New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

GSEC GIAC Security Essentials Questions and Answers

Questions 4

What type of formal document would include the following statement?

Employees are responsible for exercising good judgment regarding the reasonableness of personal use. Individual departments are responsible for creating guidelines concerning personal application of Internet/Intranet/Extranet systems. In the absence of such policies, employees should be guided by departmental policies, and if there is any uncertainty, employees should consult their supervisor or manager.

Options:

A.

Company privacy statement

B.

Remote access policy

C.

Acceptable use policy

D.

Non-disclosure agreement

Buy Now
Questions 5

A database is accessed through an application that users must authenticate with, on a host that only accepts connections from a subnet where the business unit that uses the data is located. What defense strategy is this?

Options:

A.

Information Centric

B.

Threat Modeling

C.

Uniform Production

D.

Vector Oriented

Buy Now
Questions 6

An organization keeps its intellectual property in a database. Protection of the data is assigned to one system administrator who marks the data, and monitors for this intellectual property leaving the network. Which defense-In-depth principle does this describe?

Options:

A.

Threat-Vector Analysis

B.

Protected Enclave

C.

Information Centric

D.

Uniform Protection

Buy Now
Questions 7

If Linux server software is a requirement in your production environment which of the following should you NOT utilize?

Options:

A.

Debian

B.

Mandrake

C.

Cygwin

D.

Red Hat

Buy Now
Questions 8

What type of attack can be performed against a wireless network using the tool Kismet?

Options:

A.

IP spoofing

B.

Eavesdropping

C.

Masquerading

D.

Denial of Service

Buy Now
Questions 9

You are examining a packet capture session in Wire shark and see the packet shown in the accompanying image. Based on what you see, what is the appropriate protection against this type of attempted attack?

Options:

A.

Block DNS traffic across the router

B.

Disable forwarding of unsolicited TCP requests

C.

Disable IP-directed broadcast requests

D.

Block UDP packets at the firewall

Buy Now
Questions 10

Which of the following is a valid password for a system with the default "Password must meet complexity requirements" setting enabled as part of the GPO Password policy requirements?

Options:

A.

The Cat Chased its Tail AII Night

B.

disk ACCESS failed

C.

SETI@HOME

D.

SaNS2006

Buy Now
Questions 11

What is the name of the command-line tool for Windows that can be used to manage audit policies on remote systems?

Options:

A.

SECEDTT.EXE

B.

POLCLI.EXE

C.

REMOTEAUDIT.EXE

D.

AUDITPOL.EXE

Buy Now
Questions 12

What is a characteristic of iOS security?

Options:

A.

Most security features are user configurable

B.

Less restrictive architecture than macOS

C.

Flaw disclosures are sent to the Open Handset Alliance (OHA)

D.

Forbids mobile operator (MO) software

Buy Now
Questions 13

The process of enumerating all hosts on a network defines which of the following activities?

Options:

A.

Port scanning

B.

Vulnerability scanning

C.

GPS mapping

D.

Network mapping

Buy Now
Questions 14

If the NET_ID of the source and destination address in an IP (Internet Protocol) packet match, which answer BEST describes the routing method the sending host will use?

Options:

A.

Local (or direct) routing

B.

Circuit switch routing

C.

Dynamic (or changeable) routing

D.

Remote (or indirect) routing

Buy Now
Questions 15

When file integrity checking is enabled, what feature is used to determine if a monitored file has been modified?

Options:

A.

file size

B.

Last modified dale

C.

File change notifications in the Application Event Log

D.

One-way hash

Buy Now
Questions 16

Which of the following statements would describe the term "incident" when used in the branch of security known as Incident Handling?

Options:

A.

Any observable network event

B.

Harm to systems

C.

Significant threat of harm to systems

D.

A and C

E.

A, B, and C

F.

B and C

G.

A and B

Buy Now
Questions 17

Which of the following is an UDP based protocol?

Options:

A.

telnet

B.

SNMP

C.

IMAP

D.

LDAP

Buy Now
Questions 18

What could be used to mitigate hash collisions?

Options:

A.

Using a larger key space for the encryption

B.

Using additional arbitrary data to append to the file

C.

Using separate keys for encryption and decryption

D.

Using a larger bit length for the algorithm

Buy Now
Questions 19

Which of the following statements about DMZ are true?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It is the boundary between the Internet and a private network.

B.

It is an anti-virus software that scans the incoming traffic on an internal network.

C.

It contains company resources that are available on the Internet, such as Web servers and

FTP servers.

D.

It contains an access control list (ACL).

Buy Now
Questions 20

Which of the following protocols implements VPN using IPSec?

Options:

A.

SLIP

B.

PPP

C.

L2TP

D.

PPTP

Buy Now
Questions 21

Which Defense-in-Depth model involves identifying various means by which threats can become manifest and providing security mechanisms to shut them down?

Options:

A.

Vector-oriented

B.

Uniform protection

C.

Information centric defense

D.

Protected enclaves

Buy Now
Questions 22

Which of the following is the key point to consider in the recovery phase of incident handling?

Which of the following is the key point to consider in the recovery phase of incident handling?

Options:

A.

Isolating the source of the compromise

B.

Shutting down the system

C.

Ensuring that vulnerable code is not being restored

D.

Preparing the jump bag

Buy Now
Questions 23

Which of the following authentication methods are used by Wired Equivalent Privacy (WEP)? Each correct answer represents a complete solution. Choose two.

Options:

A.

Anonymous authentication

B.

Mutual authentication

C.

Open system authentication

D.

Shared key authentication

Buy Now
Questions 24

How many bytes does it take to represent the hexadecimal value OxFEDCBA?

Options:

A.

12

B.

2

C.

3

D.

6

Buy Now
Questions 25

What is the following sequence of packets demonstrating?

Options:

A.

telnet.com.telnet > client.com.38060: F 4289:4289(0) ack 92 win 1024

B.

client.com.38060 > telnet.com.telnet: .ack 4290 win 8760 (DF)

C.

client.com.38060 > telnet.com.telnet: F 92:92(0) ack 4290 win 8760 (DF)

D.

telnet.com.telnet > client.com.38060: .ack 93 win 1024

Buy Now
Questions 26

During which of the following steps is the public/private key-pair generated for Public Key Infrastructure (PKI)?

Options:

A.

Key Recovery

B.

Initialization

C.

Registration

D.

Certification

Buy Now
Questions 27

A Host-based Intrusion Prevention System (HIPS) software vendor records how the Firefox Web browser interacts with the operating system and other applications, and identifies all areas of Firefox functionality. After collecting all the data about how Firefox should work, a database is created with this information, and it is fed into the HIPS software. The HIPS then monitors Firefox whenever it's in use. What feature of HIPS is being described in this scenario?

Options:

A.

Signature Matching

B.

Application Behavior Monitoring

C.

Host Based Sniffing

D.

Application Action Modeling

Buy Now
Questions 28

Which of the following tools is used to query the DNS servers to get detailed information about IP addresses, MX records, and NS servers?

Options:

A.

NBTSTAT

B.

NSLOOKUP

C.

PING

D.

NETSTAT

Buy Now
Questions 29

An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?

Options:

A.

Privacy policy

B.

Backup policy

C.

User password policy

D.

Network security policy

Buy Now
Questions 30

What method do Unix-type systems use to prevent attackers from cracking passwords using pre-computed hashes?

Options:

A.

Unix systems can prevent users from using dictionary words for passwords

B.

The algorithms creates hashes using a CPU- intensive algorithm.

C.

The algorithm creates hashes using salts or randomized values

D.

Unix/Linux systems use hashing functions which cannot be reversed

E.

The system encrypts the password using a symmetrical algorithm

Buy Now
Questions 31

Which of the following Microsoft services integrates SSO into Microsoft 365 by syncing with on-premises servers?

Options:

A.

Intune

B.

Azure AD Connect

C.

Teams

D.

Azure Key Vault

Buy Now
Questions 32

Which of the following fields CANNOT be hashed by Authentication Header (AH) in transport mode?

Options:

A.

Length

B.

Source IP

C.

TTL

D.

Destination IP

Buy Now
Questions 33

You have implemented a firewall on the company's network for blocking unauthorized network connections. Which of the following types of security control is implemented in this case?

Options:

A.

Detective

B.

Preventive

C.

Directive

D.

Corrective

Buy Now
Questions 34

Which of the following books deals with confidentiality?

Options:

A.

Purple Book

B.

Orange Book

C.

Red Book

D.

Brown Book

Buy Now
Questions 35

Which of the following processes Is used to prove a user Is who they claim to be based upon something they know, have, are, and/or their physical location?

Options:

A.

Authorization

B.

Accounting

C.

Administration

D.

Authentication

E.

Identification

Buy Now
Questions 36

Which Authenticates Assurance Level requires a hardware-based authenticates?

Options:

A.

AAI1

B.

AAL3

C.

AAL2

Buy Now
Questions 37

One of your Linux systems was compromised last night. According to change management history and a recent vulnerability scan, the system's patches were up-to-date at the time of the attack. Which of the following statements is the Most Likely explanation?

Options:

A.

It was a zero-day exploit.

B.

It was a Trojan Horse exploit.

C.

It was a worm exploit.

D.

It was a man-in-middle exploit.

Buy Now
Questions 38

When considering ingress filtering, why should all inbound packets be dropped if they contain a source address from within the protected network address space?

Options:

A.

The packets are probably corrupted.

B.

The packets may have been accidentally routed onto the Internet.

C.

The packets may be deliberately spoofed by an attacker.

D.

The packets are a sign of excess fragmentation.

E.

A and B

F.

B and C

G.

B and D

Buy Now
Questions 39

What are the two actions the receiver of a PGP email message can perform that allows establishment of trust between sender and receiver?

Options:

A.

Decode the message by decrypting the asymmetric key with his private key, then using the asymmetric key to decrypt the message.

B.

Decode the message by decrypting the symmetric key with his private key, then using the symmetric key to decrypt the message.

C.

Decode the message by decrypting the symmetric key with his public key, then using the symmetric key to decrypt the message.

D.

Decrypt the message by encrypting the digital signature with his private key, then using the digital signature to decrypt the message.

Buy Now
Questions 40

Which of the following correctly describes a stateless packet filter?

Options:

A.

Streams are rebuilt for analysis

B.

Data is passed through unchecked

C.

Packet processing is very slow

D.

Security is verified at the application level

Buy Now
Questions 41

Which choice best describes the line below?

alert tcp any any -> 192.168.1.0/24 80 (content: /cgi-bin/test.cgi"; msg: "Attempted

CGI-BIN Access!!";)

Options:

A.

Tcpdump filter

B.

IP tables rule

C.

Wire shark filter

D.

Snort rule

Buy Now
Questions 42

Which of the following services resolves host name to IP Address?

Options:

A.

Computer Browser

B.

DHCP

C.

DNS

D.

WINS

Buy Now
Questions 43

The TTL can be found in which protocol header?

Options:

A.

UDP

B.

TCP

C.

IP

D.

ICMP

Buy Now
Questions 44

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we- are-secure.com. He installs a rootkit on the Linux server of the We-are-secure network. Which of the following statements are true about rootkits?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

They allow an attacker to conduct a buffer overflow.

B.

They allow an attacker to set a Trojan in the operating system and thus open a backdoor for anytime access.

C.

They allow an attacker to replace utility programs that can be used to detect the attacker's activity.

D.

They allow an attacker to run packet sniffers secretly to capture passwords.

Buy Now
Questions 45

Which of the following terms is used for the process of securing a system or a device on a network infrastructure?

Options:

A.

Hardening

B.

Authentication

C.

Cryptography

D.

Sanitization

Buy Now
Questions 46

Your system has been infected by malware. Upon investigation, you discover that the malware propagated primarily via email. The malware attacked known vulnerabilities for which patches are available, but due to problems with your configuration management system you have no way to know which systems have been patched and which haven't, slowing your progress in patching your network. Of the following, which solution would you use to protect against this propagation vector?

Options:

A.

Encrypt the emails on the server

B.

Scan and block suspect email attachments at the email server

C.

Install a firewall between the email server and the Internet

D.

Separate the email server from the trusted portions of the network

Buy Now
Questions 47

When using Pretty Good Privacy (PGP) to digitally sign a message, the signature is created in a two-step process. First, the message to be signed is submitted to PGP's cryptographic hash algorithm. What is one of the hash algorithms used by PGP for this process?

Options:

A.

Blowfish

B.

DES

C.

SHA-l

D.

Cast

Buy Now
Questions 48

In trace route results, what is the significance of an * result?

Options:

A.

A listening port was identified.

B.

A reply was returned in less than a second.

C.

The target host was successfully reached.

D.

No reply was received for a particular hop.

Buy Now
Questions 49

An employee is currently logged into the corporate web server, without permission. You log into the web server as 'admin" and look for the employee's username: "dmaul" using the "who" command. This is what you get back:

Options:

A.

The contents of the /var/log/messages file has been altered

B.

The contents of the bash history file has been altered

C.

The contents of the utmp file has been altered

D.

The contents of the http logs have been altered

Buy Now
Questions 50

An attacker is able to trick an IDS into ignoring malicious traffic through obfuscation of the packet payload. What type of IDS error has occurred?

Options:

A.

True Negative

B.

True Positive

C.

False Positive

D.

False Negative

Buy Now
Questions 51

Which of the following protocols provides maintenance and error reporting function?

Options:

A.

UDP

B.

ICMP

C.

PPP

D.

IGMP

Buy Now
Questions 52

In order to capture traffic for analysis, Network Intrusion Detection Systems (NIDS) operate with network cards in what mode?

Options:

A.

Discrete

B.

Reporting

C.

Promiscuous

D.

Alert

Buy Now
Questions 53

Which of the following is a Personal Area Network enabled device?

Options:

A.

Corporate access point extender

B.

Bluetooth mouse

C.

Home Win router

D.

Network enabled printer

Buy Now
Questions 54

Which of the following statements about the integrity concept of information security management are true?

Each correct answer represents a complete solution. Choose three.

Options:

A.

It ensures that unauthorized modifications are not made to data by authorized personnel or processes.

B.

It determines the actions and behaviors of a single individual within a system

C.

It ensures that internal information is consistent among all subentities and also consistent with the real-world, external situation.

D.

It ensures that modifications are not made to data by unauthorized personnel or processes.

Buy Now
Questions 55

Which class of IDS events occur when the IDS fails to alert on malicious data?

Options:

A.

True Negative

B.

True Positive

C.

False Positive

D.

False Negative

Buy Now
Questions 56

Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two.

Options:

A.

It uses TCP port 443 as the default port.

B.

It is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site.

C.

It is a protocol used to provide security for a database server in an internal network.

D.

It uses TCP port 80 as the default port.

Buy Now
Questions 57

You work as a Network Administrator for Secure World Inc. The company has a Linux-based network. You want to run a command with the changed root directory. Which of the following commands will you use?

Options:

A.

ls

B.

chroot

C.

route

D.

chdir

Buy Now
Questions 58

A simple cryptosystem that keeps the same letters and shuffles the order is an example of what?

Options:

A.

Permutation

B.

Rotation

C.

Monolithic

D.

Substitution

Buy Now
Questions 59

You work as a Linux technician for Tech Perfect Inc. You have lost the password of the root. You want to provide a new password. Which of the following steps will you take to accomplish the task?

Options:

A.

The password of the root user cannot be changed.

B.

Use the PASSWD root command.

Reboot the computer.

C.

Reboot the computer in run level 0. Use INIT=/bin/sh as a boot option.

At the bash# prompt, run the PASSWD root command.

D.

Reboot the computer in run level 1.

Use INIT=/bin/sh as a boot option.

At the bash# prompt, run the PASSWD root command.

Buy Now
Questions 60

You work as a Network Administrator for Tech2tech Inc. You have configured a network-based IDS for your company. You have physically installed sensors at all key positions throughout the network such that they all report to the command console.

What will be the key functions of the sensors in such a physical layout?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

To collect data from operating system logs

B.

To notify the console with an alert if any intrusion is detected

C.

To analyze for known signatures

D.

To collect data from Web servers

Buy Now
Questions 61

Which of the following attacks can be mitigated by avoiding making system calls from within a web application?

Options:

A.

Denial of Service

B.

OS command injection

C.

SQL Injection

D.

Buffer Overflows

Buy Now
Questions 62

What is SSL primarily used to protect you against?

Options:

A.

Session modification

B.

SQL injection

C.

Third-patty sniffing

D.

Cross site scripting

Buy Now
Questions 63

Which of the following is a new Windows Server 2008 feature for the Remote Desktop Protocol (RDP)?

Options:

A.

The ability to allow the administrator to choose a port other than the default RDP port (TCP 3389)

B.

The ability to support connections from mobile devices like smart phones

C.

The ability to allow clients to authenticate over TLS

D.

The ability to allow clients to execute individual applications rather than using a terminal desktop

Buy Now
Questions 64

A Windows administrator wants to automate local and remote management tasks in Active Directory. Which tool is most appropriate for this?

Options:

A.

Ipsec

B.

VisualBasic

C.

PowerShell

D.

netsh

E.

ipconfig

Buy Now
Questions 65

A system administrator sees the following URL in the webserver logs:

Which action will mitigate against this attack?

Options:

A.

Force all web applications to use SSL/US

B.

Encode web traffic using Base64 before transmission

C.

Filter potentially harmful characters from user input

D.

Authenticate users before allowing database queries

Buy Now
Questions 66

What cryptographic technique does file Integrity monitoring employ?

Options:

A.

Public-key cryptography

B.

One-way hashes

C.

Elliptical curve algorithms

D.

Shared key cryptography

Buy Now
Questions 67

Which of the following is referred to as Electromagnetic Interference (EMI)?

Options:

A.

Electrical line noise

B.

Spike

C.

Transient

D.

Brownout

Buy Now
Questions 68

What security practice is described by NIST as the application of science to the identification, collection, examination, and analysis of data while maintaining data integrity and chain of custody?

Options:

A.

Digital forensics

B.

Vulnerability Assessments

C.

Penetration Tests

D.

Incident Response

Buy Now
Questions 69

Using PowerShell ISE running as an Administrator, navigate to the

C:\hlindows\security\tevplatesdirectory. Use secedit.exe in analyze mode to compare the temp.sdb and uorkstdtionSecureTmplate.inf files, and output the findings to a file called log.txt. Which configuration setting under Analyze User Rights reports a mismatch?

Hints:

Use files located in the C \windows\security\templates\ directory

The log. txt file will be created in the directory the secedit.exe command is run from

Options:

A.

RemoteAccess

B.

•S-l-5-32-544__ Members

C.

Enable Admin Account

D.

UseManger

E.

AuditSystemEvents

F.

AuditDSAccess.

G.

SeSecurityPrivilege

Buy Now
Questions 70

Which of the following applications would be BEST implemented with UDP instead of TCP?

Options:

A.

A multicast streaming application.

B.

A web browser.

C.

A DNS zone transfer.

D.

A file transfer application.

Buy Now
Questions 71

How are differences in configuration settings handled between Domain and Local Group Policy Objects (GPOs)?

Options:

A.

Local and Domain GPOs control different configuration settings, so there will not be conflicts.

B.

Settings in the domain-wide GPO override conflicting settings in the local GPO on each computer.

C.

Settings in the local GPO override conflicting settings when the domain-wide GPO is applied.

D.

Precedence depends on which GPO was updated first.

Buy Now
Questions 72

What does it mean if a protocol such as HTTP is stateless?

Options:

A.

The client responds to server request and keeps track of the conversation.

B.

If a stateless protocol is used it cannot be traced.

C.

It means it is unreliable.

D.

The server responds to a single request and then forgets about it.

Buy Now
Questions 73

Which of the following Unix syslog message priorities is the MOST severe?

Options:

A.

err

B.

emerg

C.

crit

D.

alert

Buy Now
Questions 74

A web application requires multifactor authentication when a user accesses the application from a home office but does not require this when the user is in the office. What access control model is this describing?

Options:

A.

Lattice based access control

B.

Access control list

C.

Variable trust access control

D.

Role based access control

Buy Now
Questions 75

What is the most secure way to address an unused Windows service so it cannot be exploited by malware?

Options:

A.

Firewall it

B.

Set to manual startup

C.

Disable it

D.

Uninstall it

Buy Now
Questions 76

What is the main reason that DES is faster than RSA?

Options:

A.

DES is less secure.

B.

DES is implemented in hardware and RSA is implemented in software.

C.

Asymmetric cryptography is generally much faster than symmetric.

D.

Symmetric cryptography is generally much faster than asymmetric.

Buy Now
Questions 77

Jonny Is an IT Project Manager. He cannot access the folder called "IT Projects" but can access a folder called "Sales Data" even though he's not on the sales team. Which information security principle has failed?

Options:

A.

Authentication

B.

Authorization

C.

Identification

D.

Accountability

Buy Now
Questions 78

Which of the following is an example of a BitLocker recovery password?

Options:

A.

01 E6 0J4CCEAF 79A481 08BAC59I 7I BE8B

B.

389627 801256690151785527 909978 568638 271012 905516

C.

6c0b48fafaecb0bf8c2610253ee717at

D.

42VgYAjYV+C7ff6MdeqBGx5Y7V2zFQA=

Buy Now
Questions 79

Which of the following are the types of access controls?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Physical

B.

Administrative

C.

Automatic

D.

Technical

Buy Now
Questions 80

Why would someone use port 80 for deployment of unauthorized services?

Options:

A.

Google will detect the service listing on port 80 and post a link, so that people all over the world will surf to the rogue service.

B.

If someone were to randomly browse to the rogue port 80 service they could be compromised.

C.

This is a technique commonly used to perform a denial of service on the local web server.

D.

HTTP traffic is usually allowed outbound to port 80 through the firewall in most environments.

Buy Now
Questions 81

There is not universal agreement on the names of the layers in the TCP/IP networking model. Which of the following is one of the functions of the bottom layer which is sometimes called the Network Access or Link Layer?

Options:

A.

Provides end-to-end data delivery service for user applications

B.

Handles the routing of the data packets over the network

C.

Manages IP addressing and encryption for data packets

D.

Defines the procedures for interfacing with Ethernet devices

Buy Now
Questions 82

What is needed for any of the four options for Azure AD multi-factor user authentication?

Options:

A.

Fingerprint reader

B.

Web cam

C.

Phone

D.

Iris scan

Buy Now
Questions 83

Options:

A.

JSON

B.

XML

C.

CEF

D.

LEEF

Buy Now
Questions 84

While using Wire shark to investigate complaints of users being unable to login to a web application, you come across an HTTP POST submitted through your web application. The contents of the POST are listed below. Based on what you see below, which of the following would you recommend to prevent future damage to your database?

Options:

A.

Use ssh to prevent a denial of service attack

B.

Sanitize user inputs to prevent injection attacks

C.

Authenticate users to prevent hackers from using your database

D.

Use https to prevent hackers from inserting malware

Buy Now
Questions 85

Which of the following protocols is used by a host that knows its own MAC (Media Access Control) address to query a server for its own IP address?

Options:

A.

RARP

B.

ARP

C.

DNS

D.

RDNS

Buy Now
Questions 86

Which AWS service integrates with the Amazon API Gateway to provision and renew TLS encryption needs for data in transit?

Options:

A.

Certificate Manager

B.

Key Management Server

C.

Web Application firewall

D.

Security Token Service

Buy Now
Questions 87

Which logging capability is provided natively by syslog?

Options:

A.

Secure transit

B.

Collection

C.

MuIti-platform alerting

D.

Secure centralization

Buy Now
Questions 88

In an Active Directory domain, which is the preferred method of keeping host computers patched?

Options:

A.

Deliver updates from a local server through Windows Server Update Services

B.

Deliver updates through a web caching proxy for faster installation

C.

Configure Microsoft Update to run automatically on each host

D.

Download Hotfixes daily, and Service packs monthly, for each operating system.

Buy Now
Questions 89

Which of the following is a backup strategy?

Options:

A.

Differential

B.

Integrational

C.

Recursive

D.

Supplemental

Buy Now
Questions 90

You have set up a local area network for your company. Your firewall separates your network into several sections: a DMZ with semi-public servers (web, dns, email) and an intranet with private servers. A penetration tester gains access to both sections and installs sniffers in each. He is able to capture network traffic for all the devices in the private section but only for one device (the device with the sniffer) in the DMZ. What can be inferred about the design of the system?

Options:

A.

You installed a router in the private section and a switch in the DMZ

B.

You installed a hub in the private section and a switch in the DMZ

C.

You installed a switch in the private section and a hub in the DMZ

D.

You installed a switch in the private section and a router in the DMZ

Buy Now
Questions 91

What is achieved with the development of a communication flow baseline?

Options:

A.

Validation of data access

B.

Classification of critical data

C.

Categorization of internal risks

D.

Identification of existing IT assets

Buy Now
Questions 92

Which of the following are advantages of Network Intrusion Detection Systems (NIDS)?

Options:

A.

Analysis of encrypted traffic

B.

Provide insight into network traffic

C.

Detection of network operations problems

D.

Provide logs of network traffic that can be used as part of other security measures.

E.

Inexpensive to manage

F.

B, C, and D

G.

A, C, and E

Buy Now
Questions 93

The TTL can be found in which protocol header?

Options:

A.

It is found in byte 8 of the ICMP header.

B.

It is found in byte 8 of the IP header.

C.

It is found in byte 8 of the TCP header.

D.

It is found in byte 8 of the DNS header.

Buy Now
Questions 94

Which of the following is generally practiced by the police or any other recognized governmental authority?

Options:

A.

Spoofing

B.

SMB signing

C.

Wiretapping

D.

Phishing

Buy Now
Questions 95

Which of the following tools is used to configure, control, and query the TCP/IP network interface parameters?

Options:

A.

NSLOOKUP

B.

IPCONFIG

C.

ARP

D.

IFCONFIG

Buy Now
Questions 96

Which attack stage mirrors the Information Gathering phase used in penetration testing methodology?

Options:

A.

Reconnaissance

B.

Clearing tracks

C.

Scanning

D.

Gaining access

Buy Now
Questions 97

At what point in the Incident Handling process should an organization determine its approach to notifying law enforcement?

Options:

A.

When performing analysis

B.

When preparing policy

C.

When recovering from the incident

D.

When reacting to an incident

Buy Now
Questions 98

You work as a Network Administrator for McNeil Inc. You are installing an application. You want to view the log file whenever a new entry is added to the /var/log/messages log file. Which of the following commands will you use to accomplish this?

Options:

A.

TAIL -show /var/log/messages

B.

TAIL -f /var/log/messages

C.

TAIL -50 /var/log/messages

D.

TAIL -view /var/log/messages

Buy Now
Questions 99

What is it called when an OSI layer adds a new header to a packet?

Options:

A.

Switching

B.

Encapsulation

C.

fragmentation

D.

Routing

Buy Now
Questions 100

The previous system administrator at your company used to rely heavily on email lists, such as vendor lists and Bug Traq to get information about updates and patches. While a useful means of acquiring data, this requires time and effort to read through. In an effort to speed things up, you decide to switch to completely automated updates and patching. You set up your systems to automatically patch your production servers using a cron job and a scripted apt-get upgrade command. Of the following reasons, which explains why you may want to avoid this plan?

Options:

A.

The apt-get upgrade command doesn't work with the cron command because of incompatibility

B.

Relying on vendor and 3rd party email lists enables updates via email, for even faster patching

C.

Automated patching of production servers without prior testing may result in unexpected behavior or failures

D.

The command apt-get upgrade is incorrect, you need to run the apt-get update command

Buy Now
Questions 101

To be considered a strong algorithm, an encryption algorithm must be which of the following?

Options:

A.

Secret

B.

Well-known

C.

Confidential

D.

Proprietary

Buy Now
Questions 102

Which of the following heights of fence deters only casual trespassers?

Options:

A.

8 feet

B.

2 to 2.5 feet

C.

6 to 7 feet

D.

3 to 4 feet

Buy Now
Questions 103

Which of the below choices should an organization start with when implementing an effective risk management process?

Options:

A.

Implement an incident response plan

B.

Define security policy requirements

C.

Conduct periodic reviews

D.

Design controls and develop standards for each technology you plan to deploy

Buy Now
Questions 104

You work as a Network Administrator for NetTech Inc. The company wants to encrypt its e-mails. Which of the following will you use to accomplish this?

Options:

A.

PPTP

B.

IPSec

C.

PGP

D.

NTFS

Buy Now
Questions 105

Use Hashcat to crack a local shadow file. What Is the password for the user account AGainsboro?

Hints

Hints

• The shadow file (shadow) and Hashcat wordlist (gsecwordlist.txt) are located in the directory. home giac PasswordHashing

- Run Hashcat in straight mod* (flag -a 0) to crack the MD5 hashes (flag -m 500) in the shadow file.

• Use the hash values from the Hashcat output file and the shadow file to match the cracked password with the user name.

• If required, a backup copy of the original files can be found in the shadowbackup directory.

Options:

A.

J3@nGr3y

B.

WwBoj25tT7

C.

MsconfiG35

D.

Noregrets2

E.

HowAreWeToday?19

F.

Prometheus

G.

6dWalking8

Buy Now
Questions 106

You work as a Network Administrator for NetTech Inc. To ensure the security of files, you encrypt data files using Encrypting File System (EFS).

You want to make a backup copy of the files and maintain security settings. You can backup the files either to a network share or a floppy disk. What will you do to accomplish this?

Options:

A.

Copy the files to a network share on an NTFS volume.

B.

Copy the files to a network share on a FAT32 volume.

C.

Place the files in an encrypted folder. Then, copy the folder to a floppy disk.

D.

Copy the files to a floppy disk that has been formatted using Windows 2000 Professional.

Buy Now
Questions 107

Training an organization on possible phishing attacks would be included under which NIST Framework Core guidelines?

Options:

A.

Detect

B.

Identify

C.

Respond

D.

Protect

Buy Now
Questions 108

What is the first thing that should be done during the containment step of incident handling?

Options:

A.

Change all the passwords

B.

Secure the area

C.

Prepare the Jump bag

D.

Notify management

E.

Prepare a report

Buy Now
Questions 109

In a /24 subnet, which of the following is a valid broadcast address?

Options:

A.

200.11.11.1

B.

221.10.10.10

C.

245.20.30.254

D.

192.10.10.255

Buy Now
Questions 110

Who is responsible for deciding the appropriate classification level for data within an organization?

Options:

A.

Data custodian

B.

Security auditor

C.

End user

D.

Data owner

Buy Now
Questions 111

Which command would allow an administrator to determine if a RPM package was already installed?

Options:

A.

rpm -s

B.

rpm -q

C.

rpm -a

D.

rpm -t

Buy Now
Questions 112

Use nmap to discover a host on the 10.10.10.0/24 network, scanning only port 8082 and using the SYN or Stealth scan approach. Which host has a service called -blackice-alerts"?

Options:

A.

10.10.10.115

B.

10.10.10.80

C.

10.10.10.5

D.

10.10.10

E.

10.10.10.30

F.

10.10.10.164

G.

10.10.10.37

Buy Now
Questions 113

What file instructs programs like Web spiders NOT to search certain areas of a site?

Options:

A.

Robots.txt

B.

Restricted.txt

C.

Spider.txt

D.

Search.txt

Buy Now
Questions 114

Which of the following is a private, RFC 1918 compliant IP address that would be assigned to a DHCP scope on a private LAN?

Options:

A.

127.0.0.100

B.

169.254.1.50

C.

10.254.1.50

D.

172.35.1.100

Buy Now
Questions 115

The Linux command to make the /etc/shadow file, already owned by root, readable only by root is which of the following?

Options:

A.

chmod 444/etc/shadow

B.

chown root: root/etc/shadow

C.

chmod 400/etc/shadow

D.

chown 400 /etc/shadow

Buy Now
Exam Code: GSEC
Exam Name: GIAC Security Essentials
Last Update: Dec 27, 2024
Questions: 385
GSEC pdf

GSEC PDF

$25.5  $84.99
GSEC Engine

GSEC Testing Engine

$30  $99.99
GSEC PDF + Engine

GSEC PDF + Testing Engine

$40.5  $134.99