer: A

GIAC   GCFA   GCFA examen

NO.24 TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the
target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker
and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port
will drop the packet. Which of the following operating systems can be easily identified with the help of TCP
FIN scanning?
A. Solaris
B. Red Hat
C. Knoppix
D. Windows
Answer: D

GIAC examen   GCFA examen   GCFA examen   certification GCFA

NO.25 The MBR of a hard disk is a collection of boot records that contain disk information such as disk
architecture, cluster size, and so on. The main work of the MBR is to locate and run necessary operating
system files that are required to run a hard disk. In the context of the operating system,
MBR is also known as the boot loader. Which of the following viruses can infect the MBR of a hard disk?
Each correct answer represents a complete solution. Choose two.
A. Stealth
B. Boot sector
C. Multipartite
D. File
Answer: B,C

GIAC   GCFA examen   GCFA   GCFA   GCFA

NO.26 Which of the following is the first computer virus that was used to infect the boot sector of storage
media formatted with the DOS File Allocation Table (FAT) file system?
A. Melissa
B. Tequila
C. Brain
D. I love you
Answer: C

GIAC   GCFA   GCFA examen   GCFA   GCFA examen   GCFA

NO.27 An executive in your company reports odd behavior on her PDA. After investigation you discover that a
trusted device is actually copying data off the PDA. The executive tells you that the behavior started
shortly after accepting an e-business card from an unknown person. What type of attack is this?
A. Session Hijacking
B. Bluesnarfing
C. PDA Hijacking
D. Privilege Escalation
Answer: B

certification GIAC   GCFA   GCFA   GCFA   GCFA examen

NO.28 Which of the following is the process of overwriting all addressable locations on a disk?
A. Drive wiping
B. Spoofing
C. Sanitization
D. Authentication
Answer: A

GIAC examen   certification GCFA   GCFA

NO.29 You company suspects an employee of sending unauthorized emails to competitors. These emails are
alleged to contain confidential company data. Which of the following is the most important step for you to
take in preserving the chain of custody?
A. Preserve the email server including all logs.
B. Make copies of that employee's email.
C. Seize the employee's PC.
D. Place spyware on the employee's PC to confirm these activities.
Answer: A

GIAC examen   GCFA   GCFA

NO.30 Which of the following file systems provides file-level security?
A. CDFS
B. FAT
C. FAT32
D. NTFS
Answer: D

GIAC   GCFA examen   GCFA   GCFA

Selon les anciens test GIAC GCFA, la Q&A offerte par Pass4Test est bien liée avec le test réel.