GIAC Security Leadership Certification (GSLC)
Last Update May 18, 2024
Total Questions : 567
We are offering FREE GSLC GIAC exam questions. All you do is to just go and sign up. Give your details, prepare GSLC free exam questions and then go for complete pool of GIAC Security Leadership Certification (GSLC) test questions that will help you more.
The Project Procurement Management knowledge area focuses on which of the following processes?
Each correct answer represents a complete solution. Choose two.
Which of the following protocols is used as a transport protocol for Internet dial-up connections?
Which of the following options is an approach to restricting system access to authorized users?
Which of the following tools is based on Linux and used to carry out the Penetration Testing?
Which of the following is used to provide the service of exchanging data directly between two hosts on the same network?
Which of the following is a process of monitoring data packets that travel across a network?
Which of the following contains information that is read by a Web application whenever a user visits a site?
Which networking protocol is used to authenticate users or devices before granting them access to a network?
SSH is a network protocol that allows data to be exchanged between two networks using a secure channel. Which of the following encryption algorithms can be used by the SSH protocol?
Each correct answer represents a complete solution. Choose all that apply.
Which field is NOT defined while creating rules for the Network Honeypot rulebase?
You are the Administrator of a Windows 2000 based network for Info Tech Inc. You install and configure Certificate Authorities (CAs) on the network. You are currently configuring the public key group policy for the domain.
You configure the group policy to specify automatic enrollment and renewal for certificates. But when you attempt to test this configuration, you find that the enrollment is not working properly.
What is the most likely cause?
Which of the following are vulnerable to social engineering attacks?
Each correct answer represents a complete solution. Choose two.
John works as a professional Ethical Hacker. He has been assigned the task of testing the security of www.we-are-secure.com. He installs a sniffer on the We-are-secure server thinking that the following protocols of the We-are-secure server are being used in the network:
• HTTP
• SSL
• SSH
• IPSec
Considering the above factors, which of the following types of packets can he expect to see captured in encrypted form when he checks the sniffer's log file?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is a structured review of the procurement process originated at the Plan Procurements process?
Which of the following components are usually found in an Intrusion detection system (IDS)?
Each correct answer represents a complete solution. Choose two.
Holly is the project manager of the GHQ Project for her organization. The project is using the AAA IT Integrators Corporation as a vendor to do a portion of the project work. Mitch Smith, the IT Directors for the AAA IT Integrators Corporation, reports that his team has completed the project work. Holly and her team review the deliverables and she confirms that Mitch's team has indeed completed the work according to the statement of work. What document should Holly refer to now to determine the next course of action with the AAA IT Integrators Corporation?
You are the project manager of a large project that will span several time zones. You'll be utilizing project team members from across several departments. Project team members won't be working on the project full-time and will join and leave the project based on assignments in the project schedule.
What project management plan can you create to help you manage when project times will be brought onto and released from the project team?
Which key of the Asymmetric encryption is used to encrypt the data when a user sends a message or data to another user?
You are concerned about possible hackers doing penetration testing on your network as a prelude to an attack. What would be most helpful to you in finding out if this is occurring?
Which of the following attacks can be mitigated by providing proper training to the employees in an organization?
Which of the following intrusion detection systems (IDS) monitors network traffic and compares it against an established baseline?
You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries. But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be involved in resolving this process and find a solution?
Each correct answer represents a part of the solution. Choose all that apply.
Which of the following is an entry in an object's discretionary access control list (DACL) that grants permissions to a user or group?
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using the Linux operating system. He wants to use a wireless sniffer to sniff the We-are-secure network. Which of the following tools will he use to accomplish his task?
Which of the following protocols provides mail forwarding and information storing features?
A management workstation collects and connects events from multiple IPS sensors in the network.
Which protocol is used in this process?
Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 Active Directory domain-based network. The domain consists of two Windows 2003 member servers and 500 Windows XP Professional client computers. The member servers are working as file servers. All the member servers are located in an OU named MEMSERV. Mark wants to test IPSec interoperability on the network. For this purpose, he creates a GPO named EXP. In the EXP GPO, he creates an IPSec policy named IPTEST. The IPTEST policy contains a rule that specifies the use of Encapsulating Security Payload (ESP) with null encryption. The IPTEST policy is applied to the member servers by linking the EXP GPO to the MEMSERV OU. After testing the IPSec interoperability, Mark wants to ensure that the member servers no longer use the IPTEST policy. What will he do to accomplish the task?
Which of the following are the limitations for the cross site request forgery (CSRF) attack?
Each correct answer represents a complete solution. Choose all that apply.
Which firewall architecture uses two NICs with a screening router inserted between the host and the untrusted network?
Which of the following attacks allows an attacker to recover the key in an RC4 encrypted stream from a large number of messages in that stream?
You are concerned about attackers simply passing by your office, discovering your wireless network, and getting into your network via the wireless connection. Which of the following are NOT steps in securing your wireless connection?
Each correct answer represents a complete solution. Choose two.
All of the following are the password cracking attacks performed by the cain tool except for which one?
Which of the following is the process of comparing cryptographic hash functions of system executables and configuration files?
Which of the following is the practice of a domain name registrant using the five-day "grace period" (the Add Grace Period or AGP) at the beginning of the registration of an ICANN-regulated second-level domain to test the marketability of the domain?
Which of the following is a software testing method that uses an internal perspective of the system to design test cases based on the internal structure?
Which of the following viruses infects Word 97 documents and the NORMAL.DOT file of Word 97 and Word 2000?
Which of the following statements about Digest authentication are true?
Each correct answer represents a complete solution. Choose two.
Which of the following wireless security features provides the best wireless security mechanism?
You are responsible for the security computers in college labs. Since a number of students have significant computer skills, you wish to make security impossible to breach through normal operating system based means. Furthermore, you want to have the security require a password that must be entered before the operating system even loads. What will you do to accomplish the task?
An executive in your company reports odd behavior on her PDA. After investigation you discover that a trusted device is actually copying data off the PDA. The executive tells you that the behavior started shortly after accepting an e-business card from an unknown person. What type of attack is this?
Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?
In which of the following social engineering attacks does an attacker first damage any part of the target's equipment and then advertise himself as an authorized person who can help fix the problem.
Which of the following statements are true about an application-level gateway?
Each correct answer represents a complete solution. Choose all that apply.
Maria has been recently appointed as a Network Administrator in Gentech Inc. She has been tasked to perform network security testing to find out the vulnerabilities and shortcomings of the present network infrastructure. Which of the following testing approaches will she apply to accomplish this task?
You are a project manager who is completing a project for another organization. The project you are managing will have phased deliverables throughout the project. Stakeholders are required to complete scope validation at the end of each phase so that the project can move forward. Your payment requests will also be attached to the approval of each phase so it is important to you, on several levels, that the stakeholders participate in scope validation as soon as they are requested. You have documented the process for reviewing the product acceptance criteria with the stakeholders.
What project document details the product acceptance criteria in all the projects?
Which of the following processes is described in the statement below?
"This is the process of numerically analyzing the effect of identified risks on overall project objectives."
John works as a Website Administrator in ABC Inc. The company has to set a privacy policy on all the computers. The policy requires John to restrict only third party cookies that do not have a compact private policy or that use personally identifiable information without a user's implicit consent. He reports to the Technical Support Executive that he wants to set the policy. The Technical Support Executive asks him to configure the settings in the Privacy tab page. Which of the following privacy settings will John use to accomplish the task?
John is a merchant. He has set up a LAN in his office. Some important files are deleted as a result of virus attack. John wants to ensure that it does not happen again. What will he use to protect his data from virus?
Victor wants to send an encrypted message to his friend. He is using certain steganography technique to accomplish this task. He takes a cover object and changes it accordingly to hide information. This secret information is recovered only when the algorithm compares the changed cover with the original cover. Which of the following Steganography methods is Victor using to accomplish the task?
You are the project manager of a Web development project. You want to get information about your competitors by hacking into their computers. You and the project team determine should the hacking attack not be performed anonymously, you will be traced. Hence, you hire a professional hacker to work on the project. This is an example of what type of risk response?
Which of the following processes is NOT a part of the Project Procurement Management Knowledge Area?
You are responsible for security on your network. One particular concern is the theft of sensitive data. You want to make sure that end users do not (purposefully or accidentally) take data off the premises. Which of the following should you be concerned about?
Each correct answer represents a complete solution. Choose all that apply.
Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security equivalent to wired networks for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. Which of the following statements are true about WEP?
Each correct answer represents a complete solution. Choose all that apply.
Which methodology is a method to analyze the involved tasks in completing a given project, especially the time needed to complete each task, and identifying the minimum time needed to complete the total project?
Which of the following types of attacks entices a user to disclose personal information such as social security number, bank account details, or credit card number?
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He copies the whole structure of the We-are-secure Web site to the local disk and obtains all the files on the Web site. Which of the following techniques is he using to accomplish his task?
Which of the following are the examples of administrative controls?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following statements about Encapsulating Security Payload (ESP) is true?
Which of the following PPP configuration options is used to increase the effective throughput on PPP connections by reducing the amount of data in the frame that must travel across the link?
Which of the following standards is used in wireless local area networks (WLANs)?
Mark works as a Network Administrator for Infonet Inc. The company has a Windows 2003 domainbased network. The network contains five Windows 2003 member servers and 300 Windows XP Professional client computers. Mark is setting up a wireless network for the company. He is planning to implement 802.1x authentication for this new wireless network. Mark is not planning to use a public key infrastructure (PKI) and certificates for authentication. Mark also wants an encrypted authentication channel and a fast reconnect using cached session keys. Which of the following authentication methods will he use to accomplish the task?
Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:
1. Smoothening and decreasing contrast by averaging the pixels of the area where significant color transitions occurs.
2. Reducing noise by adjusting color and averaging pixel value.
3. Sharpening, Rotating, Resampling, and Softening the image.
Which of the following Steganography attacks is Victor using?
You work as a project manager for TYU project. You are planning for risk mitigation. You need to identify the risks that will need a more in-depth analysis. Which of the following activities will help you in this?
Which of the following provides security by implementing authentication and encryption on Wireless LAN (WLAN)?
Mark works as a Network Administrator for Technet Inc. The company has a Windows 2003 domainbased network. The network has a file server that uses a RAID-5 volume. The RAID-5 volume is configured with five hard disk drives. Over the weekend, a drive in the RAID-5 volume fails. What will Mark do to restore the RAID-5 volume?
Which of the following statements about Public Key Infrastructure (PKI) are true?
Each correct answer represents a complete solution. Choose two.
Which of the following protocols is used for destination and error reporting functions in datagram processing?
Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?
John works as an IT Technician for PassGuide Inc. One morning, John receives an e-mail from the company's Manager asking him to provide his logon ID and password, but the company policy restricts users from disclosing their logon IDs and passwords. Which type of possible attack is this?
A Security administrator wants to configure policies that dictate what types of network traffic are allowed in the network. Which types of signature should he use to configure such type of policies?
Which of the following are the countermeasures against a man-in-the-middle attack?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following statements about a host-based intrusion prevention system (HIPS) are true?
Each correct answer represents a complete solution. Choose two.
You work as a Network Administrator for Net World Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. A Public Key Infrastructure (PKI) is installed on a server in the domain. You are planning to go on vacation for two weeks. Your team has three assistant administrators. You are required to accomplish the following tasks:
• Delegate the authority to the assistant administrators to issue, approve, and revoke certificates.
• The solution must involve least administrative burden.
Which of the following steps will you take to accomplish the tasks?
You work as a Network Administrator for McNeil Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest domain-based network. The company's management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks:
The wireless network communication should be secured.
The laptop users should be able to use smart cards for getting authenticated.
In order to accomplish the tasks, you take the following steps:
Configure 802.1x and WEP for the wireless connections.
Configure the PEAP-MS-CHAP v2 protocol for authentication
What will happen after you have taken these steps?
John works as a Security Administrator for Enet Inc. He uses a 4 digits personal identification number (PIN) to access the computer and a token is used to perform offline checking whether John has entered the correct PIN or not. Which of the following attacks is possible on John's computer?
You are the project manager of the GYG Project. A new scope change is being considered for your project. You are concerned, however, that the scope change may add costs, risks, and adversely affect the project schedule. What project management process is responsible for evaluating the full effect of a proposed scope change on your project?
You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest network. You have recently added three new SCSI hard disk drives to a domain controller that already has two physical disk drives. The new SCSI disk drives are configured in a RAID-5 array. You are required to enhance the performance of the Active Directory database on the domain controller. Which of the following steps will you take to accomplish the task?
Each correct answer represents a part of the solution. Choose two.
Which of the following exists between the client and the server system to provide security and allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer protocols?
You work as a project manager for an IT project. You are analyzing activity sequences, durations, resource requirements, and schedule constraints to create the project schedule. In which of the following Knowledge Areas are you working on?
Which of the following are examples of administrative controls that involve all levels of employees within an organization and determine which users have access to what resources and information?
Each correct answer represents a complete solution. Choose three.
You have configured a virtualized Internet browser on your Windows XP professional computer. Using the virtualized Internet browser, you can protect your operating system from which of the following?
You and your project team have identified the project risks and now are analyzing the probability and impact of the risks. What type of analysis of the risks provides a quick and high-level review of each identified risk event?