GSEC GIAC Security Essentials Questions and Answers
How many clients Is a single WSUS server designed to support when the minimum system requirements are met?
The Return on Investment (ROI) measurement used in Information Technology and Information Security fields is typically calculated with which formula?
The Linux command to make the /etc/shadow file, already owned by root, readable only by root is which of the following?
Which of the following hardware devices prevents broadcasts from crossing over subnets?
Dilbert wants to have a script run on his Windows server every time Wally logs into it. Where should he place this script?
Which Host-based IDS (HIDS) method of log monitoring utilizes a list of keywords or phrases that define the events of interest for the analyst, then takes a list of keywords to watch for and generates alerts when it sees matches in log file activity?
Open the MATE terminal and use the tcpdump program to read - /pcaps /cass tech.pcap.
What is the source port number?
Which of the following is TRUE regarding the ability of attackers to eavesdrop on wireless communications?
What does Authentication Header (AH) add to the packet in order to prevent an attacker from lying about the source?
What Amazon Web Services (AWS) term describes a grouping of at least one datacenter with redundant power, high speed connections to other data centres and the Internet?
You work as a Network Administrator for Net Soft Inc. You are designing a data backup plan for your company ' s network. The backup policy of the company requires high security and easy recovery of data. Which of the following options will you choose to accomplish this?
You are the security director for an off-shore banking site. From a business perspective, what is a major factor to consider before running your new vulnerability scanner against the company ' s business systems?
Which Defense-in-Depth model involves identifying various means by which threats can become manifest and providing security mechanisms to shut them down?
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He wants to change the startup shell of Maria from bash to tcsh. Which of the following commands will John use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following resources is a knowledge base of real-world observed adversary tactics and techniques?
A folder D:\Files\Marketing has the following NTFS permissions:
• Administrators: Full Control
• Marketing: Change and Authenticated
• Users: Read
It has been shared on the server as " MARKETING " , with the following share permissions:
• Full Control share permissions for the Marketing group
Which of the following effective permissions apply if a user from the Sales group accesses the \\FILESERVER\MARKETING shared folder?
When considering ingress filtering, why should all inbound packets be dropped if they contain a source address from within the protected network address space?
If an attacker compromised a host on a site ' s internal network and wanted to trick other machines into using that host as the default gateway, which type of attack would he use?
Based on the iptables output below, which type of endpoint security protection has host 192.168.1.17 implemented for incoming traffic on TCP port 22 (SSH) and TCP port 23 (telnet)?
Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?
The process of enumerating all hosts on a network defines which of the following activities?
Which of the following are used to suppress gasoline and oil fires? Each correct answer represents a complete solution. Choose three.
Which of the following is a Layer 3 device that will typically drop directed broadcast traffic?
What is the purpose of notifying stakeholders prior to a scheduled vulnerability scan?
When discussing access controls, which of the following terms describes the process of determining the activities or functions that an Individual is permitted to perform?
Which file would the entry below be found in?
n e t.ipv6.conf.all.acctpt-r a =0
Which of the following terms refers to the process in which headers and trailers are added around user data?
An employee attempting to use your wireless portal reports receiving the error shown below. Which scenario is occurring?
Which of the following are the types of access controls?
Each correct answer represents a complete solution. Choose three.
Using PowerShell ISE running as an Administrator, navigate to the
C:\hlindows\security\tevplatesdirectory . Use secedit.exe in analyze mode to compare the temp.sdb and uorkstdtionSecureTmplate.inf files, and output the findings to a file called log.txt. Which configuration setting under Analyze User Rights reports a mismatch?
Hints:
Use files located in the C \windows\security\templates\ directory
The log. txt file will be created in the directory the secedit.exe command is run from
In preparation to do a vulnerability scan against your company ' s systems. You ' ve taken the steps below:
You ' ve notified users that there will be a system test.
You ' ve priontized and selected your targets and subnets.
You ' ve configured the system to do a deep scan.
You have a member of your team on call to answer questions.
Which of the following is a necessary step to take prior to starting the scan?
If a Linux administrator wanted to quickly filter out extraneous data and find a running process named RootKit, which command could he use?
Where are user accounts and passwords stored in a decentralized privilege management environment?
You are responsible for a Microsoft based network. Your servers are all clustered. Which of the following are the likely reasons for the clustering?
Each correct answer represents a complete solution. Choose two.
What security advantage does the utilization of a switch as opposed to a hub offer for a secure network design?
An organization keeps its intellectual property in a database. Protection of the data is assigned to one system administrator who marks the data, and monitors for this intellectual property leaving the network. Which defense-In-depth principle does this describe?
A database is accessed through an application that users must authenticate with, on a host that only accepts connections from a subnet where the business unit that uses the data is located. What defense strategy is this?
You are responsible for technical support at a company. One of the employees complains that his new laptop cannot connect to the company wireless network. You have verified that he is entering a valid password/passkey. What is the most likely problem?
Which of the following terms is used for the process of securing a system or a device on a network infrastructure?
Your customer wants to make sure that only computers he has authorized can get on his Wi-Fi. What is the most appropriate security measure you can recommend?
What is the process of simultaneously installing an operating system and a Service Pack called?
What is the maximum number of connections a normal Bluetooth device can handle at one time?
You work as a Network Administrator for NetTech Inc. The company wants to encrypt its e-mails. Which of the following will you use to accomplish this?
What is the function of the TTL (Time to Live) field in IPv4 and the Hop Limit field in IPv6 In an IP Packet header?
A US case involving malicious code is brought to trial. An employee had opened a helpdesk ticket to report specific instances of strange behavior on her system. The IT helpdesk representative collected information by interviewing the user and escalated the ticket to the system administrators. As the user had regulated and sensitive data on her computer, the system administrators had the hard drive sent to the company ' s forensic consultant for analysis and configured a new hard drive for the user. Based on the recommendations from the forensic consultant and the company ' s legal department, the CEO decided to prosecute the author of the malicious code. During the court case, which of the following would be able to provide direct evidence?
A VPC is created with a CIDR block of 10.22.0.0/16, which of the following private subnets could be Included?
You have an automated system for patching the operating systems of all your computers. All patches are supposedly current. Yet your automated vulnerability scanner has just reported vulnerabilities that you believe have been patched. Which of the actions below should you take next?
When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known as.
Analyze the file below. When will the program / home/sink/utils/remove temp hies.py run?
You are going to upgrade your hard disk ' s file system from FAT to NTFS. What are the major advantages of the NTFS file system over FAT16 and FAT32 file systems?
Each correct answer represents a complete solution. Choose all that apply.
You have implemented a firewall on the company ' s network for blocking unauthorized network connections. Which of the following types of security control is implemented in this case?
Which of the following Microsoft services integrates SSO into Microsoft 365 by syncing with on-premises servers?
Which Windows event log would you look in if you wanted information about whether or not a specific diver was running at start up?
What is the most secure way to address an unused Windows service so it cannot be exploited by malware?
You are reviewing a packet capture file from your network intrusion detection system. In the packet stream, you come across a long series of " no operation " (NOP) commands. In addition to the NOP commands, there appears to be a malicious payload. Of the following, which is the most appropriate preventative measure for this type of attack?
You work as a Network Administrator for McNeil Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest domain-based network. The company ' s management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks:
The wireless network communication should be secured.
The laptop users should be able to use smart cards for getting authenticated. In order to accomplish the tasks, you take the following steps:
Configure 802.1x and WEP for the wireless connections. Configure the PEAP-MS-CHAP v2 protocol for authentication. What will happen after you have taken these steps?
Which of the following Linux commands can change both the username and group name a file belongs to?
Which of the following access control principles helps prevent collusion and detect abuse of access?
You have set up a local area network for your company. Your firewall separates your network into several sections: a DMZ with semi-public servers (web, dns, email) and an intranet with private servers. A penetration tester gains access to both sections and installs sniffers in each. He is able to capture network traffic for all the devices in the private section but only for one device (the device with the sniffer) in the DMZ. What can be inferred about the design of the system?
Which AWS service integrates with the Amazon API Gateway to provision and renew TLS encryption needs for data in transit?
Use PowerShell ISE to
e xamin e C:\Windows\security\templates\WorkstationSecureTemplate.inf. Which setting is configured in the template?
While building multiple virtual machines on a single host operating system, you have determined that each virtual machine needs to work on the network as a separate entity with its own unique IP address on the same logical subnet. You also need to limit each guest operating system to how much system resources it has access to. Which of the following correctly identifies steps that must be taken towards setting up these virtual environments?
Which of the following is a benefit of using John the Ripper for auditing passwords?
You work as a Network Administrator for Net World Inc. The company has a Linux-based network. You want to mount an SMBFS share from a Linux workstation. Which of the following commands can you use to accomplish the task?
Each correct answer represents a complete solution. Choose two.
Which of the following is a required component for successful 802.lx network authentication?
You work as a Network Administrator for Net World Inc. The company has a Linux-based network. You are optimizing performance and security on your Web server. You want to know the ports that are listening to FTP. Which of the following commands will you use?
During which of the following steps is the public/private key-pair generated for Public Key Infrastructure (PKI)?
Which common firewall feature can be utilized to generate a forensic trail of evidence and to identify attack trends against your network?
While using Wire shark to investigate complaints of users being unable to login to a web application, you come across an HTTP POST submitted through your web application. The contents of the POST are listed below. Based on what you see below, which of the following would you recommend to prevent future damage to your database?
Critical information is encrypted within an application accessible only to a small group of administrators, with a separate group of administrators holding the decryption keys. What Defense in Depth approach is being used?
The Windows ' tracert ' begins by sending what type of packet to the destination host?
What is the name of the registry key that is used to manage remote registry share permissions for the whole registry?
In an Active Directory domain, which is the preferred method of keeping host computers patched?
What file instructs programs like Web spiders NOT to search certain areas of a site?
Which of the following statements about DMZ are true?
Each correct answer represents a complete solution. Choose two.
Which of the following statements about Microsoft ' s VPN client software is FALSE?
What are the two actions the receiver of a PGP email message can perform that allows establishment of trust between sender and receiver?
What technical control provides the most critical layer of defense if an intruder is able to bypass all physical security controls and obtain tapes containing critical data?
The previous system administrator at your company used to rely heavily on email lists, such as vendor lists and Bug Traq to get information about updates and patches. While a useful means of acquiring data, this requires time and effort to read through. In an effort to speed things up, you decide to switch to completely automated updates and patching. You set up your systems to automatically patch your production servers using a cron job and a scripted apt-get upgrade command. Of the following reasons, which explains why you may want to avoid this plan?
Which of the four basic transformations in the AES algorithm involves the leftward circular movement of state data?
What would the file permission example " rwsr-sr-x " translate to in absolute mode?
Which of the following choices accurately describes how PGP works when encrypting email?
Which of the following items are examples of preventive physical controls? Each correct answer represents a complete solution. Choose three.
What requirement must an administrator remember when utilizing Security Configuration and Analysis (SCA) to apply security templates to Windows systems?
When file integrity checking is enabled, what feature is used to determine if a monitored file has been modified?
Which of the following should be implemented to protect an organization from spam?
Which command would allow an administrator to determine if a RPM package was already installed?
Which of the following BEST describes the two job functions of Microsoft Baseline Security Analyzer (MBSA)?
If Linux server software is a requirement in your production environment which of the following should you NOT utilize?
A system administrator sees the following URL in the webserver logs:
Which action will mitigate against this attack?
PDF + Testing Engine
Testing Engine
PDF (Q&A)
