GIAC Security Essentials
Last Update May 18, 2024
Total Questions : 385
We are offering FREE GSEC GIAC exam questions. All you do is to just go and sign up. Give your details, prepare GSEC free exam questions and then go for complete pool of GIAC Security Essentials test questions that will help you more.
If a Linux administrator wanted to quickly filter out extraneous data and find a running process named RootKit, which command could he use?
Included below is the output from a resource kit utility run against local host.
Which command could have produced this output?
What does Authentication Header (AH) add to the packet in order to prevent an attacker from lying about the source?
Which of the following is a new Windows Server 2008 feature for the Remote Desktop Protocol (RDP)?
Which of the following systems acts as a NAT device when utilizing VMware in NAT mode?
Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two.
Which of the following statements about IPSec are true?
Each correct answer represents a complete solution. Choose two.
Which of the below choices should an organization start with when implementing an effective risk management process?
You work as a Network Administrator for NetTech Inc. To ensure the security of files, you encrypt data files using Encrypting File System (EFS).
You want to make a backup copy of the files and maintain security settings. You can backup the files either to a network share or a floppy disk. What will you do to accomplish this?
Which of the following is NOT a recommended best practice for securing Terminal Services and Remote Desktop?
Which of the following protocols work at the Session layer of the OSI model? Each correct answer represents a complete solution. Choose all that apply.
Training an organization on possible phishing attacks would be included under which NIST Framework Core guidelines?
You are reviewing a packet capture file from your network intrusion detection system. In the packet stream, you come across a long series of "no operation" (NOP) commands. In addition to the NOP commands, there appears to be a malicious payload. Of the following, which is the most appropriate preventative measure for this type of attack?
Which of the following statements would be seen in a Disaster Recovery Plan?
Which of the following tasks is the responsibility of a Linux systems administrator who is deploying hardening scripts to his systems?
Which of the following terms refers to the process in which headers and trailers are added around user data?
A system administrator sees the following URL in the webserver logs:
Which action will mitigate against this attack?
How are differences in configuration settings handled between Domain and Local Group Policy Objects (GPOs)?
In PKI, when someone wants to verify that the certificate is valid, what do they use to decrypt the signature?
Which field in the IPv6 header is used for QoS. or specifying the priority of the packet?
Which of the following monitors program activities and modifies malicious activities on a system?
Which of the following is a required component for successful 802.lx network authentication?
When should you create the initial database for a Linux file integrity checker?
Your organization has broken its network into several sections/segments, which are separated by firewalls, ACLs and VLANs. The purpose is to defend segments of the network from potential attacks that originate in a different segment or that attempt to spread across segments.
This style of defense-in-depth protection is best described as which of the following?
Which of the following fields CANNOT be hashed by Authentication Header (AH) in transport mode?
Which of the following hardware devices prevents broadcasts from crossing over subnets?
What is the key difference between Electronic Codebook mode and other block cipher modes like Cipher Block Chaining, Cipher-Feedback and Output-Feedback?
Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP)?
Which of the following should be implemented to protect an organization from spam?
Using PowerShell ISE running as an Administrator, navigate to the
C:\hlindows\security\tevplatesdirectory. Use secedit.exe in analyze mode to compare the temp.sdb and uorkstdtionSecureTmplate.inf files, and output the findings to a file called log.txt. Which configuration setting under Analyze User Rights reports a mismatch?
Hints:
Use files located in the C \windows\security\templates\ directory
The log. txt file will be created in the directory the secedit.exe command is run from
What is the process of simultaneously installing an operating system and a Service Pack called?
You ask your system administrator to verify user compliance with the corporate policies on password strength, namely that all passwords will have at least one numeral, at least one letter, at least one special character and be 15 characters long. He comes to you with a set of compliance tests for use with an offline password cracker. They are designed to examine the following parameters of the password:
* they contain only numerals
* they contain only letters
* they contain only special characters
* they contain only letters and numerals
" they contain only letters and special characters
* they contain only numerals and special characters
Of the following, what is the benefit to using this set of tests?
What are the two actions the receiver of a PGP email message can perform that allows establishment of trust between sender and receiver?
A web application requires multifactor authentication when a user accesses the application from a home office but does not require this when the user is in the office. What access control model is this describing?
Which of the following statements would describe the term "incident" when used in the branch of security known as Incident Handling?
Which type of risk assessment results are typically categorized as low, medium, or high-risk events?
Which of the following would be used to explicitly deny the traffic from a foreign IP address scanning the EC2 Instances in a VPC?
You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. You are required to search for the error messages in the /var/log/messages log file. Which of the following commands will you use to accomplish this?
When discussing access controls, which of the following terms describes the process of determining the activities or functions that an Individual is permitted to perform?
There are three key factors in selecting a biometric mechanism. What are they?
Which common firewall feature can be utilized to generate a forensic trail of evidence and to identify attack trends against your network?
To be considered a strong algorithm, an encryption algorithm must be which of the following?
The Linux command to make the /etc/shadow file, already owned by root, readable only by root is which of the following?
Use Hashcat to crack a local shadow file. What Is the password for the user account AGainsboro?
Hints
Hints
• The shadow file (shadow) and Hashcat wordlist (gsecwordlist.txt) are located in the directory. home giac PasswordHashing
- Run Hashcat in straight mod* (flag -a 0) to crack the MD5 hashes (flag -m 500) in the shadow file.
• Use the hash values from the Hashcat output file and the shadow file to match the cracked password with the user name.
• If required, a backup copy of the original files can be found in the shadowbackup directory.
With regard to defense-in-depth, which of the following statements about network design principles is correct?
You work as a Network Administrator for McRobert Inc. You want to know the NetBIOS name of your computer. Which of the following commands will you use?
Users at the Marketing department are receiving their new Windows XP Professional workstations. They will need to maintain local work files in the first logical volume, and will use a second volume for the information shared between the area group. Which is the best file system design for these workstations?
In preparation to do a vulnerability scan against your company's systems. You've taken the steps below:
You've notified users that there will be a system test.
You've priontized and selected your targets and subnets.
You've configured the system to do a deep scan.
You have a member of your team on call to answer questions.
Which of the following is a necessary step to take prior to starting the scan?
Which of the following is a type of countermeasure that can be deployed to ensure that a threat vector does not meet a vulnerability?
Which Terraform command should be run immediately after creating a new configuration file for a cloud-based virtual machine?
Which of the following activities would take place during the containment phase?
You work as a Network Administrator for McNeil Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest domain-based network. The company's management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks:
The wireless network communication should be secured.
The laptop users should be able to use smart cards for getting authenticated. In order to accomplish the tasks, you take the following steps:
Configure 802.1x and WEP for the wireless connections. Configure the PEAP-MS-CHAP v2 protocol for authentication. What will happen after you have taken these steps?
Which Defense-in-Depth principle starts with an awareness of the value of each section of information within an organization?
A security analyst has entered the following rule to detect malicious web traffic:
alert tcp any -> 192.168.1.0/24 SO (msg: Attempted SQL Injection!"; sld:20000O01;)
How can this rule be changed to reduce false positives?
What is the name of the command-line tool for Windows that can be used to manage audit policies on remote systems?
When designing wireless networks, one strategy to consider is implementing security mechanisms at all layers of the OSI model. Which of the following protection mechanisms would protect layer 1?
You work as a Network Administrator for NetTech Inc. When you enter http://66.111.64.227 in the browser 's address bar, you are able to access the site. But, you are unable to access the site when you enter http://www.uCertify.com. What is the most likely cause?
Which choice best describes the line below?
alert tcp any any -> 192.168.1.0/24 80 (content: /cgi-bin/test.cgi"; msg: "Attempted
CGI-BIN Access!!";)
What is the most secure way to address an unused Windows service so it cannot be exploited by malware?
You work as a Network Administrator for Tech Perfect Inc. The company has a Linux-based network. You want to kill a process running on a Linux server. Which of the following commands will you use to know the process identification number (PID) of the process?
An employee attempting to use your wireless portal reports receiving the error shown below. Which scenario is occurring?
Which of the following are examples of Issue-Specific policies all organizations should address?
Use Wireshark to analyze Desktop;PCAP FILES/charile.pcap
What is the destination IP address in packet #3?
Which of the following is a valid password for a system with the default "Password must meet complexity requirements" setting enabled as part of the GPO Password policy requirements?
A Network Engineer is charged with maintaining and protecting a network with a high availability requirement. In addition to other defenses, they have chosen to implement a NIPS. How should the NIPS failure conditions be configured to ensure availability if the NIPS is installed in front of the Firewall that protects the DMZ?
Your organization is developing a network protection plan. No single aspect of your network seems more important than any other. You decide to avoid separating your network into segments or categorizing the systems on the network. Each device on the network is essentially protected in the same manner as all other devices.
This style of defense-in-depth protection is best described as which of the following?
You work as a Network Administrator for Secure World Inc. The company has a Linux-based network. You want to run a command with the changed root directory. Which of the following commands will you use?
You are an Intrusion Detection Analyst and the system has alerted you to an Event of Interest (EOI) that appears to be activity generated by a worm. You investigate and find that the network traffic was normal. How would this type of alert be categorized?
Which of the following processes Is used to prove a user Is who they claim to be based upon something they know, have, are, and/or their physical location?
Which of the following statements about Microsoft's VPN client software is FALSE?
You work as a Network Administrator for Tech2tech Inc. You have configured a network-based IDS for your company. You have physically installed sensors at all key positions throughout the network such that they all report to the command console.
What will be the key functions of the sensors in such a physical layout?
Each correct answer represents a complete solution. Choose all that apply.
At what point in the Incident Handling process should an organization determine its approach to notifying law enforcement?
An IT security manager is trying to quickly assess the risks associated with not implementing a corporate firewall system. What sort of risk assessment is most appropriate?
The previous system administrator at your company used to rely heavily on email lists, such as vendor lists and Bug Traq to get information about updates and patches. While a useful means of acquiring data, this requires time and effort to read through. In an effort to speed things up, you decide to switch to completely automated updates and patching. You set up your systems to automatically patch your production servers using a cron job and a scripted apt-get upgrade command. Of the following reasons, which explains why you may want to avoid this plan?
What type of formal document would include the following statement?
Employees are responsible for exercising good judgment regarding the reasonableness of personal use. Individual departments are responsible for creating guidelines concerning personal application of Internet/Intranet/Extranet systems. In the absence of such policies, employees should be guided by departmental policies, and if there is any uncertainty, employees should consult their supervisor or manager.
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He wants to change the startup shell of Maria from bash to tcsh. Which of the following commands will John use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following applications would be BEST implemented with UDP instead of TCP?
Where are user accounts and passwords stored in a decentralized privilege management environment?
Which of the following authentication methods are used by Wired Equivalent Privacy (WEP)? Each correct answer represents a complete solution. Choose two.
In the directory C:\lmages\steer there Is an Image file lmage_4240.png with a data string encoded inside the file. What word is hidden in the file?
Which of the following SIP INVITE lines indicates to the remote registrar the VoIP phone that initiated the call?
Validating which vulnerabilities in a network environment are able to be exploited by an attacker is called what?
What is the main problem with relying solely on firewalls to protect your company's sensitive data?
Dilbert wants to have a script run on his Windows server every time Wally logs into it. Where should he place this script?
Against policy, employees have installed Peer-to-Peer applications on their workstations and they are using them over TCP port 80 to download files via the company network from other Peer-to-Peer users on the Internet. Which of the following describes this threat?
Which of the following statements about the integrity concept of information security management are true?
Each correct answer represents a complete solution. Choose three.
What Amazon Web Services (AWS) term describes a grouping of at least one datacenter with redundant power, high speed connections to other data centres and the Internet?
What is the name of the Windows XP/2003 tool that you can use to schedule commands to be executed on remote systems during off-peak hours?
What is the maximum number of connections a normal Bluetooth device can handle at one time?
Which of the following tools is used to configure, control, and query the TCP/IP network interface parameters?
How can an adversary utilize a stolen database of unsalted password hashes?
When using Pretty Good Privacy (PGP) to digitally sign a message, the signature is created in a two-step process. First, the message to be signed is submitted to PGP's cryptographic hash algorithm. What is one of the hash algorithms used by PGP for this process?
Which of the following is a name, symbol, or slogan with which a product is identified?
Which of the following is required to be backed up on a domain controller to recover Active Directory?
You have an automated system for patching the operating systems of all your computers. All patches are supposedly current. Yet your automated vulnerability scanner has just reported vulnerabilities that you believe have been patched. Which of the actions below should you take next?
Which of the following protocols is used by a host that knows its own MAC (Media Access Control) address to query a server for its own IP address?
Fill in the blank with the correct answer to complete the statement below.
The permission is the minimum required permission that is necessary for a user to enter a directory and list its contents.