GIAC GNSA dumps - 100% Pass Guarantee!

Correct Answer:

The auditor must plan and conduct the audit to ensure their audit risk (the risk of reaching an incorrect conclusion based on the audit findings) will be limited to an acceptable level. To eliminate the possibility of assessing audit risk too low, the

auditor should perform the following steps:

Obtain an Understanding of the Organization and its Environment: The understanding of the organization and its environment is used to assess the risk of material misstatement/weakness and to set the scope of the audit. The auditor's

understanding should include information on the nature of the entity, management, governance, objectives and strategies, and business processes.

Identify Risks that May Result in Material Misstatements: The auditor must evaluate an organization's business risks (threats to the organization's ability to achieve its objectives). An organization's business risks can arise or change due to

new personnel, new or restructured information systems, corporate restructuring, and rapid growth to name a few.

Evaluate the Organization's Response to those Risks: Once the auditor has evaluated the organization's response to the assessed risks, the auditor should then obtain evidence of management's actions toward those risks. The organization's

response (or lack thereof) to any business risks will impact the auditor's assessed level of audit risk.

Assess the Risk of Material Misstatement: Based on the knowledge obtained in evaluating the organization's responses to business risks, the auditor then assesses the risk of material misstatements and determines specific audit procedures

that are necessary based on that risk assessment.

Evaluate Results and Issue Audit Report: At this level, the auditor should determine if the assessments of risks were appropriate and whether sufficient evidence was obtained. The auditor will issue either an unqualified or qualified audit report

based on their findings.

Correct Answer: C

A screened host provides added security by using Internet access to deny or permit certain traffic from the Bastion Host.

Answer: D is incorrect. A network interface card provides a physical connection between computers within a network.

Answer: B is incorrect. Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a private network. It is the boundary between the Internet and an internal network, usually a combination of

firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a large enterprise network or corporate network the ability to use the Internet while still maintaining its security. Answer: A is

incorrect. A proxy server facilitates a more efficient use of the Internet connection bandwidth and hides the real IP addresses of computers located behind the proxy.

Correct Answer: BD

A named block is a PL/SQL block that Oracle stores in the database and can be called by name from any application. A named block is also known as a stored procedure. Named blocks can be called from any PL/SQL block. It has a declaration section, which is known as a header. The header may include the name of a block, type of the block, and parameter. The name and list of formal parameters are known as the signature of a subroutine. Once a named PL/SQL block is compiled, it gets permanently stored as p-code after compilation in the shared pool of the system global area. Therefore, the named block gets compiled only once. An anonymous block is a PL/SQL block that appears in a user's application and is neither named nor stored in the database. This block does not allow any mode of parameter. Anonymous block programs are effective in some situations. They are basically used when building scripts to seed data or perform one-time processing activities. They are also used when a user wants to nest activity in another PL/SQL block's execution section. Anonymous blocks are compiled each time they are executed.

Correct Answer: C

In order to provide the best level of security for the kind of authentication used by the company, Mark will have to use the PEAP protocol. This protocol will provide the strongest password-based authentication for a WEP solution with 802.1x.

Implementing 802.1x authentication for wireless security requires using an Extensible Authentication Protocol (EAP)-based method for authentication. There are two EAP-based methods:

1.EAP-Transport Layer Security (EAP-TLS)

2. Protected EAP (PEAP)

Answer: A is incorrect. IPSec has nothing to do with this issue.

Correct Answer: CD

The getSession() method of the HttpServletRequest interface returns the current session associated with the request, or creates a new session if no session exists. The method has two syntaxes as follows:

public HttpSession getSession(): This method creates a new session if it does not exist.

public HttpSession getSession(boolean create): This method becomes similar to the above method if create is true, and returns the current session if create is false. It returns null if no session exists.

Answer: B is incorrect. The getSession(false) method returns a pre-existing session. It returns null if the client has no session associated with it.