GSLC GIAC Security Leadership Certification (GSLC) Questions and Answers

Which of the following malware spread through the Internet and caused a large DoS attack in

1988?

It is the technique for gathering information for a Web site owner about a user through a few lines of code that reside in the Web pages. This information is gathered through __________.

Which of the following statements about Public Key Infrastructure (PKI) are true?

Each correct answer represents a complete solution. Choose two.

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He wants to test the effect of a virus on the We-are-secure server. He injects the virus on the server and, as a result, the server becomes infected with the virus even though an established antivirus program is installed on the server. Which of the following do you think are the reasons why the antivirus installed on the server did not detect the virus injected by John?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following are the goals of risk management?

Each correct answer represents a complete solution. Choose three.

You work as a Network Administrator for Marioxnet Inc. You have the responsibility of handling two routers with BGP protocol for the enterprise's network. One of the two routers gets flooded with an unexpected number of data packets, while the other router starves with no packets reaching it. Which of the following attacks can be a potential cause of this?

You work as a professional Ethical Hacker. You are assigned a project to perform blackbox testing of the security of www.we-are-secure.com. Now you want to perform banner grabbing to retrieve information about the Webserver being used by we-are-secure. Which of the following tools can you use to accomplish the task?

IP blocking is a technique that prevents the connection between a server/website and certain IP addresses or ranges of addresses. Which of the following tools use this technique?

Each correct answer represents a complete solution. Choose all that apply.

You work as a Network Administrator for Tech Perfect Inc. The company has a Linux-based network. You have configured a VPN server for remote users to connect to the company's network. Which of the following encryption types will Linux use?

All of the following steps should be taken to prevent a Web server from IIS buffer overflow attacks except for which one?

Which of the following is the best encryption algorithm to encrypt and decrypt messages?

Your Company is receiving false and abusive e-mails from the e-mail address of your partner company. When you complain, the partner company tells you that they have never sent any such e-mails. Which of the following types of cyber crimes involves this form of network attack?

Which of the following is involved with the improvement of different courses of actions that include changes in schedule, resources, or contract?

Which of the following tools hides information about IIS Webservers so that they can be prevented from various attacks performed by an attacker?

John works as a Website Administrator in ABC Inc. The company has to set a privacy policy on all the computers. The policy requires John to restrict only third party cookies that do not have a compact private policy or that use personally identifiable information without a user's implicit consent. He reports to the Technical Support Executive that he wants to set the policy. The Technical Support Executive asks him to configure the settings in the Privacy tab page. Which of the following privacy settings will John use to accomplish the task?

Which of the following password authentication schemes enables a user with a domain account to log on to a network once, using a password or smart card, and to gain access to multiple computers in the domain without being prompted to log in again?

Olive is the program manager for her organization. She has created a request for proposal for a large portion of her program. In this work to be procured she has set several requirements for the vendors to participate. The chief among these requirements is a vendor must have at least four licensed electricians in his team. This requirement for four licensed electricians is an example of which one of the following terms?

Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?

Which networking protocol is used to authenticate users or devices before granting them access to a network?

You are the project manager for the GHY Organization. A stakeholder has presented a change to your project that will cause the project scope to increase considerably. You are considering the change for approval and you need to review the impact of the change on all areas of the project. What change control system component is responsible for guiding the review of the impact of all changes on the project management knowledge areas?

Which of the following terms describes the statement given below?

"It is a cryptographic protocol that provides security and data integrity for communications over networks such as the Internet."

Which of the following processes is NOT a part of the Project Procurement Management Knowledge Area?

Which of the following terms describes the statement given below?

"It refers to a range of skills, tools, and techniques used to manage time when accomplishing specific tasks, projects, and goals. This set encompasses a wide scope of activities, and these include planning, allocating, setting goals, delegation, analysis of time spent, monitoring, organizing, scheduling, and prioritizing."

Which of the following terms describes the statement given below?

"It is a service on a computer system (usually a server) that delays incoming connections for as long as possible. The technique was developed as a defense against a computer worm, and the idea is that network abuses, such as spamming or broad scanning, are less effective if they take too long."

Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?

You work as a Network Administrator for PassGuide Inc. You have been assigned a task to provide the right authentications to users. Which method that uses a KDC will you use to accomplish the task?

John works as a Programmer for We-are-secure Inc. On one of his routine visits to the company, he noted down the passwords of the employees while they were typing them on their computer screens.

Which of the following social engineering attacks did he just perform?

John works as a Website Administrator in ABC Inc. The company has to set a privacy policy on all the computers. The policy requires John to restrict only third party cookies that do not have a compact private policy or that use personally identifiable information without a user's implicit consent. He reports to the Technical Support Executive that he wants to set the policy. The Technical Support Executive asks him to configure the settings in the Privacy tab page. Which of the following privacy settings will John use to accomplish the task?

Which of the following items are generally analyzed by Internet filters?

Each correct answer represents a complete solution. Choose three.

A user has opened a Web site that automatically starts downloading malicious code onto his computer. What should he do to prevent this?

Each correct answer represents a complete solution. Choose two.

Which of the following features of IE prevent users from a type of scam that entice a user to disclose personal information such as social security number, bank account details, or credit card number?

Which of the following statements about IPSec are true?

Each correct answer represents a complete solution. Choose two.

Fill in the blank with the appropriate term.

NOTE. Do not use abbreviation.

________ is a configurable client identification that allows a client to communicate with a particular base station.

An Active Attack is a type of steganography attack in which the attacker changes the carrier during the communication process. Which of the following techniques is used for smoothing the transition and controlling contrast on the hard edges, where there is significant color transition?

Nancy is the project manager for YYF project. She is receiving bids and proposals from different vendors. She will apply previously defined selection criteria to select one or more sellers who are qualified to perform the work and acceptable as a seller. She is in which of the following processes?

You configure a wireless router at your home. To secure your home Wireless LAN (WLAN), you implement WEP. Now you want to connect your client computer to the WLAN. Which of the following is the required information that you will need to configure the client computer?

Each correct answer represents a part of the solution. Choose two.

Complete the following sentence: Quality control is a(n)_______________ process while quality assurance is a(n)________________ process.

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He successfully performs a brute force attack on the We-are-secure server. Now, he suggests some countermeasures to avoid such brute force attacks on the We-are-secure server. Which of the following are countermeasures against a brute force attack?

Each correct answer represents a complete solution. Choose all that apply.

Which type of repudiation states that the creator of the message denies ever creating the message even after creating it?

Which wireless security protocol is also known as IEEE 802.11i?

Which of the following is a process of monitoring data packets that travel across a network?

Which of the following RAID levels is supported by an operating system?

A user has opened a Web site that automatically starts downloading malicious code onto his computer.

What should he do to prevent this?

Each correct answer represents a complete solution. Choose two.

You are the project manager of the HQQ Project for your company. You are working with your project stakeholders to discuss the risks in the project that can adversely affect the project objectives. You are discussing the possibilities of causes for an identified risk event in your project. Your stakeholder is confused on the difference between causes and risk events. Which of the following is NOT an example of a cause for a project risk?

You have inserted a Trojan on your friend's computer and you want to put it in the startup so that whenever the computer reboots the Trojan will start to run on the startup. Which of the following registry entries will you edit to accomplish the task?

You are an Administrator for a network at an investment bank. You are concerned about individuals breeching your network and being able to steal data before you can detect their presence and shut down their access. Which of the following is the best way to address this issue?

You are responsible for the security computers in college labs. Since a number of students have significant computer skills, you wish to make security impossible to breach through normal operating system based means. Furthermore, you want to have the security require a password that must be entered before the operating system even loads. What will you do to accomplish the task?

John works as a professional Ethical Hacker. He has been assigned the task of testing the security of www.we-are-secure.com. He installs a sniffer on the We-are-secure server thinking that the following protocols of the We-are-secure server are being used in the network:

HTTP

SSL

SSH

IPSec

Considering the above factors, which of the following types of packets can he expect to see captured in encrypted form when he checks the sniffer's log file?

Each correct answer represents a complete solution. Choose all that apply.

Which key of the Asymmetric encryption is used to encrypt the data when a user sends a message or data to another user?

You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest domain-based network. The company has recently provided fifty laptops to its sales team members. You are required to configure an 802.11 wireless network for the laptops. The sales team members must be able to use their data placed at a server in a cabled network. The planned network should be able to handle the threat of unauthorized access and data interception by an unauthorized user. You are also required to prevent the sales team members from communicating directly to one another.

Which of the following actions will you perform to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

You are the program manager for your organization. Management has asked that you determine when resources, such as leased equipment, are no longer needed so that you may release the resources to save time, money, and utilization of resources within your program. What program management process is management asking you to perform?

Victor wants to use Wireless Zero Configuration (WZC) to establish a wireless network connection using his computer running on Windows XP operating system. Which of the following are the most likely threats to his computer?

Each correct answer represents a complete solution. Choose two.

Jacob is worried about sniffing attacks and wants to protect his SMTP transmissions from this attack. What can he do to accomplish this?

Which of the following attacks can be performed by Brutus for cracking a password?

Each correct answer represents a complete solution. Choose two.

Your IDS discovers that an intruder has gained access to your system. You immediately stop that access, change passwords for administrative accounts, and secure your network. You discover an odd account (not administrative) that has permission to remotely access the network. What is this most likely?

Which of the following is the best encryption algorithm to encrypt and decrypt messages?

Which of the following are the limitations for the cross site request forgery (CSRF) attack?

Each correct answer represents a complete solution. Choose all that apply.

Against which of the following does SSH provide protection?

Each correct answer represents a complete solution. Choose two.

Which of the following statements about reconnaissance is true?

You work as an IT Technician for PassGuide Inc. You have to take security measures for the wireless network of the company. You want to prevent other computers from accessing the company's wireless network. On the basis of the hardware address, which of the following will you use as the best possible method to accomplish the task?

You work as a Network Administrator for Infosec Inc. Nowadays, you are facing an unauthorized access in your Wi-Fi network. Therefore, you analyze a log that has been recorded by your favorite sniffer, Ethereal. You are able to discover the cause of the unauthorized access after noticing the following string in the log file:

(Wlan.fc.type_subtype eq 32 and llc.oui eq 0x00601d and llc.pid eq 0x0001)

When you find All your 802.11b are belong to us as the payload string, you are convinced about which tool is being used for the unauthorized access. Which of the following tools have you ascertained?

These are false reports about non-existent viruses. In these reports, the writer often claims to do impossible things. Due to these false reports, the network administrator shuts down his network, which in turn affects the work of the company. These reports falsely claim to describe an extremely dangerous virus, and declare that the report is issued by a reputed company. These reports are known as __________.

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using the Linux operating system. He wants to use a wireless sniffer to sniff the We-are-secure network. Which of the following tools will he use to accomplish his task?

PsPasswd is a tool used by network administrators to change an account password on the local or remote system. Which of the following are the command syntaxes used by the PsPasswd tool?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following statements correctly defines a script kiddie?

You are a project manager who is completing a project for another organization. The project you are managing will have phased deliverables throughout the project. Stakeholders are required to complete scope validation at the end of each phase so that the project can move forward. Your payment requests will also be attached to the approval of each phase so it is important to you, on several levels, that the stakeholders participate in scope validation as soon as they are requested. You have documented the process for reviewing the product acceptance criteria with the stakeholders.

What project document details the product acceptance criteria in all the projects?

Andrew works as a Software Developer for Mansoft Inc. The company's network has a Web server that hosts the company's Web site. Andrew wants to enhance the security of the Web site by implementing Secure Sockets Layer (SSL). Which of the following types of encryption does SSL use?

Each correct answer represents a complete solution. Choose two.

A Web developer with your company wants to have wireless access for contractors that come in to work on various projects. The process of getting this approved takes time. So rather than wait, he has put his own wireless router attached to one of the network ports in his department. What security risk does this present?

Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use the Steganographic file system method to encrypt and hide some secret information. Which of the following disk spaces will he use to store this secret information?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following methods can be helpful to eliminate social engineering threat?

Each correct answer represents a complete solution. Choose three.

You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process to handle the events and incidents. You identify Denial of Service attack (DOS) from a network linked to your internal enterprise network. Which of the following phases of the Incident handling process should you follow next to handle this incident?

Which of the following tools can be used for the anti-phishing?

The 3-way handshake method is used by the TCP protocol to establish a connection between a client and the server. It involves three steps:

1. In the first step, a SYN message is sent from a client to the server.

2. In the second step, a SYN/ACK message is sent from the server to the client.

3. In the third step, an ACK (usually called SYN-ACK-ACK) message is sent from the client to the server. At this point, both the client and the server have received acknowledgements of the TCP connection. If the Initial Sequence Numbers of the client and server were 241713111 and 241824111 respectively at the time when the client was sending the SYN message in the first step of the TCP 3-way handshake method, what will be the value of the acknowledgement number field of the server's packet when the server was sending the SYN/ACK message to the client in the second step of the TCP 3-way handshake method?

Which of the following techniques is based on a set of criteria that has been acquired in a specific knowledge area or product area?

John works as a Network Administrator for We-are-secure Inc. The We-are-secure server is based on Windows Server 2003. One day, while analyzing the network security, he receives an error message that Kernel32.exe is encountering a problem. Which of the following steps should John take as a countermeasure to this situation?

Each correct answer represents a complete solution. Choose all that apply.

You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP-based network environment. The network contains a Cisco Catalyst router to connect the internal network to the Internet. You want to secure your network from various attacks such as virus, spam, spyware, phishing, etc. You want to secure the whole network through a separate hardware device. Which of the following will you use?

You work as a Network Administrator for McNeil Inc. The company has a Windows Active Directorybased single domain single forest network. The functional level of the forest is Windows Server 2003. The company's management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks:

The wireless network communication should be secured.

The laptop users should be able to use smart cards for getting authenticated.

In order to accomplish the tasks, you take the following steps:

Configure 802.1x and WEP for the wireless connections.

Configure the PEAP-MS-CHAP v2 protocol for authentication

What will happen after you have taken these steps?

John works as a Programmer for We-are-secure Inc. On one of his routine visits to the company, he noted down the passwords of the employees while they were typing them on their computer screens.

Which of the following social engineering attacks did he just perform?

You are responsible for security on your network. One particular concern is the theft of sensitive data. You want to make sure that end users do not (purposefully or accidentally) take data off the premises. Which of the following should you be concerned about?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following processes is described in the statement below?

"It is a process of developing an approximation of the costs of the resources needed to complete project activities."

Which of the following standards is used in wireless local area networks (WLANs)?

You are an Incident manager in Orangesect.Inc. You have been tasked to set up a new extension of your enterprise. The networking, to be done in the new extension, requires different types of cables and an appropriate policy that will be decided by you. Which of the following stages in the Incident handling process involves your decision making?

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. John notices that the We-are-secure network is vulnerable to a man-inthe-middle attack since the key exchange process of the cryptographic algorithm it is using does not authenticate participants. Which of the following cryptographic algorithms is being used by the Weare-secure server?

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

Which of the following relies on a physical characteristic of the user to verify his identity?

You work as a professional Ethical Hacker. You are assigned a project to test the security of www.weare-secure.com. You are working on the Windows Server 2003 operating system. You suspect that your friend has installed the keyghost keylogger onto your computer. Which of the following countermeasures would you employ in such a situation?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following types of attacks entices a user to disclose personal information such as social security number, bank account details, or credit card number?

You are a Network Administrator in an enterprise. You have been assigned the task of installing Windows 2000 and some other applications, on each computer on the network. But in the enterprise environment, it is not cost effective to install Windows 2000 and other applications, using the standard interactive setup on each computer. You plan to perform automated installation on multiple computers. Which of the following installation tasks can be automated?

Each correct answer represents a complete solution. Choose all that apply.

You are implementing wireless access at a defense contractor. Specifications say, you must implement the AES Encryption algorithm. Which encryption standard should you choose?

Which of the following options is an approach to restricting system access to authorized users?

Mark works as a Network Administrator for Perfect Inc. The company has both wired and wireless networks. An attacker attempts to keep legitimate users from accessing services that they require. Mark uses IDS/IPS sensors on the wired network to mitigate the attack. Which of the following attacks best describes the attacker's intentions?

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He copies the whole structure of the We-are-secure Web site to the local disk and obtains all the files on the Web site. Which of the following techniques is he using to accomplish his task?

What does a firewall check to prevent certain ports and applications from getting the packets into an Enterprise?

Which of the following is an input of the close procurements process?

Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use the Steganographic file system method to encrypt and hide some secret information. Which of the following disk spaces will he use to store this secret information?

Each correct answer represents a complete solution. Choose all that apply.

Rick is the project manager for TTM project. He is in the process of procuring services from vendors. He makes a contract with a vendor in which he precisely specify the services to be procured, and any changes to the procurement specification will increase the costs to the buyer. Which type of contract is this?

Which of the following federal laws are related to hacking activities?

Each correct answer represents a complete solution. Choose three.

Mark works as a Network Administrator for Infonet Inc. The company has a Windows 2000 Active Directory domain-based network. The domain contains one hundred Windows XP Professional client computers. Mark is deploying an 802.11 wireless LAN on the network. The wireless LAN will use Wired Equivalent Privacy (WEP) for all the connections. According to the company's security policy, the client computers must be able to automatically connect to the wireless LAN. However, the unauthorized computers must not be allowed to connect to the wireless LAN and view the wireless network. Mark wants to configure all the wireless access points and client computers to act in accordance with the company's security policy. What will he do to accomplish this?

Each correct answer represents a part of the solution. Choose three.

You work as a Network Administrator for NetTech Inc. The company has a Windows Server 2008 Active Directory-based single domain single forest network. The company's network is connected to the Internet through a T1 line. The firewall is configured on the network for securing the internal network from the intruders on the Internet. You are designing a public key infrastructure (PKI) for the network. The network will use a root enterprise certificate authority (CA) and two subordinate CAs. The root CA will be used to issue certificates to the subordinate CAs, and the subordinate CAs will be used to issue certificates to the clients. The security policy of the company dictates that the security of high-level CAs should not be compromised. Which of the following steps will you take to implement the security policy of the company?

Which of the following programs can be used to detect stealth port scans performed by a malicious hacker?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following types of attacks cannot be prevented by technical measures only?

John, a malicious hacker, forces a router to stop forwarding packets by flooding it with many open connections simultaneously so that all hosts behind it are effectively disabled. Which of the following attacks is John performing?

Which of the following statements about front door attack is true?

Which of the following uses public key cryptography to encrypt the contents of files?

Which of the following is the best way of protecting important data against virus attack?

Which of the following PPP configuration options is used to increase the effective throughput on PPP connections by reducing the amount of data in the frame that must travel across the link?

You work as a Network Administrator for NetPerfect Inc. You have implemented a firewall on the company's network. You want to ensure that outside users cannot access the internal FTP servers on the network. What will you do to accomplish the task?

Your project is to implement a new operating system for all of the workstations in your company's network. Every workstation must have the new operating system as part of an organization-wide mandate. Many users are not happy with this decision and are resisting the change. Some of the users are complaining that they do not want the operating system at all. What type of stakeholders are these users?

Which of the following is an example of penetration testing?

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

Which of the following methods can be helpful to eliminate social engineering threat?

Each correct answer represents a complete solution. Choose three.

Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?