New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

GSEC GIAC Security Essentials Questions and Answers

Questions 4

In a /24 subnet, which of the following is a valid broadcast address?

Options:

A.

200.11.11.1

B.

221.10.10.10

C.

245.20.30.254

D.

192.10.10.255

Buy Now
Questions 5

Which of the following are the types of access controls?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Physical

B.

Administrative

C.

Automatic

D.

Technical

Buy Now
Questions 6

You have reason to believe someone with a domain user account has been accessing and modifying sensitive spreadsheets on one of your application servers. You decide to enable auditing for the files to see who is accessing and changing them. You enable the Audit Object Access policy on the files via Group Policy. Two weeks later, when you check on the audit logs, you see they are empty. What is the most likely reason this has happened?

Options:

A.

You cannot enable auditing on files, just folders

B.

You did not enable auditing on the files

C.

The person modifying the files turned off auditing

D.

You did not save the change to the policy

Buy Now
Questions 7

Which of the following would be used to explicitly deny the traffic from a foreign IP address scanning the EC2 Instances in a VPC?

Options:

A.

Security Group

B.

B. VPC Endpoint

C.

C. Network ACL

D.

D. Internet Gateway

Buy Now
Questions 8

Which of the following is an advantage of an Intrusion Detection System?

Options:

A.

It is a mature technology.

B.

It is the best network security.

C.

It never needs patching.

D.

It is a firewall replacement.

Buy Now
Questions 9

Use PowerShell ISE to

examineC:\Windows\security\templates\WorkstationSecureTemplate.inf. Which setting is configured in the template?

GSEC Question 9

GSEC Question 9

Options:

A.

ResetLockoutCount

B.

NewAdministratorName

C.

MinirnumPasswordAge

D.

Require logonToChangoPassword

E.

SeRemotPlnteractiveLogonRlght

F.

MaxRenewAge

G.

AuditSystemEvents

Buy Now
Questions 10

Which of the following is an advantage of private circuits versus VPNs?

Options:

A.

Flexibility

B.

Performance guarantees

C.

Cost

D.

Time required to implement

Buy Now
Questions 11

Launch Calculator (calc.exe). Using PowerShell, retrieve the Calculator Process Information. What is the value of the File Version property?

Hint: The process name of Calculator is calculator

GSEC Question 11

GSEC Question 11

Options:

A.

10.1705.12507.0

B.

10.1902.1603.06155

C.

10.0.19041.1

D.

8.1.2017.26587

E.

8.2017.1009.04153

F.

10.1705.1809.07007

G.

8.2017.0908.29102

Buy Now
Questions 12

What does it mean if a protocol such as HTTP is stateless?

Options:

A.

The client responds to server request and keeps track of the conversation.

B.

If a stateless protocol is used it cannot be traced.

C.

It means it is unreliable.

D.

The server responds to a single request and then forgets about it.

Buy Now
Questions 13

A company disables cd drives for users; what defense strategy is this a part of?

Options:

A.

Uniform Protection

B.

Information-Centric

C.

Protected Enclaves

D.

Vector-oriented

Buy Now
Questions 14

What is the term for a game in which for every win there must be an equivalent loss?

Options:

A.

Asymmetric

B.

Untenable

C.

Zero-sum

D.

Gain-oriented

Buy Now
Questions 15

What is the maximum passphrase length in Windows 2000/XP/2003?

Options:

A.

255 characters

B.

127 characters

C.

95 characters

D.

63 characters

Buy Now
Questions 16

What method do Unix-type systems use to prevent attackers from cracking passwords using pre-computed hashes?

Options:

A.

Unix systems can prevent users from using dictionary words for passwords

B.

The algorithms creates hashes using a CPU- intensive algorithm.

C.

The algorithm creates hashes using salts or randomized values

D.

Unix/Linux systems use hashing functions which cannot be reversed

E.

The system encrypts the password using a symmetrical algorithm

Buy Now
Questions 17

Which of the following fields CANNOT be hashed by Authentication Header (AH) in transport mode?

Options:

A.

Length

B.

Source IP

C.

TTL

D.

Destination IP

Buy Now
Questions 18

Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 domain- based network. The network contains ten Windows 2003 member servers, 150 Windows XP Professional client computers. According to the company's security policy, Mark needs to check whether all the computers in the network have all available security updates and shared folders. He also needs to check the file system type on each computer's hard disk. Mark installs and runs MBSACLI.EXE with the appropriate switches on a server. Which of the following tasks will he accomplish?

Options:

A.

None of the tasks will be accomplished.

B.

He will be able to check the file system type on each computer's hard disk.

C.

He will be able to accomplish all the tasks.

D.

He will be able to check all available security updates and shared folders.

Buy Now
Questions 19

How is a Distributed Denial of Service (DDOS) attack distinguished from a regular DOS attack?

Options:

A.

DDOS attacks are perpetrated by many distributed hosts.

B.

DDOS affects many distributed targets.

C.

Regular DOS focuses on a single router.

D.

DDOS affects the entire Internet.

Buy Now
Questions 20

Which of the following heights of fence deters only casual trespassers?

Options:

A.

8 feet

B.

2 to 2.5 feet

C.

6 to 7 feet

D.

3 to 4 feet

Buy Now
Questions 21

An attacker gained physical access to an internal computer to access company proprietary data. The facility is protected by a fingerprint biometric system that records both failed and successful entry attempts. No failures were logged during the time periods of the recent breach. The account used when the attacker entered the facility shortly before each incident belongs to an employee who was out of the area. With respect to the biometric entry system, which of the following actions will help mitigate unauthorized physical access to the facility?

Options:

A.

Try raising the Crossover Error Rate (CER)

B.

Try to lower the False Accept Rate (FAR)

C.

Try setting the Equal Error Rate (EER) to zero

D.

Try to set a lower False Reject Rate (FRR)

Buy Now
Questions 22

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He is currently working on his C based new traceroute program. Since, many processes are running together on the system, he wants to give the highest priority to the cc command process so that he can test his program, remove bugs, and submit it to the office in time. Which of the following commands will John use to give the highest priority to the cc command process?

Options:

A.

nice -n 19 cc -c *.c &

B.

nice cc -c *.c &

C.

nice -n -20 cc -c *.c &

D.

nice cc -c *.c

Buy Now
Questions 23

What technique makes it difficult for attackers to predict the memory address space location for code execution?

Options:

A.

Security Cookies

B.

DFP

C.

SLMOP

D.

ASLR

E.

Stack Canaries

Buy Now
Questions 24

Against policy, employees have installed Peer-to-Peer applications on their workstations and they are using them over TCP port 80 to download files via the company network from other Peer-to-Peer users on the Internet. Which of the following describes this threat?

Options:

A.

Firewall subversion

B.

Backdoor installation

C.

Malicious software infection

D.

Phishing attempt

Buy Now
Questions 25

What is a limitation of deploying HIPS on a workstation?

Options:

A.

Requires more frequent system patching

B.

Requires an HIDS to Identify an attack

C.

Restricted support for custom applications

D.

Runs as a non-privileged user

Buy Now
Questions 26

Dilbert wants to have a script run on his Windows server every time Wally logs into it. Where should he place this script?

Options:

A.

HKEY_LOCAL_MACHINF\SOFTWARE\Mlcrosofl\Wlndows\CurrentVerslon\RunOnce

B.

Default Domain Policy > User Configuration > Windows Settings > Scripts (Logon/Logoff)

C.

HKEY.LOCAL MACHIN\SOFTWARE\Microsolt\Windows\CurrentVersion\Run

D.

Default Domain Policy > Computer Configuration > Windows Settings > Scripts (Startup/Shutdown)

Buy Now
Questions 27

Jonny Is an IT Project Manager. He cannot access the folder called "IT Projects" but can access a folder called "Sales Data" even though he's not on the sales team. Which information security principle has failed?

Options:

A.

Authentication

B.

Authorization

C.

Identification

D.

Accountability

Buy Now
Questions 28

Which of the following protocols describes the operation of security In H.323?

Options:

A.

H.239

B.

H.245

C.

H.235

D.

H.225

Buy Now
Questions 29

Analyze the screenshot below. What is the purpose of this message?

GSEC Question 29

Options:

A.

To gather non-specific vulnerability information

B.

To get the user to download malicious software

C.

To test the browser plugins for compatibility

D.

To alert the user to infected software on the computer.

Buy Now
Questions 30

Two clients connecting from the same public IP address (for example - behind the same NAT firewall) can connect simultaneously to the same web server on the Internet, provided what condition is TRUE?

Options:

A.

The server is not using a well-known port.

B.

The server is on a different network.

C.

The client-side source ports are different.

D.

The clients are on different subnets.

Buy Now
Questions 31

Your IT security team is responding to a denial of service attack against your server. They have taken measures to block offending IP addresses. Which type of threat control is this?

Options:

A.

Detective

B.

Preventive

C.

Responsive

D.

Corrective

Buy Now
Questions 32

Which of the following describes software technologies that improve portability, manageability, and compatibility of applications by encapsulating them from the underlying operating system on which they are executed?

Options:

A.

System registry

B.

Group Policy

C.

Application virtualization

D.

System control

Buy Now
Questions 33

Which of the following is a type of countermeasure that can be deployed to ensure that a threat vector does not meet a vulnerability?

Options:

A.

Prevention controls

B.

Detection controls

C.

Monitoring controls

D.

Subversive controls

Buy Now
Questions 34

Which of the following statements best describes where a border router is normally placed?

Options:

A.

Between your firewall and your internal network

B.

Between your firewall and DNS server

C.

Between your ISP and DNS server

D.

Between your ISP and your external firewall

Buy Now
Questions 35

Which of the below choices should an organization start with when implementing an effective risk management process?

Options:

A.

Implement an incident response plan

B.

Define security policy requirements

C.

Conduct periodic reviews

D.

Design controls and develop standards for each technology you plan to deploy

Buy Now
Questions 36

Which of the following are used to suppress gasoline and oil fires? Each correct answer represents a complete solution. Choose three.

Options:

A.

Halon

B.

CO2

C.

Soda acid

D.

Water

Buy Now
Questions 37

When Net Stumbler is initially launched, it sends wireless frames to which of the following addresses?

Options:

A.

Broadcast address

B.

Default gateway address

C.

Subnet address

D.

Network address

Buy Now
Questions 38

Which of the following quantifies the effects of a potential disaster over a period of time?

Options:

A.

Risk Assessment

B.

Business Impact Analysis

C.

Disaster Recovery Planning

D.

Lessons Learned

Buy Now
Questions 39

What is achieved with the development of a communication flow baseline?

Options:

A.

Validation of data access

B.

Classification of critical data

C.

Categorization of internal risks

D.

Identification of existing IT assets

Buy Now
Questions 40

During which of the following steps is the public/private key-pair generated for Public Key Infrastructure (PKI)?

Options:

A.

Key Recovery

B.

Initialization

C.

Registration

D.

Certification

Buy Now
Questions 41

Your software developer comes to you with an application that controls a user device. The application monitors its own behavior and that of the device and creates log files. The log files are expected to grow steadily and rapidly. Your developer currently has the log files stored in the /bin folder with the application binary. Where would you suggest that the developer store the log files?

Options:

A.

/var/log

B.

/etc/log

C.

/usr/log

D.

/tmp/log

E.

/dev/log

Buy Now
Questions 42

During a scheduled evacuation training session the following events took place in this order:

1. Evacuation process began by triggering the building fire alarm.

2a. The meeting point leader arrived first at the designated meeting point and immediately began making note of who was and was not accounted for.

2b. Stairwell and door monitors made it to their designated position to leave behind a box of flashlights and prop the stairway doors open with a garbage can so employees can find exits and dispose of food and beverages.

2c. Special needs assistants performed their assigned responsibility to help employees out that require special assistance.

3. The safety warden communicated with the meeting point leader via walkie talkie to collect a list of missing personnel and communicated this information back to the searchers.

4. Searchers began checking each room and placing stick-it notes on the bottom of searched doors to designate which areas were cleared.

5. All special need assistants and their designated wards exited the building.

6. Searchers complete their assigned search pattern and exit with the Stairwell/door monitors.

Given this sequence of events, which role is in violation of its expected evacuation tasks?

Options:

A.

Safety warden

B.

Stairwell and door monitors

C.

Meeting point leader

D.

Searchers

E.

Special needs assistants

Buy Now
Questions 43

Which of the following is a benefit of using John the Ripper for auditing passwords?

Options:

A.

John's Blowfish cracking routine uses a complex central computing loop that increases the cost of each hash computation.

B.

John the Ripper is much slower for auditing passwords encrypted with MD5 and Blowfish.

C.

John's MD5 cracking routine uses a simplified central computing loop that decreases the cost of each hash computation.

D.

John cannot use the DES bit-slicing technique, so it is much slower than other tools, especially when used against DES-encrypted passwords.

Buy Now
Questions 44

Why are false positives such a problem with IPS technology?

Options:

A.

File integrity is not guaranteed.

B.

Malicious code can get into the network.

C.

Legitimate services are not delivered.

D.

Rules are often misinterpreted.

Buy Now
Questions 45

A system administrator sees the following URL in the webserver logs:

GSEC Question 45

Which action will mitigate against this attack?

Options:

A.

Force all web applications to use SSL/US

B.

Encode web traffic using Base64 before transmission

C.

Filter potentially harmful characters from user input

D.

Authenticate users before allowing database queries

Buy Now
Questions 46

Which of the following is a required component for successful 802.lx network authentication?

Options:

A.

Supplicant

B.

3rd-party Certificate Authority

C.

Ticket Granting Server (TGS)

D.

IPSec

Buy Now
Questions 47

Which choice best describes the line below?

alert tcp any any -> 192.168.1.0/24 80 (content: /cgi-bin/test.cgi"; msg: "Attempted

CGI-BIN Access!!";)

Options:

A.

Tcpdump filter

B.

IP tables rule

C.

Wire shark filter

D.

Snort rule

Buy Now
Questions 48

Which of the following is an example of a BitLocker recovery password?

Options:

A.

01 E6 0J4CCEAF 79A481 08BAC59I 7I BE8B

B.

389627 801256690151785527 909978 568638 271012 905516

C.

6c0b48fafaecb0bf8c2610253ee717at

D.

42VgYAjYV+C7ff6MdeqBGx5Y7V2zFQA=

Buy Now
Questions 49

Which of the following attacks can be mitigated by avoiding making system calls from within a web application?

Options:

A.

Denial of Service

B.

OS command injection

C.

SQL Injection

D.

Buffer Overflows

Buy Now
Questions 50

Which of the following is a new Windows Server 2008 feature for the Remote Desktop Protocol (RDP)?

Options:

A.

The ability to allow the administrator to choose a port other than the default RDP port (TCP 3389)

B.

The ability to support connections from mobile devices like smart phones

C.

The ability to allow clients to authenticate over TLS

D.

The ability to allow clients to execute individual applications rather than using a terminal desktop

Buy Now
Questions 51

Which of the following should be implemented to protect an organization from spam?

Options:

A.

Auditing

B.

System hardening

C.

E-mail filtering

D.

Packet filtering

Buy Now
Questions 52

When trace route fails to get a timely response for a packet after three tries, which action will it take?

Options:

A.

It will print '* * *' for the attempts and increase the maximum hop count by one.

B.

It will exit gracefully, and indicate to the user that the destination is unreachable.

C.

It will increase the timeout for the hop and resend the packets.

D.

It will print '* * *' for the attempts, increment the TTL and try again until the maximum hop count.

Buy Now
Questions 53

When you log into your Windows desktop what information does your Security Access Token (SAT) contain?

Options:

A.

The Security ID numbers (SIDs) of all the groups to which you belong

B.

A list of cached authentications

C.

A list of your domain privileges

D.

The Security ID numbers (SIDs) of all authenticated local users

Buy Now
Questions 54

Which of the following authentication methods are used by Wired Equivalent Privacy (WEP)? Each correct answer represents a complete solution. Choose two.

Options:

A.

Anonymous authentication

B.

Mutual authentication

C.

Open system authentication

D.

Shared key authentication

Buy Now
Questions 55

Analyze the file below. When will the program /home/sink/utils/remove temp hies.py run?

GSEC Question 55

Options:

A.

When a user requests it by connecting to the listening port

B.

When the user 'sink' logs in

C.

At startup when the system enters the multi-user runlevel

D.

At the time specified in the crontab file

Buy Now
Questions 56

Which of the following is an UDP based protocol?

Options:

A.

telnet

B.

SNMP

C.

IMAP

D.

LDAP

Buy Now
Questions 57

If a Linux administrator wanted to quickly filter out extraneous data and find a running process named RootKit, which command could he use?

Options:

A.

cat/proc;grep Rootkit

B.

ps-ef/ grep Rootkit

C.

sed’s/Rootkit/g’/var/log/messages

D.

tail/var/log/messages> Rootkit

E.

top-u Rootkit

Buy Now
Questions 58

Which access control mechanism requires a high amount of maintenance since all data must be classified, and all users granted appropriate clearance?

Options:

A.

Mandatory

B.

Discretionary

C.

Rule set-based

D.

Role-Based

Buy Now
Questions 59

Which of the following protocols implements VPN using IPSec?

Options:

A.

SLIP

B.

PPP

C.

L2TP

D.

PPTP

Buy Now
Questions 60

You work as a Network Administrator for Secure World Inc. The company has a Linux-based network. You want to run a command with the changed root directory. Which of the following commands will you use?

Options:

A.

ls

B.

chroot

C.

route

D.

chdir

Buy Now
Questions 61

Which of the following is a Personal Area Network enabled device?

Options:

A.

Corporate access point extender

B.

Bluetooth mouse

C.

Home Win router

D.

Network enabled printer

Buy Now
Questions 62

What are the two actions the receiver of a PGP email message can perform that allows establishment of trust between sender and receiver?

Options:

A.

Decode the message by decrypting the asymmetric key with his private key, then using the asymmetric key to decrypt the message.

B.

Decode the message by decrypting the symmetric key with his private key, then using the symmetric key to decrypt the message.

C.

Decode the message by decrypting the symmetric key with his public key, then using the symmetric key to decrypt the message.

D.

Decrypt the message by encrypting the digital signature with his private key, then using the digital signature to decrypt the message.

Buy Now
Questions 63

Which of the following protocols is used by a host that knows its own MAC (Media Access Control) address to query a server for its own IP address?

Options:

A.

RARP

B.

ARP

C.

DNS

D.

RDNS

Buy Now
Questions 64

How is confidentiality disabled in the IPSec Encapsulated Security Payload protocol?

Options:

A.

Selecting no algorithm for encryption or authentication

B.

Selecting the NULL authentication algorithm

C.

Selecting both NULL algorithms

D.

Selecting the NULL encryption algorithm

Buy Now
Questions 65

It is possible to sniff traffic from other hosts on a switched Ethernet network by impersonating which type of network device?

Options:

A.

Switch

B.

Bridge

C.

Hub

D.

Router

Buy Now
Questions 66

Which of the following works at the network layer and hides the local area network IP address and topology?

Options:

A.

Network address translation (NAT)

B.

Hub

C.

MAC address

D.

Network interface card (NIC)

Buy Now
Questions 67

You work as a Network Administrator for McNeil Inc. The company has a Linux-based network. David, a Sales Manager, wants to know the name of the shell that he is currently using. Which of the following commands will he use to accomplish the task?

Options:

A.

mv $shell

B.

echo $shell

C.

rm $shell

D.

ls $shell

Buy Now
Questions 68

Which of the following statements about Microsoft's VPN client software is FALSE?

Options:

A.

The VPN interface can be figured into the route table.

B.

The VPN interface has the same IP address as the interface to the network it's been specified to protect.

C.

The VPN client software is built into the Windows operating system.

D.

The VPN tunnel appears as simply another adapter.

Buy Now
Questions 69

An employee is currently logged into the corporate web server, without permission. You log into the web server as 'admin" and look for the employee's username: "dmaul" using the "who" command. This is what you get back:

GSEC Question 69

Options:

A.

The contents of the /var/log/messages file has been altered

B.

The contents of the bash history file has been altered

C.

The contents of the utmp file has been altered

D.

The contents of the http logs have been altered

Buy Now
Questions 70

Which Windows event log would you look in if you wanted information about whether or not a specific diver was running at start up?

Options:

A.

Application

B.

System

C.

Startup

D.

Security

Buy Now
Questions 71

A VPC is created with a CIDR block of 10.22.0.0/16, which of the following private subnets could be Included?

Options:

A.

10.23.0.0/16

B.

10.22.12.0/24

C.

10.23.12.0/26

D.

10.10.10.0/24

Buy Now
Questions 72

Which of the following statements would be seen in a Disaster Recovery Plan?

Options:

A.

"Instructions for notification of the media can be found in Appendix A"

B.

"The Emergency Response Plan should be executed in the case of any physical disaster listed on page 3."

C.

"The target for restoration of business operations is 72 hours from the declaration of disaster."

D.

"After arriving at the alternate site, utilize the server build checklist to rebuild all servers on the server rebuild list."

Buy Now
Questions 73

Which of the following SIP INVITE lines indicates to the remote registrar the VoIP phone that initiated the call?

Options:

A.

Via

B.

To

C.

From-Agent

D.

User-Agent

Buy Now
Questions 74

When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known as.

Options:

A.

False negative

B.

False positive

C.

True positive

D.

True negative

Buy Now
Questions 75

Which of the following TCP dump output lines indicates the first step in the TCP 3-way handshake?

Options:

A.

07:09:43.368615 download.net 39904 > ftp.com.21: S

733381829:733381829(0) win 8760 (DF)

B.

07:09:43.370302 ftp.com.21 > download.net.39904: S

1192930639:1192930639(0} ack 733381830 win 1024

1460> (DF)

C.

09:09:22.346383 ftp.com.21 > download.net.39904: , rst 1 win

2440(DF)

D.

07:09:43.370355 download.net.39904 > ftp.com.21: , ack 1 win

8760 (DF)

Buy Now
Questions 76

Which asymmetric algorithm is used only for key exchange?

Options:

A.

EI Gamal

B.

Diffuse-H an

C.

ECC

D.

DSA

Buy Now
Questions 77

You are responsible for a Microsoft based network. Your servers are all clustered. Which of the following are the likely reasons for the clustering?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Reduce power consumption

B.

Ease of maintenance

C.

Load balancing

D.

Failover

Buy Now
Questions 78

What would the following IP tables command do?

IP tables -I INPUT -s 99.23.45.1/32 -j DROP

Options:

A.

Drop all packets from the source address

B.

Input all packers to the source address

C.

Log all packets to or from the specified address

D.

Drop all packets to the specified address

Buy Now
Questions 79

There is not universal agreement on the names of the layers in the TCP/IP networking model. Which of the following is one of the functions of the bottom layer which is sometimes called the Network Access or Link Layer?

Options:

A.

Provides end-to-end data delivery service for user applications

B.

Handles the routing of the data packets over the network

C.

Manages IP addressing and encryption for data packets

D.

Defines the procedures for interfacing with Ethernet devices

Buy Now
Questions 80

How many clients Is a single WSUS server designed to support when the minimum system requirements are met?

Options:

A.

10000

B.

B. 5OOO

C.

1000

Buy Now
Questions 81

When an IIS filename extension is mapped, what does this mean?

Options:

A.

Files with the mapped extensions cannot be interpreted by the web server.

B.

The file and all the data from the browser's request are handed off to the mapped interpreter.

C.

The files with the mapped extensions are interpreted by CMD.EXE.

D.

The files with the mapped extensions are interpreted by the web browser.

Buy Now
Questions 82

On which of the following OSI model layers does IPSec operate?

Options:

A.

Physical layer

B.

Network layer

C.

Data-link layer

D.

Session layer

Buy Now
Questions 83

Which attack stage mirrors the Information Gathering phase used in penetration testing methodology?

Options:

A.

Reconnaissance

B.

Clearing tracks

C.

Scanning

D.

Gaining access

Buy Now
Questions 84

What advantage does a Client-to-Client VPN have over other types of VPNs?

Options:

A.

The traffic never traverses any network segment in clear text

B.

The client applications do not need to support cryptography

C.

Network devices do not have to look at the message content to provide QoS

D.

The VPN gateway is located at the edge of the corporate network

Buy Now
Questions 85

What technical control provides the most critical layer of defense if an intruder is able to bypass all physical security controls and obtain tapes containing critical data?

Options:

A.

Camera Recordings

B.

Security guards

C.

Encryption

D.

Shredding

E.

Corrective Controls

Buy Now
Questions 86

You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. You are required to search for the error messages in the /var/log/messages log file. Which of the following commands will you use to accomplish this?

Options:

A.

ps /var/log/messages

B.

cat /var/log/messages | look error

C.

cat /var/log/messages | grep error

D.

cat /var/log/messages

Buy Now
Questions 87

Which of the following languages enable programmers to store cookies on client computers? Each correct answer represents a complete solution. Choose two.

Options:

A.

DHTML

B.

Perl

C.

HTML

D.

JavaScript

Buy Now
Questions 88

Which of the following is a benefit to utilizing Cygwin for Windows?

Options:

A.

The ability to install a complete Red Hat operating system Install on Windows.

B.

The ability to bring much more powerful scripting capabilities to Windows.

C.

The ability to run a production Apache server.

D.

The ability to install a complete Ubuntu operating system install on Windows.

Buy Now
Questions 89

Which of the following services resolves host name to IP Address?

Options:

A.

Computer Browser

B.

DHCP

C.

DNS

D.

WINS

Buy Now
Questions 90

How many bytes does it take to represent the hexadecimal value OxFEDCBA?

Options:

A.

12

B.

2

C.

3

D.

6

Buy Now
Questions 91

Which of the following statements would describe the term "incident" when used in the branch of security known as Incident Handling?

Options:

A.

Any observable network event

B.

Harm to systems

C.

Significant threat of harm to systems

D.

A and C

E.

A, B, and C

F.

B and C

G.

A and B

Buy Now
Questions 92

SSL session keys are available in which of the following lengths?

Options:

A.

40-bit and 128-bit.

B.

64-bit and 128-bit.

C.

128-bit and 1,024-bit.

D.

40-bit and 64-bit.

Buy Now
Questions 93

You work as a Network Administrator for NetTech Inc. To ensure the security of files, you encrypt data files using Encrypting File System (EFS).

You want to make a backup copy of the files and maintain security settings. You can backup the files either to a network share or a floppy disk. What will you do to accomplish this?

Options:

A.

Copy the files to a network share on an NTFS volume.

B.

Copy the files to a network share on a FAT32 volume.

C.

Place the files in an encrypted folder. Then, copy the folder to a floppy disk.

D.

Copy the files to a floppy disk that has been formatted using Windows 2000 Professional.

Buy Now
Questions 94

What is SSL primarily used to protect you against?

Options:

A.

Session modification

B.

SQL injection

C.

Third-patty sniffing

D.

Cross site scripting

Buy Now
Questions 95

You work as a Network Administrator for Tech Perfect Inc. The company has a Linux-based network. You want to kill a process running on a Linux server. Which of the following commands will you use to know the process identification number (PID) of the process?

Options:

A.

killall

B.

ps

C.

getpid

D.

kill

Buy Now
Questions 96

When file integrity checking is enabled, what feature is used to determine if a monitored file has been modified?

Options:

A.

file size

B.

Last modified dale

C.

File change notifications in the Application Event Log

D.

One-way hash

Buy Now
Questions 97

Which of the following Microsoft services integrates SSO into Microsoft 365 by syncing with on-premises servers?

Options:

A.

Intune

B.

Azure AD Connect

C.

Teams

D.

Azure Key Vault

Buy Now
Questions 98

Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution. Choose two.

Options:

A.

It reduces the need for globally unique IP addresses.

B.

It allows external network clients access to internal services.

C.

It allows the computers in a private network to share a global, ISP assigned address to connect to the Internet.

D.

It provides added security by using Internet access to deny or permit certain traffic from the Bastion Host.

Buy Now
Questions 99

Which of the following Unix syslog message priorities is the MOST severe?

Options:

A.

err

B.

emerg

C.

crit

D.

alert

Buy Now
Questions 100

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. He is working as a root user on the Linux operating system. He wants to delete his private.txt file from his operating system. He knows that the deleted file can be recovered easily. Hence, he wants to delete the file securely. He wants to hide the shredding, and so he desires to add a final overwrite of the file private.txt with zero. Which of the following commands will John use to accomplish his task?

Options:

A.

rmdir -v private.txt

B.

shred -vfu private.txt

C.

shred -vfuz private.txt

D.

rm -vf private.txt

Buy Now
Questions 101

When using Pretty Good Privacy (PGP) to digitally sign a message, the signature is created in a two-step process. First, the message to be signed is submitted to PGP's cryptographic hash algorithm. What is one of the hash algorithms used by PGP for this process?

Options:

A.

Blowfish

B.

DES

C.

SHA-l

D.

Cast

Buy Now
Questions 102

What would the file permission example "rwsr-sr-x" translate to in absolute mode?

Options:

A.

1755

B.

6755

C.

6645

D.

1644

Buy Now
Questions 103

In preparation to do a vulnerability scan against your company's systems. You've taken the steps below:

You've notified users that there will be a system test.

You've priontized and selected your targets and subnets.

You've configured the system to do a deep scan.

You have a member of your team on call to answer questions.

Which of the following is a necessary step to take prior to starting the scan?

Options:

A.

Placing the incident response team on call.

B.

Clear relevant system log files.

C.

Getting permission to run the scan.

D.

Scheduling the scan to run before OS updates.

Buy Now
Questions 104

What type of malware is a self-contained program that has the ability to copy itself without parasitically infecting other host code?

Options:

A.

Trojans

B.

Boot infectors

C.

Viruses

D.

Worms

Buy Now
Questions 105

Which of the four basic transformations in the AES algorithm involves the leftward circular movement of state data?

Options:

A.

SubBytes

B.

MixColumns

C.

AddRoundKey

D.

Shift Rows

Buy Now
Questions 106

Which of the following is a private, RFC 1918 compliant IP address that would be assigned to a DHCP scope on a private LAN?

Options:

A.

127.0.0.100

B.

169.254.1.50

C.

10.254.1.50

D.

172.35.1.100

Buy Now
Questions 107

Which Defense-in-Depth principle starts with an awareness of the value of each section of information within an organization?

Options:

A.

Information centric defense

B.

Uniform information protection

C.

General information protection

D.

Perimeter layering

Buy Now
Questions 108

Your system has been infected by malware. Upon investigation, you discover that the malware propagated primarily via email. The malware attacked known vulnerabilities for which patches are available, but due to problems with your configuration management system you have no way to know which systems have been patched and which haven't, slowing your progress in patching your network. Of the following, which solution would you use to protect against this propagation vector?

Options:

A.

Encrypt the emails on the server

B.

Scan and block suspect email attachments at the email server

C.

Install a firewall between the email server and the Internet

D.

Separate the email server from the trusted portions of the network

Buy Now
Questions 109

What is the maximum number of connections a normal Bluetooth device can handle at one time?

Options:

A.

2

B.

4

C.

1

D.

8

E.

7

Buy Now
Questions 110

Which of the following is a Layer 3 device that will typically drop directed broadcast traffic?

Options:

A.

Hubs

B.

Bridges

C.

Routers

D.

Switches

Buy Now
Questions 111

The TTL can be found in which protocol header?

Options:

A.

It is found in byte 8 of the ICMP header.

B.

It is found in byte 8 of the IP header.

C.

It is found in byte 8 of the TCP header.

D.

It is found in byte 8 of the DNS header.

Buy Now
Questions 112

Analyze the screenshot below. In what order should the vulnerabilities be remediated?

GSEC Question 112

Options:

A.

D, C, B, A

B.

C, D, B, A

C.

C, D, A, B

D.

B, A, D, C,

Buy Now
Questions 113

You are the security director for an off-shore banking site. From a business perspective, what is a major factor to consider before running your new vulnerability scanner against the company's business systems?

Options:

A.

It may harm otherwise healthy systems.

B.

It may produce false negative results.

C.

It may generate false positive results.

D.

It may not return enough benefit for the cost.

Buy Now
Questions 114

You work as an Administrator for McRoberts Inc. The company has a Linux-based network. You are logged in as a non-root user on your client computer. You want to delete all files from the /garbage directory. You want that the command you will use should prompt for the root user password. Which of the following commands will you use to accomplish the task?

Options:

A.

rm -rf /garbage*

B.

del /garbage/*.*

C.

rm -rf /garbage* /SU

D.

su -c "RM -rf /garbage*"

Buy Now
Questions 115

Which of the following is a characteristic of hash operations?

Options:

A.

Asymmetric

B.

Non-reversible

C.

Symmetric

D.

Variable length output

Buy Now
Exam Code: GSEC
Exam Name: GIAC Security Essentials
Last Update: Dec 16, 2024
Questions: 385

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now GSEC testing engine

PDF (Q&A)

$36.75  $104.99
buy now GSEC pdf