What type of formal document would include the following statement?
Employees are responsible for exercising good judgment regarding the reasonableness of personal use. Individual departments are responsible for creating guidelines concerning personal application of Internet/Intranet/Extranet systems. In the absence of such policies, employees should be guided by departmental policies, and if there is any uncertainty, employees should consult their supervisor or manager.
A database is accessed through an application that users must authenticate with, on a host that only accepts connections from a subnet where the business unit that uses the data is located. What defense strategy is this?
An organization keeps its intellectual property in a database. Protection of the data is assigned to one system administrator who marks the data, and monitors for this intellectual property leaving the network. Which defense-In-depth principle does this describe?
If Linux server software is a requirement in your production environment which of the following should you NOT utilize?
What type of attack can be performed against a wireless network using the tool Kismet?
You are examining a packet capture session in Wire shark and see the packet shown in the accompanying image. Based on what you see, what is the appropriate protection against this type of attempted attack?
Which of the following is a valid password for a system with the default "Password must meet complexity requirements" setting enabled as part of the GPO Password policy requirements?
What is the name of the command-line tool for Windows that can be used to manage audit policies on remote systems?
The process of enumerating all hosts on a network defines which of the following activities?
If the NET_ID of the source and destination address in an IP (Internet Protocol) packet match, which answer BEST describes the routing method the sending host will use?
When file integrity checking is enabled, what feature is used to determine if a monitored file has been modified?
Which of the following statements would describe the term "incident" when used in the branch of security known as Incident Handling?
Which of the following statements about DMZ are true?
Each correct answer represents a complete solution. Choose two.
Which Defense-in-Depth model involves identifying various means by which threats can become manifest and providing security mechanisms to shut them down?
Which of the following is the key point to consider in the recovery phase of incident handling?
Which of the following is the key point to consider in the recovery phase of incident handling?
Which of the following authentication methods are used by Wired Equivalent Privacy (WEP)? Each correct answer represents a complete solution. Choose two.
During which of the following steps is the public/private key-pair generated for Public Key Infrastructure (PKI)?
A Host-based Intrusion Prevention System (HIPS) software vendor records how the Firefox Web browser interacts with the operating system and other applications, and identifies all areas of Firefox functionality. After collecting all the data about how Firefox should work, a database is created with this information, and it is fed into the HIPS software. The HIPS then monitors Firefox whenever it's in use. What feature of HIPS is being described in this scenario?
Which of the following tools is used to query the DNS servers to get detailed information about IP addresses, MX records, and NS servers?
An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?
What method do Unix-type systems use to prevent attackers from cracking passwords using pre-computed hashes?
Which of the following Microsoft services integrates SSO into Microsoft 365 by syncing with on-premises servers?
Which of the following fields CANNOT be hashed by Authentication Header (AH) in transport mode?
You have implemented a firewall on the company's network for blocking unauthorized network connections. Which of the following types of security control is implemented in this case?
Which of the following processes Is used to prove a user Is who they claim to be based upon something they know, have, are, and/or their physical location?
One of your Linux systems was compromised last night. According to change management history and a recent vulnerability scan, the system's patches were up-to-date at the time of the attack. Which of the following statements is the Most Likely explanation?
When considering ingress filtering, why should all inbound packets be dropped if they contain a source address from within the protected network address space?
What are the two actions the receiver of a PGP email message can perform that allows establishment of trust between sender and receiver?
Which choice best describes the line below?
alert tcp any any -> 192.168.1.0/24 80 (content: /cgi-bin/test.cgi"; msg: "Attempted
CGI-BIN Access!!";)
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we- are-secure.com. He installs a rootkit on the Linux server of the We-are-secure network. Which of the following statements are true about rootkits?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following terms is used for the process of securing a system or a device on a network infrastructure?
Your system has been infected by malware. Upon investigation, you discover that the malware propagated primarily via email. The malware attacked known vulnerabilities for which patches are available, but due to problems with your configuration management system you have no way to know which systems have been patched and which haven't, slowing your progress in patching your network. Of the following, which solution would you use to protect against this propagation vector?
When using Pretty Good Privacy (PGP) to digitally sign a message, the signature is created in a two-step process. First, the message to be signed is submitted to PGP's cryptographic hash algorithm. What is one of the hash algorithms used by PGP for this process?
An employee is currently logged into the corporate web server, without permission. You log into the web server as 'admin" and look for the employee's username: "dmaul" using the "who" command. This is what you get back:
An attacker is able to trick an IDS into ignoring malicious traffic through obfuscation of the packet payload. What type of IDS error has occurred?
Which of the following protocols provides maintenance and error reporting function?
In order to capture traffic for analysis, Network Intrusion Detection Systems (NIDS) operate with network cards in what mode?
Which of the following statements about the integrity concept of information security management are true?
Each correct answer represents a complete solution. Choose three.
Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two.
You work as a Network Administrator for Secure World Inc. The company has a Linux-based network. You want to run a command with the changed root directory. Which of the following commands will you use?
A simple cryptosystem that keeps the same letters and shuffles the order is an example of what?
You work as a Linux technician for Tech Perfect Inc. You have lost the password of the root. You want to provide a new password. Which of the following steps will you take to accomplish the task?
You work as a Network Administrator for Tech2tech Inc. You have configured a network-based IDS for your company. You have physically installed sensors at all key positions throughout the network such that they all report to the command console.
What will be the key functions of the sensors in such a physical layout?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following attacks can be mitigated by avoiding making system calls from within a web application?
Which of the following is a new Windows Server 2008 feature for the Remote Desktop Protocol (RDP)?
A Windows administrator wants to automate local and remote management tasks in Active Directory. Which tool is most appropriate for this?
A system administrator sees the following URL in the webserver logs:
Which action will mitigate against this attack?
What security practice is described by NIST as the application of science to the identification, collection, examination, and analysis of data while maintaining data integrity and chain of custody?
Using PowerShell ISE running as an Administrator, navigate to the
C:\hlindows\security\tevplatesdirectory. Use secedit.exe in analyze mode to compare the temp.sdb and uorkstdtionSecureTmplate.inf files, and output the findings to a file called log.txt. Which configuration setting under Analyze User Rights reports a mismatch?
Hints:
Use files located in the C \windows\security\templates\ directory
The log. txt file will be created in the directory the secedit.exe command is run from
Which of the following applications would be BEST implemented with UDP instead of TCP?
How are differences in configuration settings handled between Domain and Local Group Policy Objects (GPOs)?
A web application requires multifactor authentication when a user accesses the application from a home office but does not require this when the user is in the office. What access control model is this describing?
What is the most secure way to address an unused Windows service so it cannot be exploited by malware?
Jonny Is an IT Project Manager. He cannot access the folder called "IT Projects" but can access a folder called "Sales Data" even though he's not on the sales team. Which information security principle has failed?
Which of the following are the types of access controls?
Each correct answer represents a complete solution. Choose three.
There is not universal agreement on the names of the layers in the TCP/IP networking model. Which of the following is one of the functions of the bottom layer which is sometimes called the Network Access or Link Layer?
What is needed for any of the four options for Azure AD multi-factor user authentication?
While using Wire shark to investigate complaints of users being unable to login to a web application, you come across an HTTP POST submitted through your web application. The contents of the POST are listed below. Based on what you see below, which of the following would you recommend to prevent future damage to your database?
Which of the following protocols is used by a host that knows its own MAC (Media Access Control) address to query a server for its own IP address?
Which AWS service integrates with the Amazon API Gateway to provision and renew TLS encryption needs for data in transit?
In an Active Directory domain, which is the preferred method of keeping host computers patched?
You have set up a local area network for your company. Your firewall separates your network into several sections: a DMZ with semi-public servers (web, dns, email) and an intranet with private servers. A penetration tester gains access to both sections and installs sniffers in each. He is able to capture network traffic for all the devices in the private section but only for one device (the device with the sniffer) in the DMZ. What can be inferred about the design of the system?
Which of the following are advantages of Network Intrusion Detection Systems (NIDS)?
Which of the following is generally practiced by the police or any other recognized governmental authority?
Which of the following tools is used to configure, control, and query the TCP/IP network interface parameters?
Which attack stage mirrors the Information Gathering phase used in penetration testing methodology?
At what point in the Incident Handling process should an organization determine its approach to notifying law enforcement?
You work as a Network Administrator for McNeil Inc. You are installing an application. You want to view the log file whenever a new entry is added to the /var/log/messages log file. Which of the following commands will you use to accomplish this?
The previous system administrator at your company used to rely heavily on email lists, such as vendor lists and Bug Traq to get information about updates and patches. While a useful means of acquiring data, this requires time and effort to read through. In an effort to speed things up, you decide to switch to completely automated updates and patching. You set up your systems to automatically patch your production servers using a cron job and a scripted apt-get upgrade command. Of the following reasons, which explains why you may want to avoid this plan?
To be considered a strong algorithm, an encryption algorithm must be which of the following?
Which of the below choices should an organization start with when implementing an effective risk management process?
You work as a Network Administrator for NetTech Inc. The company wants to encrypt its e-mails. Which of the following will you use to accomplish this?
Use Hashcat to crack a local shadow file. What Is the password for the user account AGainsboro?
Hints
Hints
• The shadow file (shadow) and Hashcat wordlist (gsecwordlist.txt) are located in the directory. home giac PasswordHashing
- Run Hashcat in straight mod* (flag -a 0) to crack the MD5 hashes (flag -m 500) in the shadow file.
• Use the hash values from the Hashcat output file and the shadow file to match the cracked password with the user name.
• If required, a backup copy of the original files can be found in the shadowbackup directory.
You work as a Network Administrator for NetTech Inc. To ensure the security of files, you encrypt data files using Encrypting File System (EFS).
You want to make a backup copy of the files and maintain security settings. You can backup the files either to a network share or a floppy disk. What will you do to accomplish this?
Training an organization on possible phishing attacks would be included under which NIST Framework Core guidelines?
What is the first thing that should be done during the containment step of incident handling?
Who is responsible for deciding the appropriate classification level for data within an organization?
Which command would allow an administrator to determine if a RPM package was already installed?
Use nmap to discover a host on the 10.10.10.0/24 network, scanning only port 8082 and using the SYN or Stealth scan approach. Which host has a service called -blackice-alerts"?
What file instructs programs like Web spiders NOT to search certain areas of a site?
Which of the following is a private, RFC 1918 compliant IP address that would be assigned to a DHCP scope on a private LAN?
The Linux command to make the /etc/shadow file, already owned by root, readable only by root is which of the following?
Security Administration | GSEC Questions Answers | GSEC Test Prep | GIAC Security Essentials Questions PDF | GSEC Online Exam | GSEC Practice Test | GSEC PDF | GSEC Test Questions | GSEC Study Material | GSEC Exam Preparation | GSEC Valid Dumps | GSEC Real Questions | Security Administration GSEC Exam Questions
TESTED 13 May 2024
