GIAC GSEC Dumps

When file integrity checking is enabled, what feature is used to determine if a monitored file has been modified?

You work as an Administrator for McRoberts Inc. The company has a Linux-based network. You are logged in as a non-root user on your client computer. You want to delete all files from the /garbage directory. You want that the command you will use should prompt for the root user password. Which of the following commands will you use to accomplish the task?

You are implementing wireless access at a defense contractor. Specifications say, you must implement the AES Encryption algorithm. Which encryption standard should you choose?

What is the function of the TTL (Time to Live) field in IPv4 and the Hop Limit field in IPv6 In an IP Packet header?

When discussing access controls, which of the following terms describes the process of determining the activities or functions that an Individual is permitted to perform?

You are responsible for a Microsoft based network. Your servers are all clustered. Which of the following are the likely reasons for the clustering?

Each correct answer represents a complete solution. Choose two.

Which of the below choices should an organization start with when implementing an effective risk management process?

Your organization has broken its network into several sections/segments, which are separated by firewalls, ACLs and VLANs. The purpose is to defend segments of the network from potential attacks that originate in a different segment or that attempt to spread across segments.

This style of defense-in-depth protection is best described as which of the following?

At what point in the Incident Handling process should an organization determine its approach to notifying law enforcement?

Which of the following choices accurately describes how PGP works when encrypting email?

A Windows administrator wants to automate local and remote management tasks in Active Directory. Which tool is most appropriate for this?

Which of the following is a Layer 3 device that will typically drop directed broadcast traffic?

Which of the following works at the network layer and hides the local area network IP address and topology?

When you log into your Windows desktop what information does your Security Access Token (SAT) contain?

What must be added to VLANs to improve security?

What are the two actions the receiver of a PGP email message can perform that allows establishment of trust between sender and receiver?

Which of the following defines the communication link between a Web server and Web applications?

A Network Engineer is charged with maintaining and protecting a network with a high availability requirement. In addition to other defenses, they have chosen to implement a NIPS. How should the NIPS failure conditions be configured to ensure availability if the NIPS is installed in front of the Firewall that protects the DMZ?

Your IT security team is responding to a denial of service attack against your server. They have taken measures to block offending IP addresses. Which type of threat control is this?

Which of the following utilities can be used to manage the Windows Firewall (WF) from the command line?

When should you create the initial database for a Linux file integrity checker?

Which of the following is NOT typically used to mitigate the war dialing threat?

What advantage would an attacker have in attacking a web server using the SSL protocol?

For most organizations, which of the following should be the highest priority when it comes to physical security concerns?

You work as a Linux technician for Tech Perfect Inc. You have lost the password of the root. You want to provide a new password. Which of the following steps will you take to accomplish the task?

Which of the following resources is a knowledge base of real-world observed adversary tactics and techniques?

Which of the following should be implemented to protect an organization from spam?

How does a default deny rule in a firewall prevent unknown attacks?

In a /24 subnet, which of the following is a valid broadcast address?

In trace route results, what is the significance of an * result?

An organization keeps its intellectual property in a database. Protection of the data is assigned to one system administrator who marks the data, and monitors for this intellectual property leaving the network. Which defense-In-depth principle does this describe?

Which of the following protocols implements VPN using IPSec?

The Return on Investment (ROI) measurement used in Information Technology and Information Security fields is typically calculated with which formula?

You work as a Network Administrator for McNeil Inc. The company has a Linux-based network. David, a Sales Manager, wants to know the name of the shell that he is currently using. Which of the following commands will he use to accomplish the task?

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He is currently working on his C based new traceroute program. Since, many processes are running together on the system, he wants to give the highest priority to the cc command process so that he can test his program, remove bugs, and submit it to the office in time. Which of the following commands will John use to give the highest priority to the cc command process?

Which of the following Unix syslog message priorities is the MOST severe?

What is the term for a game in which for every win there must be an equivalent loss?

SSL session keys are available in which of the following lengths?

Which of the following applications would be BEST implemented with UDP instead of TCP?

What Amazon Web Services (AWS) term describes a grouping of at least one datacenter with redundant power, high speed connections to other data centres and the Internet?

The previous system administrator at your company used to rely heavily on email lists, such as vendor lists and Bug Traq to get information about updates and patches. While a useful means of acquiring data, this requires time and effort to read through. In an effort to speed things up, you decide to switch to completely automated updates and patching. You set up your systems to automatically patch your production servers using a cron job and a scripted apt-get upgrade command. Of the following reasons, which explains why you may want to avoid this plan?

Which of the following are the types of intrusion detection systems?

Each correct answer represents a complete solution. Choose all that apply.

You have been hired to design a TCP/IP-based network that will contain both Unix and Windows computers. You are planning a name resolution strategy. Which of the following services will best suit the requirements of the network?

Which of the following statements about IPSec are true?

Each correct answer represents a complete solution. Choose two.

Jonny Is an IT Project Manager. He cannot access the folder called "IT Projects" but can access a folder called "Sales Data" even though he's not on the sales team. Which information security principle has failed?

When a packet leaving the network undergoes Network Address Translation (NAT), which of the following is changed?

Which of the following is NOT a recommended best practice for securing Terminal Services and Remote Desktop?

Which of the following is a backup strategy?

You work as a Network Administrator for Net World Inc. The company has a Linux-based network. For testing purposes, you have configured a default IP-table with several filtering rules. You want to reconfigure the table. For this, you decide to remove the rules from all the chains in the table. Which of the following commands will you use?

During a scheduled evacuation training session the following events took place in this order:

1. Evacuation process began by triggering the building fire alarm.

2a. The meeting point leader arrived first at the designated meeting point and immediately began making note of who was and was not accounted for.

2b. Stairwell and door monitors made it to their designated position to leave behind a box of flashlights and prop the stairway doors open with a garbage can so employees can find exits and dispose of food and beverages.

2c. Special needs assistants performed their assigned responsibility to help employees out that require special assistance.

3. The safety warden communicated with the meeting point leader via walkie talkie to collect a list of missing personnel and communicated this information back to the searchers.

4. Searchers began checking each room and placing stick-it notes on the bottom of searched doors to designate which areas were cleared.

5. All special need assistants and their designated wards exited the building.

6. Searchers complete their assigned search pattern and exit with the Stairwell/door monitors.

Given this sequence of events, which role is in violation of its expected evacuation tasks?

Many IIS servers connect to Microsoft SQL databases. Which of the following statements about SQL server security is TRUE?

Which of the following is the key point to consider in the recovery phase of incident handling?

Which of the following is the key point to consider in the recovery phase of incident handling?

What dots Office 365 use natively for authentication?

In preparation to do a vulnerability scan against your company's systems. You've taken the steps below:

You've notified users that there will be a system test.

You've priontized and selected your targets and subnets.

You've configured the system to do a deep scan.

You have a member of your team on call to answer questions.

Which of the following is a necessary step to take prior to starting the scan?

Which of the following consists of the security identifier number (SID) of your user account, the SID of all of your groups and a list of all your user rights?

You are examining an IP packet with a header of 40 bytes in length and the value at byte 0 of the packet header is 6. Which of the following describes this packet?

An attacker gained physical access to an internal computer to access company proprietary data. The facility is protected by a fingerprint biometric system that records both failed and successful entry attempts. No failures were logged during the time periods of the recent breach. The account used when the attacker entered the facility shortly before each incident belongs to an employee who was out of the area. With respect to the biometric entry system, which of the following actions will help mitigate unauthorized physical access to the facility?

Which Defense-in-Depth principle starts with an awareness of the value of each section of information within an organization?

Regarding the UDP header below, what is the length in bytes of the UDP datagrarn?

04 1a 00 a1 00 55 db 51

Validating which vulnerabilities in a network environment are able to be exploited by an attacker is called what?

A web application requires multifactor authentication when a user accesses the application from a home office but does not require this when the user is in the office. What access control model is this describing?

Which Linux file lists every process that starts at boot time?

On an NTFS file system, what will happen when a conflict exists between Allow and Deny permissions?

Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP)?

Which of the following quantifies the effects of a potential disaster over a period of time?

Which of the following is a potential WPA3 security issue?

What method do Unix-type systems use to prevent attackers from cracking passwords using pre-computed hashes?

When Net Stumbler is initially launched, it sends wireless frames to which of the following addresses?

What is the name of the registry key that is used to manage remote registry share permissions for the whole registry?

Which of the following files contains the shadowed password entries in Linux?

What type of attack can be performed against a wireless network using the tool Kismet?

Critical information is encrypted within an application accessible only to a small group of administrators, with a separate group of administrators holding the decryption keys. What Defense in Depth approach is being used?

Which of the following is a required component for successful 802.lx network authentication?

Against policy, employees have installed Peer-to-Peer applications on their workstations and they are using them over TCP port 80 to download files via the company network from other Peer-to-Peer users on the Internet. Which of the following describes this threat?

Which of the following applications cannot proactively detect anomalies related to a computer?

An employee attempting to use your wireless portal reports receiving the error shown below. Which scenario is occurring?

How many bytes does it take to represent the hexadecimal value OxFEDCBA?

Your software developer comes to you with an application that controls a user device. The application monitors its own behavior and that of the device and creates log files. The log files are expected to grow steadily and rapidly. Your developer currently has the log files stored in the /bin folder with the application binary. Where would you suggest that the developer store the log files?

Which of the following processes Is used to prove a user Is who they claim to be based upon something they know, have, are, and/or their physical location?

Your CIO has found out that it is possible for an attacker to clone your company's RFID (Radio Frequency ID) based key cards. The CIO has tasked you with finding a way to ensure that anyone entering the building is an employee. Which of the following authentication types would be the appropriate solution to this problem?

Which of the following statements best describes where a border router is normally placed?

What does PowerShell remoting use to authenticate to another host in a domain environment?

How is a Distributed Denial of Service (DDOS) attack distinguished from a regular DOS attack?

What is SSL primarily used to protect you against?

Which of the following protocols is used to send e-mails on the Internet?

Which of the following is a Personal Area Network enabled device?

The process of enumerating all hosts on a network defines which of the following activities?

A database is accessed through an application that users must authenticate with, on a host that only accepts connections from a subnet where the business unit that uses the data is located. What defense strategy is this?

You are doing some analysis of malware on a Unix computer in a closed test network. The IP address of the computer is 192.168.1.120. From a packet capture, you see the malware is attempting to do a DNS query for a server called iamabadserver.com so that it can connect to it. There is no DNS server on the test network to do name resolution. You have another computer, whose IP is 192.168.1.115, available on the test network that you would like for the malware connect to it instead. How do you get the malware to connect to that computer on the test network?

To be considered a strong algorithm, an encryption algorithm must be which of the following?

Which of the following networking topologies uses a hub to connect computers?

Which asymmetric algorithm is used only for key exchange?

What type of HTTP session tracking artifact is designed to expire once a user’s web browser session is closed?

What is the purpose of a TTL value?

When a host on a remote network performs a DNS lookup of which of the following is likely to provide an Authoritative reply?

Which Authenticates Assurance Level requires a hardware-based authenticates?

You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. You are required to search for the error messages in the /var/log/messages log file. Which of the following commands will you use to accomplish this?

You work as a Network Administrator for World Perfect Inc. The company has a Linux-based network. You have configured a Linux Web server on the network. A user complains that the Web server is not responding to requests. The process list on the server shows multiple instances of the HTTPD process. You are required to stop the Web service. Which of the following commands will you use to resolve the issue?

During which of the following steps is the public/private key-pair generated for Public Key Infrastructure (PKI)?

Which of the following statements would be seen in a Disaster Recovery Plan?

Which of the following is a new Windows Server 2008 feature for the Remote Desktop Protocol (RDP)?

Which of the following tools is also capable of static packet filtering?

While building multiple virtual machines on a single host operating system, you have determined that each virtual machine needs to work on the network as a separate entity with its own unique IP address on the same logical subnet. You also need to limit each guest operating system to how much system resources it has access to. Which of the following correctly identifies steps that must be taken towards setting up these virtual environments?

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. He is working as a root user on the Linux operating system. He wants to delete his private.txt file from his operating system. He knows that the deleted file can be recovered easily. Hence, he wants to delete the file securely. He wants to hide the shredding, and so he desires to add a final overwrite of the file private.txt with zero. Which of the following commands will John use to accomplish his task?

Which logging capability is provided natively by syslog?

Which of the following is Azure's version of a superuser?

Which of the following utilities provides an efficient way to give specific users permission to use specific system commands at the root level of a Linux operating system?

Use sudo to launch Snort with the, /etc /snort /snort.conf file In full mode to generate alerts based on incoming traffic to echo. What is the source IP address of the traffic triggering an alert with a destination port of 156?

Note: Snort Is configured to exit after It evaluates 50 packets.

Which of the following is generally practiced by the police or any other recognized governmental authority?

Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution. Choose two.

Which of the following is the reason of using Faraday cage?

Which of the following processes is known as sanitization?

In addition to securing the operating system of production honey pot hosts, what is recommended to prevent the honey pots from assuming the identities of production systems that could result in the denial of service for legitimate users?