New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GSNA Exam - Topic 6 Question 43 Discussion

Actual exam question for GIAC's GSNA exam
Question #: 43
Topic #: 6
[All GSNA Questions]

You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to track the system for user logins. To accomplish the task, you need to analyze the log configuration files. Which of the following Unix log configuration files can you use to

accomplish the task?

Show Suggested Answer Hide Answer
Suggested Answer: C

A null session is an anonymous connection to a freely accessible network share called IPC$ on Windows-based servers. It allows immediate

read and write access with Windows NT/2000 and read-access with Windows XP and 2003.

The command to be inserted at the DOS-prompt is as follows:

net use \IP address_or_host nameipc$ '' '/user:'

net use

Port numbers 139 TCP and 445 UDP can be used to start a NULL session attack.


by Becky at Apr 08, 2024, 09:36 PM

Limited Time Offer

25%

Off

Get Premium GSNA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Chauncey
3 months ago
No way /var/log/maillog is relevant for user logins.
upvoted 0 times
...
Thad
3 months ago
Surprised that /var/spool/mail is even listed here!
upvoted 0 times
...
Lili
3 months ago
Wait, isn't /var/log/messages also useful for this?
upvoted 0 times
...
Cristen
4 months ago
I agree, that's the right file for tracking logins.
upvoted 0 times
...
Maryann
4 months ago
Definitely check /var/log/secure for user logins.
upvoted 0 times
...
Jeanice
4 months ago
I'm a bit confused about /var/spool/mail; I don't think it relates to user logins, but I can't remember what it's specifically for.
upvoted 0 times
...
Tamra
4 months ago
I practiced a similar question where we had to identify log files, and I think /var/log/secure was the answer there too.
upvoted 0 times
...
Haley
4 months ago
I think /var/log/secure is definitely the right choice for tracking logins, but I also recall something about /var/log/messages being useful for general system logs.
upvoted 0 times
...
Inocencia
5 months ago
I remember that user logins are usually tracked in the secure log, but I'm not entirely sure if that's the only one we need to check.
upvoted 0 times
...
Lashaun
5 months ago
This is a good question to test our knowledge of Unix log files. I think the key is to focus on the files that are most likely to contain user login information. /var/log/secure seems like the best bet based on that criteria.
upvoted 0 times
...
Moon
5 months ago
Okay, let's see. I know the /var/log/messages file is a general system log, and /var/log/secure is often used for security-related events. I'm guessing one of those two is the right answer here.
upvoted 0 times
...
Levi
5 months ago
This seems like a straightforward question about Unix log files. I'm pretty confident I can find the right answer by thinking through the typical log files used for user login tracking.
upvoted 0 times
...
Shaun
5 months ago
Hmm, I'm a bit unsure about this one. I know there are a few different log files in Unix, but I'm not sure which one would specifically track user logins. I'll have to think this through carefully.
upvoted 0 times
...
Irene
5 months ago
Okay, let's see. We need to configure the retention for backups from an on-premises server to Azure. That sounds like it would be done through the Recovery Services vault, which is the central management point for Azure Backup. I'm pretty confident that's the right answer.
upvoted 0 times
...
Louis
5 months ago
This question seems pretty straightforward. I think I can just compare the time it takes to scale up 500 nodes in the different modes and select the correct answer.
upvoted 0 times
...
Leonora
5 months ago
I remember discussing SIP integration in class, but I'm not sure if the Message Waiting Indicator requires an Unsolicited NOTIFY or something else.
upvoted 0 times
...
Janella
5 months ago
Ah, I've run into this issue before. I'll be sure to check for any invalid cell references or text formatting that could be causing the problem.
upvoted 0 times
...
Shalon
5 months ago
I remember reading about explicit-null, but I'm a bit confused if it applies to segment routing with BGP.
upvoted 0 times
...
Francine
10 months ago
I'm just here hoping the answer isn't /dev/null. That's where all my brilliant ideas end up!
upvoted 0 times
Alesia
9 months ago
D) /var/log/maillog
upvoted 0 times
...
Vesta
9 months ago
C) /var/spool/mail
upvoted 0 times
...
Desmond
10 months ago
B) /var/log/secure
upvoted 0 times
...
Mee
10 months ago
A) /var/log/messages
upvoted 0 times
...
...
Viva
10 months ago
I bet the /var/log/maillog file would have some useful login information, especially if users are accessing their email through a web interface.
upvoted 0 times
Britt
9 months ago
I agree, /var/log/maillog would be a good place to check for login information related to email access.
upvoted 0 times
...
Sharee
9 months ago
D) /var/log/maillog
upvoted 0 times
...
Ciara
9 months ago
C) /var/spool/mail
upvoted 0 times
...
Lasandra
9 months ago
B) /var/log/secure
upvoted 0 times
...
Francesco
9 months ago
A) /var/log/messages
upvoted 0 times
...
...
Corazon
10 months ago
I'm not sure about this. Can someone explain why /var/log/secure is the correct choice for tracking user logins?
upvoted 0 times
...
Luis
10 months ago
I agree with Mel. /var/log/secure is the right file to track user logins on a Unix-based network.
upvoted 0 times
...
Erasmo
10 months ago
Hah, /var/spool/mail? That's where the actual emails are stored, not the login logs. Come on, we're network admins, not mail clerks!
upvoted 0 times
...
Penney
11 months ago
I'm not sure about that. The /var/log/messages file might be a better option since it contains a more comprehensive log of system activities.
upvoted 0 times
...
Broderick
11 months ago
The /var/log/secure file seems like the obvious choice here. It's where the system records user login and authentication events.
upvoted 0 times
Louisa
9 months ago
D) /var/log/maillog
upvoted 0 times
...
Laurel
10 months ago
C) /var/spool/mail
upvoted 0 times
...
Leah
10 months ago
B) /var/log/secure
upvoted 0 times
...
Sherrell
10 months ago
A) /var/log/messages
upvoted 0 times
...
...
Mel
11 months ago
I think the answer is B) /var/log/secure because it contains information about user logins.
upvoted 0 times
...

Save Cancel