Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. GIAC
  3. Security Administration
  4. GSEC - GIAC Security Essentials

GIAC GSEC GIAC Security Essentials Exam Practice Test

Demo: 115 questions
Total 385 questions
Get GSEC Full Access Download GSEC PDF

GIAC Security Essentials Questions and Answers

Question 1

Which of the following terms refers to the process in which headers and trailers are added around user data?

Options:

A.

Encapsulation

B.

Authentication

C.

Authorization

D.

Encryption

Question 2

You work as a Network Administrator for Net Perfect Inc. The company has a Linux-based network. You have created a folder named Report. You have made David the owner of the folder. The members of a group named JAdmin can access the folder and have Read, Write, and Execute permissions. No other user can access the folder. You want to ensure that the members of the JAdmin group do not have Write permission on the folder. Also, you want other users to have Read permission on the Report folder.

Which of the following commands will you use to accomplish the task?

Options:

A.

chmod 777 report

B.

chown david.jadmin report

C.

chmod 555 report

D.

chmod 754 report

Question 3

Which of the following would be used to explicitly deny the traffic from a foreign IP address scanning the EC2 Instances in a VPC?

Options:

A.

Security Group

B.

B. VPC Endpoint

C.

C. Network ACL

D.

D. Internet Gateway

Question 4

Which of the following statements about policy is FALSE?

Options:

A.

A well-written policy contains definitions relating to "what" to do.

B.

A well-written policy states the specifics of "how" to do something.

C.

Security policy establishes what must be done to protect information stored on computers.

D.

Policy protects people who are trying to do the right thing.

Question 5

What is the key difference between Electronic Codebook mode and other block cipher modes like Cipher Block Chaining, Cipher-Feedback and Output-Feedback?

Options:

A.

Plaintext patterns are concealed by XO Ring with previous cipher text block but input to the block cipher is not randomized.

B.

Plaintext patterns are concealed and input to the block cipher is randomized by XO Ring with previous cipher text block.

C.

Plaintext patterns encrypted with the same key will always generate the same

Cipher text pattern

D.

Plaintext patterns are not concealed but input to the block cipher is randomized by XO Ring with previous cipher text block.

Question 6

What is the name of the registry key that is used to manage remote registry share permissions for the whole registry?

Options:

A.

regkey

B.

regmng

C.

winreg

D.

rrsreg

Question 7

Which of the following authentication methods are used by Wired Equivalent Privacy (WEP)? Each correct answer represents a complete solution. Choose two.

Options:

A.

Anonymous authentication

B.

Mutual authentication

C.

Open system authentication

D.

Shared key authentication

Question 8

You are the security director for an off-shore banking site. From a business perspective, what is a major factor to consider before running your new vulnerability scanner against the company's business systems?

Options:

A.

It may harm otherwise healthy systems.

B.

It may produce false negative results.

C.

It may generate false positive results.

D.

It may not return enough benefit for the cost.

Question 9

What is the main reason that DES is faster than RSA?

Options:

A.

DES is less secure.

B.

DES is implemented in hardware and RSA is implemented in software.

C.

Asymmetric cryptography is generally much faster than symmetric.

D.

Symmetric cryptography is generally much faster than asymmetric.

Question 10

Which of the following is a Personal Area Network enabled device?

Options:

A.

Corporate access point extender

B.

Bluetooth mouse

C.

Home Win router

D.

Network enabled printer

Question 11

How can an adversary utilize a stolen database of unsalted password hashes?

Options:

A.

Decrypt them to find the dear text passwords

B.

Compare the hashed output of guessed passwords with them

C.

Authenticate with the service associated with the on-line database

D.

Reverse engineer them to find the encryption key

Question 12

In preparation to do a vulnerability scan against your company's systems. You've taken the steps below:

You've notified users that there will be a system test.

You've priontized and selected your targets and subnets.

You've configured the system to do a deep scan.

You have a member of your team on call to answer questions.

Which of the following is a necessary step to take prior to starting the scan?

Options:

A.

Placing the incident response team on call.

B.

Clear relevant system log files.

C.

Getting permission to run the scan.

D.

Scheduling the scan to run before OS updates.

Question 13

When file integrity checking is enabled, what feature is used to determine if a monitored file has been modified?

Options:

A.

file size

B.

Last modified dale

C.

File change notifications in the Application Event Log

D.

One-way hash

Question 14

Use sudo to launch Snort with the, /etc /snort /snort.conf file In full mode to generate alerts based on incoming traffic to echo. What is the source IP address of the traffic triggering an alert with a destination port of 156?

Note: Snort Is configured to exit after It evaluates 50 packets.

Options:

A.

192.168.^.30

B.

10.72.101.210

C.

10.10.28.19

D.

10.11.10.11

E.

10.10.10.66

F.

192.168.87.68

G.

10.12.10.112

Question 15

Which of the following Unix syslog message priorities is the MOST severe?

Options:

A.

err

B.

emerg

C.

crit

D.

alert

Question 16

Which of the following is referred to as Electromagnetic Interference (EMI)?

Options:

A.

Electrical line noise

B.

Spike

C.

Transient

D.

Brownout

Question 17

Against policy, employees have installed Peer-to-Peer applications on their workstations and they are using them over TCP port 80 to download files via the company network from other Peer-to-Peer users on the Internet. Which of the following describes this threat?

Options:

A.

Firewall subversion

B.

Backdoor installation

C.

Malicious software infection

D.

Phishing attempt

Question 18

Jonny Is an IT Project Manager. He cannot access the folder called "IT Projects" but can access a folder called "Sales Data" even though he's not on the sales team. Which information security principle has failed?

Options:

A.

Authentication

B.

Authorization

C.

Identification

D.

Accountability

Question 19

Which of the following SIP methods is used to setup a new session and add a caller?

Options:

A.

ACK

B.

BYE

C.

REGISTER

D.

INVITE

E.

CANCEL

Question 20

Which of the following statements about DMZ are true?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It is the boundary between the Internet and a private network.

B.

It is an anti-virus software that scans the incoming traffic on an internal network.

C.

It contains company resources that are available on the Internet, such as Web servers and

FTP servers.

D.

It contains an access control list (ACL).

Question 21

A new data center is being built where customer credit information will be processed and stored. Which of the following actions will help maintain the confidentiality of the data?

Options:

A.

Environmental sensors in the server room

B.

Access control system for physical building

C.

Automated fire detection and control systems

D.

Frequent off-site backup of critical databases

Question 22

How are differences in configuration settings handled between Domain and Local Group Policy Objects (GPOs)?

Options:

A.

Local and Domain GPOs control different configuration settings, so there will not be conflicts.

B.

Settings in the domain-wide GPO override conflicting settings in the local GPO on each computer.

C.

Settings in the local GPO override conflicting settings when the domain-wide GPO is applied.

D.

Precedence depends on which GPO was updated first.

Question 23

You work as an Administrator for McRoberts Inc. The company has a Linux-based network. You are logged in as a non-root user on your client computer. You want to delete all files from the /garbage directory. You want that the command you will use should prompt for the root user password. Which of the following commands will you use to accomplish the task?

Options:

A.

rm -rf /garbage*

B.

del /garbage/*.*

C.

rm -rf /garbage* /SU

D.

su -c "RM -rf /garbage*"

Question 24

What is log, pre-processing?

Options:

A.

Removing known bad log event entries

B.

Converting logs from one format to another

C.

Moving log entries of unknown status to an analyst's queue

D.

Transferring logs to short-term storage

Question 25

What is the following sequence of packets demonstrating?

Options:

A.

telnet.com.telnet > client.com.38060: F 4289:4289(0) ack 92 win 1024

B.

client.com.38060 > telnet.com.telnet: .ack 4290 win 8760 (DF)

C.

client.com.38060 > telnet.com.telnet: F 92:92(0) ack 4290 win 8760 (DF)

D.

telnet.com.telnet > client.com.38060: .ack 93 win 1024

Question 26

What is the SHA1 hash of the Ale /bin/Is?

Options:

A.

a895bac9c3

B.

54771b4r

C.

a39bed3C496fC764fc518d3e2d56f7d0f4C625fb

D.

93c1 ffbd22ebcad798886fb4aa46fa 357b23d80a

E.

aa40739f465ded2245872b1e4972e33d5bObb1cb

F.

494a 192859f 244c69d5bdc46255d b44l9e 7d051 f

G.

d3a21675a8f 19518d8b8f3cefOf6a21 del da6cc7

Question 27

Which class of IDS events occur when the IDS fails to alert on malicious data?

Options:

A.

True Negative

B.

True Positive

C.

False Positive

D.

False Negative

Question 28

SSL session keys are available in which of the following lengths?

Options:

A.

40-bit and 128-bit.

B.

64-bit and 128-bit.

C.

128-bit and 1,024-bit.

D.

40-bit and 64-bit.

Question 29

Which of the following is an advantage of private circuits versus VPNs?

Options:

A.

Flexibility

B.

Performance guarantees

C.

Cost

D.

Time required to implement

Question 30

What type of malware is a self-contained program that has the ability to copy itself without parasitically infecting other host code?

Options:

A.

Trojans

B.

Boot infectors

C.

Viruses

D.

Worms

Question 31

If the NET_ID of the source and destination address in an IP (Internet Protocol) packet match, which answer BEST describes the routing method the sending host will use?

Options:

A.

Local (or direct) routing

B.

Circuit switch routing

C.

Dynamic (or changeable) routing

D.

Remote (or indirect) routing

Question 32

What is the most secure way to address an unused Windows service so it cannot be exploited by malware?

Options:

A.

Firewall it

B.

Set to manual startup

C.

Disable it

D.

Uninstall it

Question 33

Which of the following are the types of access controls?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Physical

B.

Administrative

C.

Automatic

D.

Technical

Question 34

Which of the following tools is also capable of static packet filtering?

Options:

A.

netstat.exe

B.

ipsecpol.exe

C.

ipconfig.exe

D.

net.exe

Question 35

Launch Calculator (calc.exe). Using PowerShell, retrieve the Calculator Process Information. What is the value of the File Version property?

Hint: The process name of Calculator is calculator

Options:

A.

10.1705.12507.0

B.

10.1902.1603.06155

C.

10.0.19041.1

D.

8.1.2017.26587

E.

8.2017.1009.04153

F.

10.1705.1809.07007

G.

8.2017.0908.29102

Question 36

On an NTFS file system, what will happen when a conflict exists between Allow and Deny permissions?

Options:

A.

The resolution depends on the groups that the user belongs to.

B.

Allow permission will take precedence over the Deny permission.

C.

Deny permission will take precedence over the Allow permission.

D.

The resolution depends on the user's machine rights.

Question 37

Which practice can help protect secrets in a cloud environment?

Options:

A.

Avoiding the use of Terraform variables

B.

Running privileged docker runtime

C.

Excluding the tfstate file from code repositories

D.

Using the -net-host flag

Question 38

You work as a Network Administrator for NetTech Inc. When you enter http://66.111.64.227 in the browser 's address bar, you are able to access the site. But, you are unable to access the site when you enter http://www.uCertify.com. What is the most likely cause?

Options:

A.

DNS entry is not available for the host name.

B.

The site's Web server is offline.

C.

The site's Web server has heavy traffic.

D.

WINS server has no NetBIOS name entry for the server.

Question 39

Many IIS servers connect to Microsoft SQL databases. Which of the following statements about SQL server security is TRUE?

Options:

A.

SQL Server patches are part of the operating system patches.

B.

SQL Server should be installed on the same box as your IIS web server when they communicate as part of the web application.

C.

It is good practice to never use integrated Windows authentication for SQL Server.

D.

It is good practice to not allow users to send raw SQL commands to the SQL Server.

Question 40

Use PowerShell ISE to

examineC:\Windows\security\templates\WorkstationSecureTemplate.inf. Which setting is configured in the template?

Options:

A.

ResetLockoutCount

B.

NewAdministratorName

C.

MinirnumPasswordAge

D.

Require logonToChangoPassword

E.

SeRemotPlnteractiveLogonRlght

F.

MaxRenewAge

G.

AuditSystemEvents

Question 41

You work as a Network Administrator for Tech2tech Inc. You have configured a network-based IDS for your company. You have physically installed sensors at all key positions throughout the network such that they all report to the command console.

What will be the key functions of the sensors in such a physical layout?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

To collect data from operating system logs

B.

To notify the console with an alert if any intrusion is detected

C.

To analyze for known signatures

D.

To collect data from Web servers

Question 42

Why are false positives such a problem with IPS technology?

Options:

A.

File integrity is not guaranteed.

B.

Malicious code can get into the network.

C.

Legitimate services are not delivered.

D.

Rules are often misinterpreted.

Question 43

Which of the following is a benefit to utilizing Cygwin for Windows?

Options:

A.

The ability to install a complete Red Hat operating system Install on Windows.

B.

The ability to bring much more powerful scripting capabilities to Windows.

C.

The ability to run a production Apache server.

D.

The ability to install a complete Ubuntu operating system install on Windows.

Question 44

A Network Engineer is charged with maintaining and protecting a network with a high availability requirement. In addition to other defenses, they have chosen to implement a NIPS. How should the NIPS failure conditions be configured to ensure availability if the NIPS is installed in front of the Firewall that protects the DMZ?

Options:

A.

Fail safe

B.

Fail smart

C.

Fail-closed

D.

Fail-open

Question 45

What is the term for a game in which for every win there must be an equivalent loss?

Options:

A.

Asymmetric

B.

Untenable

C.

Zero-sum

D.

Gain-oriented

Question 46

What requirement must an administrator remember when utilizing Security Configuration and Analysis (SCA) to apply security templates to Windows systems?

Options:

A.

Template application should be done remotely

B.

Templates must be received from a domain controller

C.

Template application requires domain administrator rights

D.

Template application cannot be automatically reversed

Question 47

You work as a Network Administrator for Secure World Inc. The company has a Linux-based network. You want to run a command with the changed root directory. Which of the following commands will you use?

Options:

A.

ls

B.

chroot

C.

route

D.

chdir

Question 48

Dilbert wants to have a script run on his Windows server every time Wally logs into it. Where should he place this script?

Options:

A.

HKEY_LOCAL_MACHINF\SOFTWARE\Mlcrosofl\Wlndows\CurrentVerslon\RunOnce

B.

Default Domain Policy > User Configuration > Windows Settings > Scripts (Logon/Logoff)

C.

HKEY.LOCAL MACHIN\SOFTWARE\Microsolt\Windows\CurrentVersion\Run

D.

Default Domain Policy > Computer Configuration > Windows Settings > Scripts (Startup/Shutdown)

Question 49

Which Windows event log would you look in if you wanted information about whether or not a specific diver was running at start up?

Options:

A.

Application

B.

System

C.

Startup

D.

Security

Question 50

Which of the following statements would be seen in a Disaster Recovery Plan?

Options:

A.

"Instructions for notification of the media can be found in Appendix A"

B.

"The Emergency Response Plan should be executed in the case of any physical disaster listed on page 3."

C.

"The target for restoration of business operations is 72 hours from the declaration of disaster."

D.

"After arriving at the alternate site, utilize the server build checklist to rebuild all servers on the server rebuild list."

Question 51

Why would someone use port 80 for deployment of unauthorized services?

Options:

A.

Google will detect the service listing on port 80 and post a link, so that people all over the world will surf to the rogue service.

B.

If someone were to randomly browse to the rogue port 80 service they could be compromised.

C.

This is a technique commonly used to perform a denial of service on the local web server.

D.

HTTP traffic is usually allowed outbound to port 80 through the firewall in most environments.

Question 52

Use nmap to discover a host on the 10.10.10.0/24 network, scanning only port 8082 and using the SYN or Stealth scan approach. Which host has a service called -blackice-alerts"?

Options:

A.

10.10.10.115

B.

10.10.10.80

C.

10.10.10.5

D.

10.10.10

E.

10.10.10.30

F.

10.10.10.164

G.

10.10.10.37

Question 53

Which of the following logging tasks should be evaluated in real-time?

Options:

A.

Inside and perimeter log trends review

B.

Routine account creation/removal

C.

Log management system performance

D.

Loss of service on critical assets

Question 54

You ask your system administrator to verify user compliance with the corporate policies on password strength, namely that all passwords will have at least one numeral, at least one letter, at least one special character and be 15 characters long. He comes to you with a set of compliance tests for use with an offline password cracker. They are designed to examine the following parameters of the password:

* they contain only numerals

* they contain only letters

* they contain only special characters

* they contain only letters and numerals

" they contain only letters and special characters

* they contain only numerals and special characters

Of the following, what is the benefit to using this set of tests?

Options:

A.

They are focused on cracking passwords that use characters prohibited by the password policy

B.

They find non-compliant passwords without cracking compliant passwords.

C.

They are focused on cracking passwords that meet minimum complexity requirements

D.

They crack compliant and non-compliant passwords to determine whether the current policy is strong enough

Question 55

You work as a Network Administrator for McNeil Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest domain-based network. The company's management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks:

The wireless network communication should be secured.

The laptop users should be able to use smart cards for getting authenticated. In order to accomplish the tasks, you take the following steps:

Configure 802.1x and WEP for the wireless connections. Configure the PEAP-MS-CHAP v2 protocol for authentication. What will happen after you have taken these steps?

Options:

A.

The laptop users will be able to use smart cards for getting authenticated.

B.

Both tasks will be accomplished.

C.

None of the tasks will be accomplished.

D.

The wireless network communication will be secured.

Question 56

Which of the following SIP INVITE lines indicates to the remote registrar the VoIP phone that initiated the call?

Options:

A.

Via

B.

To

C.

From-Agent

D.

User-Agent

Question 57

Analyze the screenshot below. What is the purpose of this message?

Options:

A.

To gather non-specific vulnerability information

B.

To get the user to download malicious software

C.

To test the browser plugins for compatibility

D.

To alert the user to infected software on the computer.

Question 58

Which of the following languages enable programmers to store cookies on client computers? Each correct answer represents a complete solution. Choose two.

Options:

A.

DHTML

B.

Perl

C.

HTML

D.

JavaScript

Question 59

What is it called when an OSI layer adds a new header to a packet?

Options:

A.

Switching

B.

Encapsulation

C.

fragmentation

D.

Routing

Question 60

What is the name of the command-line tool for Windows that can be used to manage audit policies on remote systems?

Options:

A.

SECEDTT.EXE

B.

POLCLI.EXE

C.

REMOTEAUDIT.EXE

D.

AUDITPOL.EXE

Question 61

Which of the following is a private, RFC 1918 compliant IP address that would be assigned to a DHCP scope on a private LAN?

Options:

A.

127.0.0.100

B.

169.254.1.50

C.

10.254.1.50

D.

172.35.1.100

Question 62

Critical information is encrypted within an application accessible only to a small group of administrators, with a separate group of administrators holding the decryption keys. What Defense in Depth approach is being used?

Options:

A.

Information-Centric

B.

Uniform Protection

C.

Protected Enclaves

D.

Threat Vector Analysis

Question 63

Which of the following best describes the level of risk associated with using proprietary crypto algorithms.?

Options:

A.

Proprietary cryptographic algorithms are required by law to use shorter key lengths in the United States, so the risk is high.

B.

Proprietary algorithms have not been subjected to public scrutiny, so they have been checked less throughly for vulnerabilities.

C.

Proprietary algorithms are less likely be vulnerable than algorithms that have been publicly disclosed because of enhanced secrecy of the algorithm.

D.

Proprietary algorithms are not known to generally be any more or less vulnerable than publicly scrutinized algorithms.

Question 64

The Return on Investment (ROI) measurement used in Information Technology and Information Security fields is typically calculated with which formula?

Options:

A.

ROI = (gain - expenditure)/(expenditure) X 100%

B.

ROI = (gain + expenditure)/(expenditure) X 100%

C.

ROI = (loss + expenditure)/(expenditure) X 100%

D.

ROI = (loss - expenditure)/(expenditure) X 100%

Question 65

Which of the following statements about Secure Sockets Layer (SSL) are true? Each correct answer represents a complete solution. Choose two.

Options:

A.

It provides communication privacy, authentication, and message integrity.

B.

It provides mail transfer service.

C.

It uses a combination of public key and symmetric encryption for security of data.

D.

It provides connectivity between Web browser and Web server.

Question 66

What is needed for any of the four options for Azure AD multi-factor user authentication?

Options:

A.

Fingerprint reader

B.

Web cam

C.

Phone

D.

Iris scan

Question 67

Which of the following terms is used for the process of securing a system or a device on a network infrastructure?

Options:

A.

Hardening

B.

Authentication

C.

Cryptography

D.

Sanitization

Question 68

Which of the following is an UDP based protocol?

Options:

A.

telnet

B.

SNMP

C.

IMAP

D.

LDAP

Question 69

Where could you go in Windows XP/2003 to configure Automatic Updates?

Options:

A.

Right click on the Start Menu and choose select Properties in the pop-up Menu.

B.

Open the MMC and choose the Automatic Updates snap-in.

C.

Right click on your desktop and choose the automatic updates.

D.

Go to the System applet in Control Panel and click on the Automatic Updates icon.

Question 70

When discussing access controls, which of the following terms describes the process of determining the activities or functions that an Individual is permitted to perform?

Options:

A.

Authentication

B.

Identification

C.

Authorization

D.

Validation

Question 71

The Windows 'tracert' begins by sending what type of packet to the destination host?

Options:

A.

A UDP packet with a TTL of 1

B.

An ICMP Echo Request

C.

An ICMP Router Discovery

D.

An ICMP Echo Reply

Question 72

What is a security feature available with Windows Vista and Windows 7 that was not present in previous Windows operating systems?

Options:

A.

Data Execution Prevention (DEP)

B.

User Account Control (UAC)

C.

Encrypting File System (EFS)

D.

Built-in IPSec Client

Question 73

Analyze the screenshot below. In what order should the vulnerabilities be remediated?

Options:

A.

D, C, B, A

B.

C, D, B, A

C.

C, D, A, B

D.

B, A, D, C,

Question 74

You have an automated system for patching the operating systems of all your computers. All patches are supposedly current. Yet your automated vulnerability scanner has just reported vulnerabilities that you believe have been patched. Which of the actions below should you take next?

Options:

A.

Check some systems manually.

B.

Rerun the system patching routines.

C.

Contact the incident response team.

D.

Ignore the findings as false positives.

Question 75

Which Defense-in-Depth principle starts with an awareness of the value of each section of information within an organization?

Options:

A.

Information centric defense

B.

Uniform information protection

C.

General information protection

D.

Perimeter layering

Question 76

During a scheduled evacuation training session the following events took place in this order:

1. Evacuation process began by triggering the building fire alarm.

2a. The meeting point leader arrived first at the designated meeting point and immediately began making note of who was and was not accounted for.

2b. Stairwell and door monitors made it to their designated position to leave behind a box of flashlights and prop the stairway doors open with a garbage can so employees can find exits and dispose of food and beverages.

2c. Special needs assistants performed their assigned responsibility to help employees out that require special assistance.

3. The safety warden communicated with the meeting point leader via walkie talkie to collect a list of missing personnel and communicated this information back to the searchers.

4. Searchers began checking each room and placing stick-it notes on the bottom of searched doors to designate which areas were cleared.

5. All special need assistants and their designated wards exited the building.

6. Searchers complete their assigned search pattern and exit with the Stairwell/door monitors.

Given this sequence of events, which role is in violation of its expected evacuation tasks?

Options:

A.

Safety warden

B.

Stairwell and door monitors

C.

Meeting point leader

D.

Searchers

E.

Special needs assistants

Question 77

Which of the following networking topologies uses a hub to connect computers?

Options:

A.

Bus

B.

Ring

C.

Star

D.

Cycle

Question 78

Which of the following elements is the most important requirement to ensuring the success of a business continuity plan?

Options:

A.

Disaster Recover Plans

B.

Anticipating all relevant threats

C.

Executive buy-in

D.

Clearly defining roles and responsibilities

E.

Training

Question 79

What protocol is a WAN technology?

Options:

A.

802.11

B.

802.3

C.

Ethernet

D.

Frame Relay

Question 80

You work as a Network Administrator for Net World Inc. The company has a Linux-based network. You are optimizing performance and security on your Web server. You want to know the ports that are listening to FTP. Which of the following commands will you use?

Options:

A.

netstat -a | grep FTP

B.

FTP netstat -r

C.

FTP netstat -a

D.

netstat -r | grep FTP

Question 81

What security practice is described by NIST as the application of science to the identification, collection, examination, and analysis of data while maintaining data integrity and chain of custody?

Options:

A.

Digital forensics

B.

Vulnerability Assessments

C.

Penetration Tests

D.

Incident Response

Question 82

Which of the following attacks can be mitigated by avoiding making system calls from within a web application?

Options:

A.

Denial of Service

B.

OS command injection

C.

SQL Injection

D.

Buffer Overflows

Question 83

Which of the following is a potential WPA3 security issue?

Options:

A.

Backward compatibility

B.

Disassociate frame DoS

C.

Traffic decryption with PSK

D.

Short key lengths

Question 84

Which of the following commands is used to change file access permissions in Linux?

Options:

A.

chgrp

B.

chperm

C.

chmod

D.

chown

Question 85

A folder D:\Files\Marketing has the following NTFS permissions:

• Administrators: Full Control

• Marketing: Change and Authenticated

• Users: Read

It has been shared on the server as "MARKETING", with the following share permissions:

• Full Control share permissions for the Marketing group

Which of the following effective permissions apply if a user from the Sales group accesses the \\FILESERVER\MARKETING shared folder?

Options:

A.

No access

B.

Full Control

C.

Read

D.

Change

Question 86

The previous system administrator at your company used to rely heavily on email lists, such as vendor lists and Bug Traq to get information about updates and patches. While a useful means of acquiring data, this requires time and effort to read through. In an effort to speed things up, you decide to switch to completely automated updates and patching. You set up your systems to automatically patch your production servers using a cron job and a scripted apt-get upgrade command. Of the following reasons, which explains why you may want to avoid this plan?

Options:

A.

The apt-get upgrade command doesn't work with the cron command because of incompatibility

B.

Relying on vendor and 3rd party email lists enables updates via email, for even faster patching

C.

Automated patching of production servers without prior testing may result in unexpected behavior or failures

D.

The command apt-get upgrade is incorrect, you need to run the apt-get update command

Question 87

What is the motivation behind SYN/FIN scanning?

Options:

A.

The SYN/FIN combination is useful for signaling to certain Trojans.

B.

SYN/FIN packets are commonly used to launch denial of service attacks against BSD hosts.

C.

The crafted SYN/FIN packet sometimes gets past firewalls and filtering routers.

D.

A SYN/FIN packet is used in session hijacking to take over a session.

Question 88

Which of the following is a required component for successful 802.lx network authentication?

Options:

A.

Supplicant

B.

3rd-party Certificate Authority

C.

Ticket Granting Server (TGS)

D.

IPSec

Question 89

How is confidentiality disabled in the IPSec Encapsulated Security Payload protocol?

Options:

A.

Selecting no algorithm for encryption or authentication

B.

Selecting the NULL authentication algorithm

C.

Selecting both NULL algorithms

D.

Selecting the NULL encryption algorithm

Question 90

Which of the following is a benefit of using John the Ripper for auditing passwords?

Options:

A.

John's Blowfish cracking routine uses a complex central computing loop that increases the cost of each hash computation.

B.

John the Ripper is much slower for auditing passwords encrypted with MD5 and Blowfish.

C.

John's MD5 cracking routine uses a simplified central computing loop that decreases the cost of each hash computation.

D.

John cannot use the DES bit-slicing technique, so it is much slower than other tools, especially when used against DES-encrypted passwords.

Question 91

Which of the following is TRUE regarding Ethernet?

Options:

A.

Stations are not required to monitor their transmission to check for collisions.

B.

Several stations are allowed to be transmitting at any given time within a single collision domain.

C.

Ethernet is shared media.

D.

Stations are not required to listen before they transmit.

Question 92

Which of the following files contains the shadowed password entries in Linux?

Options:

A.

/etc/passwd

B.

/etc/shadow

C.

/etc/profile

D.

/etc/shdpwd

Question 93

You have been hired to design a TCP/IP-based network that will contain both Unix and Windows computers. You are planning a name resolution strategy. Which of the following services will best suit the requirements of the network?

Options:

A.

APIPA

B.

LMHOSTS

C.

DNS

D.

DHCP

E.

WINS

Question 94

You are reviewing a packet capture file from your network intrusion detection system. In the packet stream, you come across a long series of "no operation" (NOP) commands. In addition to the NOP commands, there appears to be a malicious payload. Of the following, which is the most appropriate preventative measure for this type of attack?

Options:

A.

Limits on the number of failed logins

B.

Boundary checks on program inputs

C.

Controls against time of check/time of use attacks

D.

Restrictions on file permissions

Question 95

There is not universal agreement on the names of the layers in the TCP/IP networking model. Which of the following is one of the functions of the bottom layer which is sometimes called the Network Access or Link Layer?

Options:

A.

Provides end-to-end data delivery service for user applications

B.

Handles the routing of the data packets over the network

C.

Manages IP addressing and encryption for data packets

D.

Defines the procedures for interfacing with Ethernet devices

Question 96

The TTL can be found in which protocol header?

Options:

A.

UDP

B.

TCP

C.

IP

D.

ICMP

Question 97

Which Terraform command should be run immediately after creating a new configuration file for a cloud-based virtual machine?

Options:

A.

Init

B.

Build

C.

Apply

D.

Commit

Question 98

Which of the following applications cannot proactively detect anomalies related to a computer?

Options:

A.

Firewall installed on the computer

B.

NIDS

C.

HIDS

D.

Anti-virus scanner

Question 99

Which of the following statements about IPSec are true?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It uses Internet Protocol (IP) for data integrity.

B.

It uses Authentication Header (AH) for data integrity.

C.

It uses Password Authentication Protocol (PAP) for user authentication.

D.

It uses Encapsulating Security Payload (ESP) for data confidentiality.

Question 100

In the directory C:\lmages\steer there Is an Image file lmage_4240.png with a data string encoded inside the file. What word is hidden in the file?

Options:

A.

pontine

B.

prolific

C.

abysmal

D.

petroleum

E.

mushroom

F.

Chicago

G.

marshmallow

Question 101

You are doing some analysis of malware on a Unix computer in a closed test network. The IP address of the computer is 192.168.1.120. From a packet capture, you see the malware is attempting to do a DNS query for a server called iamabadserver.com so that it can connect to it. There is no DNS server on the test network to do name resolution. You have another computer, whose IP is 192.168.1.115, available on the test network that you would like for the malware connect to it instead. How do you get the malware to connect to that computer on the test network?

Options:

A.

You modify the HOSTS file on the computer you want the malware to connect to and add an entry that reads: 192.168.1.120 iamabadserver iamabadserver.com

B.

You modify the HOSTS file on the Unix computer your malware is running on and add an entry that reads: 192.168.1.115 iamabadserveriamabadserver.com

C.

You modify the HOSTS file on the Unix computer your malware is running on and add an entry that reads: 192.168.1.120 iamabadserver iamabadserver.com

D.

You modify the HOSTS file on the computer you want the malware to connect to and add an entry that reads: 192.168.1.115 iamabadserver iamabadserver.com

Question 102

Which file would the entry below be found in?

net.ipv6.conf.all.acctpt-ra=0

Options:

A.

/etcsysctl.conf

B.

/etc/crontab

C.

/etc/shadow

D.

/etc/hosts

E.

/etc/pam.d/system-auth

Question 103

Which of the following is a signature-based intrusion detection system (IDS) ?

Options:

A.

RealSecure

B.

Snort

C.

StealthWatch

D.

Tripwire

Question 104

What would the file permission example "rwsr-sr-x" translate to in absolute mode?

Options:

A.

1755

B.

6755

C.

6645

D.

1644

Question 105

Based on the iptables output below, which type of endpoint security protection has host 192.168.1.17 implemented for incoming traffic on TCP port 22 (SSH) and TCP port 23 (telnet)?

Options:

A.

Operating System Control Firewall

B.

Application Control Firewall

C.

Exclusive Logging Analysis

D.

Packet Filtering Firewall

E.

Application Execution Control

Question 106

Which of the following should be implemented to protect an organization from spam?

Options:

A.

Auditing

B.

System hardening

C.

E-mail filtering

D.

Packet filtering

Question 107

Which of the following applications would be BEST implemented with UDP instead of TCP?

Options:

A.

A multicast streaming application.

B.

A web browser.

C.

A DNS zone transfer.

D.

A file transfer application.

Question 108

A Host-based Intrusion Prevention System (HIPS) software vendor records how the Firefox Web browser interacts with the operating system and other applications, and identifies all areas of Firefox functionality. After collecting all the data about how Firefox should work, a database is created with this information, and it is fed into the HIPS software. The HIPS then monitors Firefox whenever it's in use. What feature of HIPS is being described in this scenario?

Options:

A.

Signature Matching

B.

Application Behavior Monitoring

C.

Host Based Sniffing

D.

Application Action Modeling

Question 109

You are an Intrusion Detection Analyst and the system has alerted you to an Event of Interest (EOI) that appears to be activity generated by a worm. You investigate and find that the network traffic was normal. How would this type of alert be categorized?

Options:

A.

False Positive

B.

True Negative

C.

True Positive

D.

False Negative

Question 110

An organization keeps its intellectual property in a database. Protection of the data is assigned to one system administrator who marks the data, and monitors for this intellectual property leaving the network. Which defense-In-depth principle does this describe?

Options:

A.

Threat-Vector Analysis

B.

Protected Enclave

C.

Information Centric

D.

Uniform Protection

Question 111

Use Hashcat to crack a local shadow file. What Is the password for the user account AGainsboro?

Hints

Hints

• The shadow file (shadow) and Hashcat wordlist (gsecwordlist.txt) are located in the directory. home giac PasswordHashing

- Run Hashcat in straight mod* (flag -a 0) to crack the MD5 hashes (flag -m 500) in the shadow file.

• Use the hash values from the Hashcat output file and the shadow file to match the cracked password with the user name.

• If required, a backup copy of the original files can be found in the shadowbackup directory.

Options:

A.

J3@nGr3y

B.

WwBoj25tT7

C.

MsconfiG35

D.

Noregrets2

E.

HowAreWeToday?19

F.

Prometheus

G.

6dWalking8

Question 112

Which of the following proxy servers provides administrative controls over the content?

Options:

A.

Content filtering web proxy server

B.

Caching proxy server

C.

Forced proxy server

D.

Web proxy server

Question 113

Analyze the following screenshot. What conclusion can be drawn about the user account shown?

Options:

A.

The user is a domain administrator

B.

The user has a guest privilege level

C.

The user is a local administrator

D.

The user is not authenticated on the domain

Question 114

What is SSL primarily used to protect you against?

Options:

A.

Session modification

B.

SQL injection

C.

Third-patty sniffing

D.

Cross site scripting

Question 115

You work as a Network Administrator for McNeil Inc. The company has a Linux-based network. David, a Sales Manager, wants to know the name of the shell that he is currently using. Which of the following commands will he use to accomplish the task?

Options:

A.

mv $shell

B.

echo $shell

C.

rm $shell

D.

ls $shell

Load More GSEC Questions
Demo: 115 questions
Total 385 questions
Get GSEC Full Access Download GSEC PDF