New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

GSLC GIAC Security Leadership Certification (GSLC) Questions and Answers

Questions 4

Which of the following malware spread through the Internet and caused a large DoS attack in

1988?

Options:

A.

Morris worm

B.

LoveLetter worm

C.

SQL slammer worm

D.

Klez worm

Buy Now
Questions 5

It is the technique for gathering information for a Web site owner about a user through a few lines of code that reside in the Web pages. This information is gathered through __________.

Options:

A.

Spambot

B.

Spyware

C.

Web Bugs

D.

Bogus spyware removal programs

Buy Now
Questions 6

Which of the following statements about Public Key Infrastructure (PKI) are true?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It uses asymmetric key pairs.

B.

It uses symmetric key pairs.

C.

It provides security using data encryption and digital signature.

D.

It is a digital representation of information that identifies users.

Buy Now
Questions 7

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He wants to test the effect of a virus on the We-are-secure server. He injects the virus on the server and, as a result, the server becomes infected with the virus even though an established antivirus program is installed on the server. Which of the following do you think are the reasons why the antivirus installed on the server did not detect the virus injected by John?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

The virus, used by John, is not in the database of the antivirus program installed on the server.

B.

John has created a new virus.

C.

The mutation engine of the virus is generating a new encrypted code.

D.

John has changed the signature of the virus.

Buy Now
Questions 8

Which of the following are the goals of risk management?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Identifying the risk

B.

Finding an economic balance between the impact of the risk and the cost of the countermeasure

C.

Identifying the accused

D.

Assessing the impact of potential threats

Buy Now
Questions 9

You work as a Network Administrator for Marioxnet Inc. You have the responsibility of handling two routers with BGP protocol for the enterprise's network. One of the two routers gets flooded with an unexpected number of data packets, while the other router starves with no packets reaching it. Which of the following attacks can be a potential cause of this?

Options:

A.

Spoofing

B.

Packet manipulation

C.

Denial-of-Service

D.

Eavesdropping

Buy Now
Questions 10

You work as a professional Ethical Hacker. You are assigned a project to perform blackbox testing of the security of www.we-are-secure.com. Now you want to perform banner grabbing to retrieve information about the Webserver being used by we-are-secure. Which of the following tools can you use to accomplish the task?

Options:

A.

Whisker

B.

WinSSLMiM

C.

httprint

D.

Wget

Buy Now
Questions 11

IP blocking is a technique that prevents the connection between a server/website and certain IP addresses or ranges of addresses. Which of the following tools use this technique?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

SSHGuard

B.

nmap

C.

Fail2Ban

D.

portsentry

E.

OpenSSL

Buy Now
Questions 12

You work as a Network Administrator for Tech Perfect Inc. The company has a Linux-based network. You have configured a VPN server for remote users to connect to the company's network. Which of the following encryption types will Linux use?

Options:

A.

CHAP

B.

MSCHAP

C.

RC2

D.

3DES

Buy Now
Questions 13

All of the following steps should be taken to prevent a Web server from IIS buffer overflow attacks except for which one?

Options:

A.

Implement the IPP printing capability.

B.

Conduct frequent scans for server vulnerabilities.

C.

Install the upgrades of Microsoft service packs.

D.

Implement effective firewalls.

Buy Now
Questions 14

Which of the following is the best encryption algorithm to encrypt and decrypt messages?

Options:

A.

AES

B.

DES

C.

RSA

D.

TripleDES

Buy Now
Questions 15

Your Company is receiving false and abusive e-mails from the e-mail address of your partner company. When you complain, the partner company tells you that they have never sent any such e-mails. Which of the following types of cyber crimes involves this form of network attack?

Options:

A.

Cyber squatting

B.

Cyber Stalking

C.

Spoofing

D.

Man-in-the-middle attack

Buy Now
Questions 16

Which of the following is involved with the improvement of different courses of actions that include changes in schedule, resources, or contract?

Options:

A.

Planning Meeting and Analysis

B.

Risk response planning

C.

Contingency plan

D.

Acceptance response

Buy Now
Questions 17

Which of the following tools hides information about IIS Webservers so that they can be prevented from various attacks performed by an attacker?

Options:

A.

WinSSLMiM

B.

httprint

C.

ServerMask

D.

Whisker

Buy Now
Questions 18

John works as a Website Administrator in ABC Inc. The company has to set a privacy policy on all the computers. The policy requires John to restrict only third party cookies that do not have a compact private policy or that use personally identifiable information without a user's implicit consent. He reports to the Technical Support Executive that he wants to set the policy. The Technical Support Executive asks him to configure the settings in the Privacy tab page. Which of the following privacy settings will John use to accomplish the task?

Options:

A.

High

B.

Low

C.

Block All Cookies

D.

The policy cannot be set.

Buy Now
Questions 19

Which of the following password authentication schemes enables a user with a domain account to log on to a network once, using a password or smart card, and to gain access to multiple computers in the domain without being prompted to log in again?

Options:

A.

Single Sign-On

B.

Dynamic

C.

One-time password

D.

Kerberos

Buy Now
Questions 20

Olive is the program manager for her organization. She has created a request for proposal for a large portion of her program. In this work to be procured she has set several requirements for the vendors to participate. The chief among these requirements is a vendor must have at least four licensed electricians in his team. This requirement for four licensed electricians is an example of which one of the following terms?

Options:

A.

Vendor analysis requirements

B.

Scoring model

C.

Evaluation criteria

D.

Screening system

Buy Now
Questions 21

Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?

Options:

A.

The Change Manager

B.

The IT Security Manager

C.

The Configuration Manager

D.

The Service Level Manager

Buy Now
Questions 22

Which networking protocol is used to authenticate users or devices before granting them access to a network?

Options:

A.

IPSec

B.

PAgP

C.

RADIUS

D.

SRP

Buy Now
Questions 23

You are the project manager for the GHY Organization. A stakeholder has presented a change to your project that will cause the project scope to increase considerably. You are considering the change for approval and you need to review the impact of the change on all areas of the project. What change control system component is responsible for guiding the review of the impact of all changes on the project management knowledge areas?

Options:

A.

Scope change control system

B.

Change control system

C.

Configuration management

D.

Integrated change control

Buy Now
Questions 24

Which of the following terms describes the statement given below?

"It is a cryptographic protocol that provides security and data integrity for communications over networks such as the Internet."

Options:

A.

NTP

B.

SSH

C.

SNMP2/3

D.

TSL

Buy Now
Questions 25

Which of the following processes is NOT a part of the Project Procurement Management Knowledge Area?

Options:

A.

Develop Project Management Plan

B.

Request Seller Responses

C.

Contract Administration

D.

Plan Purchases and Acquisitions

Buy Now
Questions 26

Which of the following terms describes the statement given below?

"It refers to a range of skills, tools, and techniques used to manage time when accomplishing specific tasks, projects, and goals. This set encompasses a wide scope of activities, and these include planning, allocating, setting goals, delegation, analysis of time spent, monitoring, organizing, scheduling, and prioritizing."

Options:

A.

Time Management

B.

Digital Rights Management

C.

Perception Management

D.

Change Management

Buy Now
Questions 27

Which of the following terms describes the statement given below?

"It is a service on a computer system (usually a server) that delays incoming connections for as long as possible. The technique was developed as a defense against a computer worm, and the idea is that network abuses, such as spamming or broad scanning, are less effective if they take too long."

Options:

A.

Honeytokens

B.

Honeynet

C.

Honeypot

D.

Tarpit

Buy Now
Questions 28

Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?

Options:

A.

18 U.S.C. 2510

B.

18 U.S.C. 1362

C.

18 U.S.C. 1030

D.

18 U.S.C. 2701

E.

18 U.S.C. 1029

Buy Now
Questions 29

You work as a Network Administrator for PassGuide Inc. You have been assigned a task to provide the right authentications to users. Which method that uses a KDC will you use to accomplish the task?

Options:

A.

Biometrics

B.

Basic authentication

C.

Digest authentication

D.

Kerberos

Buy Now
Questions 30

John works as a Programmer for We-are-secure Inc. On one of his routine visits to the company, he noted down the passwords of the employees while they were typing them on their computer screens.

Which of the following social engineering attacks did he just perform?

Options:

A.

Shoulder surfing

B.

Important user posing

C.

Dumpster diving

D.

Authorization by third party

Buy Now
Questions 31

John works as a Website Administrator in ABC Inc. The company has to set a privacy policy on all the computers. The policy requires John to restrict only third party cookies that do not have a compact private policy or that use personally identifiable information without a user's implicit consent. He reports to the Technical Support Executive that he wants to set the policy. The Technical Support Executive asks him to configure the settings in the Privacy tab page. Which of the following privacy settings will John use to accomplish the task?

Options:

A.

High

B.

Low

C.

Block All Cookies

D.

The policy cannot be set.

Buy Now
Questions 32

Which of the following items are generally analyzed by Internet filters?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Content

B.

Certificates

C.

Uniform Resource Locators (URLs)

D.

Network Topology

Buy Now
Questions 33

A user has opened a Web site that automatically starts downloading malicious code onto his computer. What should he do to prevent this?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Disable ActiveX Controls

B.

Disable Active Scripting

C.

Implement File Integrity Auditing

D.

Configure Security Logs

Buy Now
Questions 34

Which of the following features of IE prevent users from a type of scam that entice a user to disclose personal information such as social security number, bank account details, or credit card number?

Options:

A.

Pop-up blocker

B.

Cookie

C.

Content Advisor

D.

Phishing Filter

Buy Now
Questions 35

Which of the following statements about IPSec are true?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It uses Internet Protocol (IP) for data integrity.

B.

It uses Authentication Header (AH) for data integrity.

C.

It uses Password Authentication Protocol (PAP) for user authentication.

D.

It uses Encapsulating Security Payload (ESP) for data confidentiality.

Buy Now
Questions 36

Fill in the blank with the appropriate term.

NOTE. Do not use abbreviation.

________ is a configurable client identification that allows a client to communicate with a particular base station.

Options:

Buy Now
Questions 37

An Active Attack is a type of steganography attack in which the attacker changes the carrier during the communication process. Which of the following techniques is used for smoothing the transition and controlling contrast on the hard edges, where there is significant color transition?

Options:

A.

Soften

B.

Blur

C.

Sharpen

D.

Rotate

Buy Now
Questions 38

Nancy is the project manager for YYF project. She is receiving bids and proposals from different vendors. She will apply previously defined selection criteria to select one or more sellers who are qualified to perform the work and acceptable as a seller. She is in which of the following processes?

Options:

A.

Close Procurements

B.

Conduct Procurements

C.

Plan Procurements

D.

Administer Procurements

Buy Now
Questions 39

You configure a wireless router at your home. To secure your home Wireless LAN (WLAN), you implement WEP. Now you want to connect your client computer to the WLAN. Which of the following is the required information that you will need to configure the client computer?

Each correct answer represents a part of the solution. Choose two.

Options:

A.

WEP key

B.

IP address of the router

C.

MAC address of the router

D.

SSID of the WLAN

Buy Now
Questions 40

Complete the following sentence: Quality control is a(n)_______________ process while quality assurance is a(n)________________ process.

Options:

A.

Inspection, costly

B.

Management, inspection

C.

Inspection, prevention

D.

Prevention, inspection.

Buy Now
Questions 41

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

Options:

A.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

B.

HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"

C.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

D.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

Buy Now
Questions 42

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He successfully performs a brute force attack on the We-are-secure server. Now, he suggests some countermeasures to avoid such brute force attacks on the We-are-secure server. Which of the following are countermeasures against a brute force attack?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

The site should restrict the number of login attempts to only three times.

B.

The site should increase the encryption key length of the password.

C.

The site should use CAPTCHA after a specific number of failed login attempts.

D.

The site should force its users to change their passwords from time to time.

Buy Now
Questions 43

Which type of repudiation states that the creator of the message denies ever creating the message even after creating it?

Options:

A.

Repudiation of submission

B.

Repudiation of creation

C.

Repudiation of receipt

D.

Repudiation of origin

Buy Now
Questions 44

Which wireless security protocol is also known as IEEE 802.11i?

Options:

A.

WPA2

B.

WEP

C.

TKIP

D.

EAP

Buy Now
Questions 45

Which of the following is a process of monitoring data packets that travel across a network?

Options:

A.

ICMP

B.

SCP protocol

C.

Rootkit

D.

Packet sniffing

Buy Now
Questions 46

Which of the following RAID levels is supported by an operating system?

Options:

A.

RAID 4

B.

RAID 6

C.

RAID 0

D.

RAID 3

Buy Now
Questions 47

A user has opened a Web site that automatically starts downloading malicious code onto his computer.

What should he do to prevent this?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Disable ActiveX Controls

B.

Disable Active Scripting

C.

Implement File Integrity Auditing

D.

Configure Security Logs

Buy Now
Questions 48

You are the project manager of the HQQ Project for your company. You are working with your project stakeholders to discuss the risks in the project that can adversely affect the project objectives. You are discussing the possibilities of causes for an identified risk event in your project. Your stakeholder is confused on the difference between causes and risk events. Which of the following is NOT an example of a cause for a project risk?

Options:

A.

Schedule constraints on the project

B.

Limited team members to complete the project work

C.

Quality assurance programs within the company

D.

Work permit requirements

Buy Now
Questions 49

You have inserted a Trojan on your friend's computer and you want to put it in the startup so that whenever the computer reboots the Trojan will start to run on the startup. Which of the following registry entries will you edit to accomplish the task?

Options:

A.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

B.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Start

C.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Startup

D.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Auto

Buy Now
Questions 50

You are an Administrator for a network at an investment bank. You are concerned about individuals breeching your network and being able to steal data before you can detect their presence and shut down their access. Which of the following is the best way to address this issue?

Options:

A.

Implement a strong password policy.

B.

Implement a honey pot.

C.

Implement a strong firewall.

D.

Implement network based anti virus.

Buy Now
Questions 51

You are responsible for the security computers in college labs. Since a number of students have significant computer skills, you wish to make security impossible to breach through normal operating system based means. Furthermore, you want to have the security require a password that must be entered before the operating system even loads. What will you do to accomplish the task?

Options:

A.

Implement biometric security.

B.

Implement bios security that prevents the system from loading if the correct password is not entered.

C.

Implement an operating system password that prevents the system from loading if the correct password is not entered.

D.

Implement hard drive encryption with a password tied into the operating system password.

Buy Now
Questions 52

John works as a professional Ethical Hacker. He has been assigned the task of testing the security of www.we-are-secure.com. He installs a sniffer on the We-are-secure server thinking that the following protocols of the We-are-secure server are being used in the network:

HTTP

SSL

SSH

IPSec

Considering the above factors, which of the following types of packets can he expect to see captured in encrypted form when he checks the sniffer's log file?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

SSH

B.

SSL

C.

HTTP

D.

IPSec

Buy Now
Questions 53

Which key of the Asymmetric encryption is used to encrypt the data when a user sends a message or data to another user?

Options:

A.

Symmetric

B.

Private

C.

Public

D.

Asymmetric

Buy Now
Questions 54

You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest domain-based network. The company has recently provided fifty laptops to its sales team members. You are required to configure an 802.11 wireless network for the laptops. The sales team members must be able to use their data placed at a server in a cabled network. The planned network should be able to handle the threat of unauthorized access and data interception by an unauthorized user. You are also required to prevent the sales team members from communicating directly to one another.

Which of the following actions will you perform to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Implement the IEEE 802.1X authentication for the wireless network.

B.

Configure the wireless network to use WEP encryption for the data transmitted over a wireless network.

C.

Implement the open system authentication for the wireless network.

D.

Using group policies, configure the network to allow the wireless computers to connect to the infrastructure networks only.

E.

Using group policies, configure the network to allow the wireless computers to connect to the ad hoc networks only.

Buy Now
Questions 55

You are the program manager for your organization. Management has asked that you determine when resources, such as leased equipment, are no longer needed so that you may release the resources to save time, money, and utilization of resources within your program. What program management process is management asking you to perform?

Options:

A.

Contract administration

B.

Resource management

C.

Procurement management

D.

Resource control

Buy Now
Questions 56

Victor wants to use Wireless Zero Configuration (WZC) to establish a wireless network connection using his computer running on Windows XP operating system. Which of the following are the most likely threats to his computer?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Attacker can use the Ping Flood DoS attack if WZC is used.

B.

Information of probing for networks can be viewed using a wireless analyzer and may be used to gain access.

C.

Attacker by creating a fake wireless network with high power antenna cause Victor's computer to associate with his network to gain access.

D.

It will not allow the configuration of encryption and MAC filtering. Sending information is not secure on wireless network.

Buy Now
Questions 57

Jacob is worried about sniffing attacks and wants to protect his SMTP transmissions from this attack. What can he do to accomplish this?

Options:

A.

Use an SSL certificate.

B.

Use a proxy server.

C.

Use EFS.

D.

Use a firewall.

Buy Now
Questions 58

Which of the following attacks can be performed by Brutus for cracking a password?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Hybrid attack

B.

Replay attack

C.

Brute force attack

D.

Man-in-the-middle attack

Buy Now
Questions 59

Your IDS discovers that an intruder has gained access to your system. You immediately stop that access, change passwords for administrative accounts, and secure your network. You discover an odd account (not administrative) that has permission to remotely access the network. What is this most likely?

Options:

A.

An example of IP spoofing.

B.

A backdoor the intruder created so that he can re-enter the network.

C.

A normal account you simply did not notice before. Large networks have a number of accounts; it is hard to track them all.

D.

An example of privilege escalation.

Buy Now
Questions 60

Which of the following is the best encryption algorithm to encrypt and decrypt messages?

Options:

A.

RSA

B.

TripleDES

C.

DES

D.

AES

Buy Now
Questions 61

Which of the following are the limitations for the cross site request forgery (CSRF) attack?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

The attacker must determine the right values for all the form inputs.

B.

The attacker must target a site that doesn't check the referrer header.

C.

The target site should have limited lifetime authentication cookies.

D.

The target site should authenticate in GET and POST parameters, not only cookies.

Buy Now
Questions 62

Against which of the following does SSH provide protection?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Broadcast storm

B.

DoS attack

C.

Password sniffing

D.

IP spoofing

Buy Now
Questions 63

Which of the following statements about reconnaissance is true?

Options:

A.

It is a computer that is used to attract potential intruders or attackers.

B.

It is any program that allows a hacker to connect to a computer without going through the normal authentication process.

C.

It describes an attempt to transfer DNS zone data.

D.

It is also known as half-open scanning.

Buy Now
Questions 64

You work as an IT Technician for PassGuide Inc. You have to take security measures for the wireless network of the company. You want to prevent other computers from accessing the company's wireless network. On the basis of the hardware address, which of the following will you use as the best possible method to accomplish the task?

Options:

A.

MAC Filtering

B.

RAS

C.

WEP

D.

SSID

Buy Now
Questions 65

You work as a Network Administrator for Infosec Inc. Nowadays, you are facing an unauthorized access in your Wi-Fi network. Therefore, you analyze a log that has been recorded by your favorite sniffer, Ethereal. You are able to discover the cause of the unauthorized access after noticing the following string in the log file:

(Wlan.fc.type_subtype eq 32 and llc.oui eq 0x00601d and llc.pid eq 0x0001)

When you find All your 802.11b are belong to us as the payload string, you are convinced about which tool is being used for the unauthorized access. Which of the following tools have you ascertained?

Options:

A.

NetStumbler

B.

AiroPeek

C.

Kismet

D.

AirSnort

Buy Now
Questions 66

These are false reports about non-existent viruses. In these reports, the writer often claims to do impossible things. Due to these false reports, the network administrator shuts down his network, which in turn affects the work of the company. These reports falsely claim to describe an extremely dangerous virus, and declare that the report is issued by a reputed company. These reports are known as __________.

Options:

A.

Spambots

B.

Logic bombs

C.

Chain letters

D.

Virus hoaxes

E.

Time bombs

Buy Now
Questions 67

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using the Linux operating system. He wants to use a wireless sniffer to sniff the We-are-secure network. Which of the following tools will he use to accomplish his task?

Options:

A.

Snadboy's Revelation

B.

Kismet

C.

NetStumbler

D.

WEPCrack

Buy Now
Questions 68

PsPasswd is a tool used by network administrators to change an account password on the local or remote system. Which of the following are the command syntaxes used by the PsPasswd tool?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

-t

B.

-u

C.

username

D.

NewPassword

Buy Now
Questions 69

Which of the following statements correctly defines a script kiddie?

Options:

A.

He is an individual who uses hacking programs developed by others to attack information systems and spoil websites.

B.

He is an individual who is an expert in various computer fields such as operating systems, networking, hardware, software, etc. and enjoys the mental challenge of decoding computer programs, solving network vulnerabilities and security threats, etc.

C.

He is an individual who breaks communication systems to perform hacking.

D.

He is an individual who has lost respect and integrity as an employee in any organization.

Buy Now
Questions 70

You are a project manager who is completing a project for another organization. The project you are managing will have phased deliverables throughout the project. Stakeholders are required to complete scope validation at the end of each phase so that the project can move forward. Your payment requests will also be attached to the approval of each phase so it is important to you, on several levels, that the stakeholders participate in scope validation as soon as they are requested. You have documented the process for reviewing the product acceptance criteria with the stakeholders.

What project document details the product acceptance criteria in all the projects?

Options:

A.

Statement of Work

B.

Project scope statement

C.

Project management plan

D.

Contract

Buy Now
Questions 71

Andrew works as a Software Developer for Mansoft Inc. The company's network has a Web server that hosts the company's Web site. Andrew wants to enhance the security of the Web site by implementing Secure Sockets Layer (SSL). Which of the following types of encryption does SSL use?

Each correct answer represents a complete solution. Choose two.

Options:

A.

IPSec

B.

Symmetric

C.

Secret

D.

Asymmetric

Buy Now
Questions 72

A Web developer with your company wants to have wireless access for contractors that come in to work on various projects. The process of getting this approved takes time. So rather than wait, he has put his own wireless router attached to one of the network ports in his department. What security risk does this present?

Options:

A.

It is likely to increase network traffic and slow down network performance.

B.

An unauthorized WAP is one way for hackers to get into a network.

C.

None, adding a wireless access point is a common task and not a security risk.

D.

This circumvents network intrusion detection.

Buy Now
Questions 73

Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use the Steganographic file system method to encrypt and hide some secret information. Which of the following disk spaces will he use to store this secret information?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Hidden partition

B.

Dumb space

C.

Slack space

D.

Unused sectors

Buy Now
Questions 74

Which of the following methods can be helpful to eliminate social engineering threat?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Password policies

B.

Data classification

C.

Vulnerability assessments

D.

Data encryption

Buy Now
Questions 75

You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process to handle the events and incidents. You identify Denial of Service attack (DOS) from a network linked to your internal enterprise network. Which of the following phases of the Incident handling process should you follow next to handle this incident?

Options:

A.

Recovery

B.

Containment

C.

Preparation

D.

Identification

Buy Now
Questions 76

Which of the following tools can be used for the anti-phishing?

Options:

A.

Legion

B.

Spector

C.

Netcraft

D.

eblaster

Buy Now
Questions 77

The 3-way handshake method is used by the TCP protocol to establish a connection between a client and the server. It involves three steps:

1. In the first step, a SYN message is sent from a client to the server.

2. In the second step, a SYN/ACK message is sent from the server to the client.

3. In the third step, an ACK (usually called SYN-ACK-ACK) message is sent from the client to the server. At this point, both the client and the server have received acknowledgements of the TCP connection. If the Initial Sequence Numbers of the client and server were 241713111 and 241824111 respectively at the time when the client was sending the SYN message in the first step of the TCP 3-way handshake method, what will be the value of the acknowledgement number field of the server's packet when the server was sending the SYN/ACK message to the client in the second step of the TCP 3-way handshake method?

Options:

A.

241824111

B.

241713112

C.

241824112

D.

241713111

Buy Now
Questions 78

Which of the following techniques is based on a set of criteria that has been acquired in a specific knowledge area or product area?

Options:

A.

Expert judgment

B.

Function point

C.

Program Evaluation Review Technique (PERT) chart

D.

Delphi technique

Buy Now
Questions 79

John works as a Network Administrator for We-are-secure Inc. The We-are-secure server is based on Windows Server 2003. One day, while analyzing the network security, he receives an error message that Kernel32.exe is encountering a problem. Which of the following steps should John take as a countermeasure to this situation?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

He should upgrade his antivirus program.

B.

He should observe the process viewer (Task Manager) to see whether any new process is running on the computer or not. If any new malicious process is running, he should kill that process.

C.

He should download the latest patches for Windows Server 2003 from the Microsoft site, so that he can repair the kernel.

D.

He should restore his Windows settings.

Buy Now
Questions 80

You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP-based network environment. The network contains a Cisco Catalyst router to connect the internal network to the Internet. You want to secure your network from various attacks such as virus, spam, spyware, phishing, etc. You want to secure the whole network through a separate hardware device. Which of the following will you use?

Options:

A.

PIX-Firewall

B.

IDS

C.

IPS

D.

ASA

Buy Now
Questions 81

You work as a Network Administrator for McNeil Inc. The company has a Windows Active Directorybased single domain single forest network. The functional level of the forest is Windows Server 2003. The company's management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks:

The wireless network communication should be secured.

The laptop users should be able to use smart cards for getting authenticated.

In order to accomplish the tasks, you take the following steps:

Configure 802.1x and WEP for the wireless connections.

Configure the PEAP-MS-CHAP v2 protocol for authentication

What will happen after you have taken these steps?

Options:

A.

Both tasks will be accomplished.

B.

The wireless network communication will be secured.

C.

None of the tasks will be accomplished.

D.

The laptop users will be able to use smart cards for getting authenticated.

Buy Now
Questions 82

John works as a Programmer for We-are-secure Inc. On one of his routine visits to the company, he noted down the passwords of the employees while they were typing them on their computer screens.

Which of the following social engineering attacks did he just perform?

Options:

A.

Shoulder surfing

B.

Important user posing

C.

Dumpster diving

D.

Authorization by third party

Buy Now
Questions 83

You are responsible for security on your network. One particular concern is the theft of sensitive data. You want to make sure that end users do not (purposefully or accidentally) take data off the premises. Which of the following should you be concerned about?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Cell Phones

B.

Individual scanners

C.

USB Drives

D.

Individual printers

Buy Now
Questions 84

Which of the following processes is described in the statement below?

"It is a process of developing an approximation of the costs of the resources needed to complete project activities."

Options:

A.

Cost Control

B.

Cost Budgeting

C.

Activity Resource Estimating

D.

Cost Estimating

Buy Now
Questions 85

Which of the following standards is used in wireless local area networks (WLANs)?

Options:

A.

IEEE 802.4

B.

IEEE 802.3

C.

IEEE 802.11b

D.

IEEE 802.5

Buy Now
Questions 86

You are an Incident manager in Orangesect.Inc. You have been tasked to set up a new extension of your enterprise. The networking, to be done in the new extension, requires different types of cables and an appropriate policy that will be decided by you. Which of the following stages in the Incident handling process involves your decision making?

Options:

A.

Containment

B.

Eradication

C.

Identification

D.

Preparation

Buy Now
Questions 87

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. John notices that the We-are-secure network is vulnerable to a man-inthe-middle attack since the key exchange process of the cryptographic algorithm it is using does not authenticate participants. Which of the following cryptographic algorithms is being used by the Weare-secure server?

Options:

A.

RSA

B.

Diffie-Hellman

C.

Twofish

D.

Blowfish

Buy Now
Questions 88

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

Options:

A.

Steganography

B.

Email spoofing

C.

Social engineering

D.

Web ripping

Buy Now
Questions 89

Which of the following relies on a physical characteristic of the user to verify his identity?

Options:

A.

Kerberos v5

B.

Social Engineering

C.

CHAP

D.

Biometrics

Buy Now
Questions 90

You work as a professional Ethical Hacker. You are assigned a project to test the security of www.weare-secure.com. You are working on the Windows Server 2003 operating system. You suspect that your friend has installed the keyghost keylogger onto your computer. Which of the following countermeasures would you employ in such a situation?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Use commercially available anti-keyloggers such as PrivacyKeyboard.

B.

Remove the SNMP agent or disable the SNMP service.

C.

Monitor the programs running on the server to see whether any new process is running on the server or not.

D.

Use on-screen keyboards and speech-to-text conversion software which can also be useful against keyloggers, as there are no typing or mouse movements involved.

Buy Now
Questions 91

Which of the following types of attacks entices a user to disclose personal information such as social security number, bank account details, or credit card number?

Options:

A.

Spoofing

B.

Phishing

C.

Password guessing attack

D.

Replay attack

Buy Now
Questions 92

You are a Network Administrator in an enterprise. You have been assigned the task of installing Windows 2000 and some other applications, on each computer on the network. But in the enterprise environment, it is not cost effective to install Windows 2000 and other applications, using the standard interactive setup on each computer. You plan to perform automated installation on multiple computers. Which of the following installation tasks can be automated?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Service Packs for Windows 2000 Server.

B.

Any application that does not run as a service.

C.

Additional language support for Windows 2000 Server, through the installation of various language packs.

D.

Any application that runs as a service.

E.

The core operating system of Windows 2000 Server.

Buy Now
Questions 93

You are implementing wireless access at a defense contractor. Specifications say, you must implement the AES Encryption algorithm. Which encryption standard should you choose?

Options:

A.

WPA 2

B.

WEP

C.

TKIP

D.

WPA

Buy Now
Questions 94

Which of the following options is an approach to restricting system access to authorized users?

Options:

A.

MIC

B.

MAC

C.

RBAC

D.

DAC

Buy Now
Questions 95

Mark works as a Network Administrator for Perfect Inc. The company has both wired and wireless networks. An attacker attempts to keep legitimate users from accessing services that they require. Mark uses IDS/IPS sensors on the wired network to mitigate the attack. Which of the following attacks best describes the attacker's intentions?

Options:

A.

Land attack

B.

Internal attack

C.

DoS attack

D.

Reconnaissance attack

Buy Now
Questions 96

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He copies the whole structure of the We-are-secure Web site to the local disk and obtains all the files on the Web site. Which of the following techniques is he using to accomplish his task?

Options:

A.

Eavesdropping

B.

Fingerprinting

C.

Web ripping

D.

TCP FTP proxy scanning

Buy Now
Questions 97

What does a firewall check to prevent certain ports and applications from getting the packets into an Enterprise?

Options:

A.

The network layer headers and the session layer port numbers

B.

The presentation layer headers and the session layer port numbers

C.

The transport layer port numbers and the application layer headers

D.

The application layer port numbers and the transport layer headers

Buy Now
Questions 98

Which of the following is an input of the close procurements process?

Options:

A.

Organizational process asset updates

B.

Procurement credentials

C.

Project management plan

D.

Closed procurements

Buy Now
Questions 99

Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use the Steganographic file system method to encrypt and hide some secret information. Which of the following disk spaces will he use to store this secret information?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Hidden partition

B.

Dumb space

C.

Slack space

D.

Unused sectors

Buy Now
Questions 100

Rick is the project manager for TTM project. He is in the process of procuring services from vendors. He makes a contract with a vendor in which he precisely specify the services to be procured, and any changes to the procurement specification will increase the costs to the buyer. Which type of contract is this?

Options:

A.

Fixed Price with Economic Price Adjustment

B.

Fixed Price Incentive Fee

C.

Cost Plus Fixed Fee Contract

D.

Firm Fixed Price

Buy Now
Questions 101

Which of the following federal laws are related to hacking activities?

Each correct answer represents a complete solution. Choose three.

Options:

A.

18 U.S.C. 2510

B.

18 U.S.C. 1029

C.

18 U.S.C. 1028

D.

18 U.S.C. 1030

Buy Now
Questions 102

Mark works as a Network Administrator for Infonet Inc. The company has a Windows 2000 Active Directory domain-based network. The domain contains one hundred Windows XP Professional client computers. Mark is deploying an 802.11 wireless LAN on the network. The wireless LAN will use Wired Equivalent Privacy (WEP) for all the connections. According to the company's security policy, the client computers must be able to automatically connect to the wireless LAN. However, the unauthorized computers must not be allowed to connect to the wireless LAN and view the wireless network. Mark wants to configure all the wireless access points and client computers to act in accordance with the company's security policy. What will he do to accomplish this?

Each correct answer represents a part of the solution. Choose three.

Options:

A.

Configure the authentication type for the wireless LAN to Open system.

B.

Install a firewall software on each wireless access point.

C.

Configure the authentication type for the wireless LAN to Shared Key.

D.

Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

E.

Broadcast SSID to connect to the access point (AP).

F.

On each client computer, add the SSID for the wireless LAN as the preferred network.

Buy Now
Questions 103

You work as a Network Administrator for NetTech Inc. The company has a Windows Server 2008 Active Directory-based single domain single forest network. The company's network is connected to the Internet through a T1 line. The firewall is configured on the network for securing the internal network from the intruders on the Internet. You are designing a public key infrastructure (PKI) for the network. The network will use a root enterprise certificate authority (CA) and two subordinate CAs. The root CA will be used to issue certificates to the subordinate CAs, and the subordinate CAs will be used to issue certificates to the clients. The security policy of the company dictates that the security of high-level CAs should not be compromised. Which of the following steps will you take to implement the security policy of the company?

Options:

A.

Take the root enterprise CA offline after it issues certificates to its subordinate CAs.

B.

Place all CA servers in a locked room.

C.

Take subordinate CAs offline after they get their certificates from the root CA.

D.

Configure a firewall on the network.

Buy Now
Questions 104

Which of the following programs can be used to detect stealth port scans performed by a malicious hacker?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

portsentry

B.

nmap

C.

scanlogd

D.

libnids

Buy Now
Questions 105

Which of the following types of attacks cannot be prevented by technical measures only?

Options:

A.

Social engineering

B.

Smurf DoS

C.

Brute force

D.

Ping flood attack

Buy Now
Questions 106

John, a malicious hacker, forces a router to stop forwarding packets by flooding it with many open connections simultaneously so that all hosts behind it are effectively disabled. Which of the following attacks is John performing?

Options:

A.

ARP spoofing

B.

Replay attack

C.

Rainbow attack

D.

DoS attack

Buy Now
Questions 107

Which of the following statements about front door attack is true?

Options:

A.

In this type of attack, the hacker sends more traffic to a network address than the buffer can handle.

B.

This type of attack uses a dictionary of common words to find out the password of a user.

C.

This type of attack is used to sniff passwords or information from a legitimate transaction to be used for the hacker's advantage.

D.

In this type of attack, the hacker has all the correct information to get into a system and does not have to perform any additional task to get that information.

Buy Now
Questions 108

Which of the following uses public key cryptography to encrypt the contents of files?

Options:

A.

NTFS

B.

DFS

C.

RFS

D.

EFS

Buy Now
Questions 109

Which of the following is the best way of protecting important data against virus attack?

Options:

A.

Using strong passwords to log on to the network.

B.

Taking daily backup of data.

C.

Updating the anti-virus software regularly.

D.

Implementing a firewall

Buy Now
Questions 110

Which of the following PPP configuration options is used to increase the effective throughput on PPP connections by reducing the amount of data in the frame that must travel across the link?

Options:

A.

Authentication

B.

Error detection

C.

Compression

D.

Multilink

Buy Now
Questions 111

You work as a Network Administrator for NetPerfect Inc. You have implemented a firewall on the company's network. You want to ensure that outside users cannot access the internal FTP servers on the network. What will you do to accomplish the task?

Options:

A.

Block the TCP port 443 on the firewall.

B.

Block the UDP port 1701 and TCP port 1723 on the firewall.

C.

Block the TCP port 80 on the firewall.

D.

Block the TCP ports 20 and 21 on the firewall.

Buy Now
Questions 112

Your project is to implement a new operating system for all of the workstations in your company's network. Every workstation must have the new operating system as part of an organization-wide mandate. Many users are not happy with this decision and are resisting the change. Some of the users are complaining that they do not want the operating system at all. What type of stakeholders are these users?

Options:

A.

Con stakeholders

B.

Customers

C.

Negative stakeholders

D.

End-users

Buy Now
Questions 113

Which of the following is an example of penetration testing?

Options:

A.

Implementing HIDS on a computer

B.

Implementing NIDS on a network

C.

Configuring firewall to block unauthorized traffic

D.

Simulating an actual attack on a network

Buy Now
Questions 114

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

Options:

A.

Risk transfer

B.

Risk acceptance

C.

Risk avoidance

D.

Risk mitigation

Buy Now
Questions 115

Which of the following methods can be helpful to eliminate social engineering threat?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Password policies

B.

Data classification

C.

Vulnerability assessments

D.

Data encryption

Buy Now
Questions 116

Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

Options:

A.

Single Loss Expectancy (SLE)

B.

Exposure Factor (EF)

C.

Annualized Rate of Occurrence (ARO)

D.

Safeguard

Buy Now
Exam Code: GSLC
Exam Name: GIAC Security Leadership Certification (GSLC)
Last Update: Dec 27, 2024
Questions: 567
GSLC pdf

GSLC PDF

$25.5  $84.99
GSLC Engine

GSLC Testing Engine

$30  $99.99
GSLC PDF + Engine

GSLC PDF + Testing Engine

$40.5  $134.99