GSNA Exam Dumps : GIAC Systems and Network Auditor

According to the scenario, John is performing the Steganography technique for sending malicious data. Steganography is an art and science of hiding information by embedding harmful messages within other seemingly harmless messages. It works by replacing bits of unused data, such as graphics, sound, text, and HTML, with bits of invisible information in regular computer files. This hidden information can be in the form of plain text, cipher text, or even in the form of images. Answer: A is incorrect. Web ripping is a technique in which the attacker copies the whole structure of a Web site to the local disk and obtains all files of the Web site. Web ripping helps an attacker to trace the loopholes of the Web site. Answer: D is incorrect. Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of the people to trick someone rather than their technical skills. A user should always distrust people who ask him for his account name or password, computer name, IP address, employee ID, or other information that can be misused. Answer: C is incorrect. John is not performing email spoofing. In email spoofing, an attacker sends emails after writing another person's mailing address in the from field of the email id.

In 1947, the American Institute of Certified Public Accountants (AICPA) adopted Generally Accepted Auditing Standards (GAAS) to establish standards for audits. The standards cover the following three categories: General Standards: They relate to professional and technical competence, independence, and professional due care. Field Work Standards: They relate to the planning of an audit, evaluation of internal control, and obtaining sufficient evidential matter upon which an opinion is based. Reporting Standards: They relate to the compliance of all auditing standards and adequacy of disclosure of opinion in the audit reports. If an opinion cannot be reached, the auditor is required to explicitly state their assertions. Answer: B is incorrect. There was no such category of standard established by GAAS.