GIAC GSEC GIAC Security Essentials Exam Practice Test

Which of the following activities would take place during the containment phase?

Which of the following applications cannot proactively detect anomalies related to a computer?

Which Terraform command should be run immediately after creating a new configuration file for a cloud-based virtual machine?

A simple cryptosystem that keeps the same letters and shuffles the order is an example of what?

Which of the following attack vectors are addressed by Xinetd and TCP Wrappers?

Which port category does the port 110 fall into?

How is confidentiality disabled in the IPSec Encapsulated Security Payload protocol?

Which of the following tools is used to configure, control, and query the TCP/IP network interface parameters?

IPS devices that are classified as "In-line NIDS" devices use a combination of anomaly analysis, signature-based rules, and what else to identify malicious events on the network?

A Network Engineer is charged with maintaining and protecting a network with a high availability requirement. In addition to other defenses, they have chosen to implement a NIPS. How should the NIPS failure conditions be configured to ensure availability if the NIPS is installed in front of the Firewall that protects the DMZ?

An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?

Use Hashcat to crack a local shadow file. What Is the password for the user account AGainsboro?

Hints

Hints

• The shadow file (shadow) and Hashcat wordlist (gsecwordlist.txt) are located in the directory. home giac PasswordHashing

- Run Hashcat in straight mod* (flag -a 0) to crack the MD5 hashes (flag -m 500) in the shadow file.

• Use the hash values from the Hashcat output file and the shadow file to match the cracked password with the user name.

• If required, a backup copy of the original files can be found in the shadowbackup directory.

You are reviewing a packet capture file from your network intrusion detection system. In the packet stream, you come across a long series of "no operation" (NOP) commands. In addition to the NOP commands, there appears to be a malicious payload. Of the following, which is the most appropriate preventative measure for this type of attack?

If an attacker compromised a host on a site's internal network and wanted to trick other machines into using that host as the default gateway, which type of attack would he use?

What is the purpose of notifying stakeholders prior to a scheduled vulnerability scan?

How does a default deny rule in a firewall prevent unknown attacks?

Which of the following quantifies the effects of a potential disaster over a period of time?

An application developer would like to replace Triple DES in their software with a stronger algorithm of the same type. Which of the following should they use?

What is achieved with the development of a communication flow baseline?

Fill in the blank with the correct answer to complete the statement below.

The permission is the minimum required permission that is necessary for a user to enter a directory and list its contents.

What improvement could a company that is rated at a NIST Implementation Tier of 2:

Risk Informed do to Increase their rating to a Tier 3: Repeatable?

Which of the following statements about IPSec are true?

Each correct answer represents a complete solution. Choose two.

Which of the following defines the communication link between a Web server and Web applications?

What type of HTTP session tracking artifact is designed to expire once a user’s web browser session is closed?

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we- are-secure.com. He installs a rootkit on the Linux server of the We-are-secure network. Which of the following statements are true about rootkits?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following are used to suppress gasoline and oil fires? Each correct answer represents a complete solution. Choose three.

The process of enumerating all hosts on a network defines which of the following activities?

How often is session information sent to the web server from the browser once the session information has been established?

Which of the following processes Is used to prove a user Is who they claim to be based upon something they know, have, are, and/or their physical location?

Which of the four basic transformations in the AES algorithm involves the leftward circular movement of state data?

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. He is working as a root user on the Linux operating system. He wants to delete his private.txt file from his operating system. He knows that the deleted file can be recovered easily. Hence, he wants to delete the file securely. He wants to hide the shredding, and so he desires to add a final overwrite of the file private.txt with zero. Which of the following commands will John use to accomplish his task?

Your organization is developing a network protection plan. No single aspect of your network seems more important than any other. You decide to avoid separating your network into segments or categorizing the systems on the network. Each device on the network is essentially protected in the same manner as all other devices.

This style of defense-in-depth protection is best described as which of the following?

Which file would the entry below be found in?

net.ipv6.conf.all.acctpt-ra=0

What is a limitation of deploying HIPS on a workstation?

Which of the following applications would be BEST implemented with UDP instead of TCP?

Which class of IDS events occur when the IDS fails to alert on malicious data?

You have an automated system for patching the operating systems of all your computers. All patches are supposedly current. Yet your automated vulnerability scanner has just reported vulnerabilities that you believe have been patched. Which of the actions below should you take next?

Which of the following is a backup strategy?

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. You have configured a firewall on the network. A filter has been applied to block all the ports. You want to enable sending and receiving of emails on the network. Which of the following ports will you open?

Each correct answer represents a complete solution. Choose two.

Which of the following is the key point to consider in the recovery phase of incident handling?

Which of the following is the key point to consider in the recovery phase of incident handling?

Many IIS servers connect to Microsoft SQL databases. Which of the following statements about SQL server security is TRUE?

Which of the following should be implemented to protect an organization from spam?

What would the following IP tables command do?

IP tables -I INPUT -s 99.23.45.1/32 -j DROP

Which of the following fields CANNOT be hashed by Authentication Header (AH) in transport mode?

What is the motivation behind SYN/FIN scanning?

Which of the following statements about DMZ are true?

Each correct answer represents a complete solution. Choose two.

Which of the following is more commonly used for establishing high-speed backbones that interconnect smaller networks and can carry signals over significant distances?

What is the command-line tool for Windows XP and later that allows administrators the ability to get or set configuration data for a very wide variety of computer and user account settings?

Which of the following statements best describes where a border router is normally placed?

Which of the following is used to allow or deny access to network resources?

You work as a Network Administrator for McNeil Inc. You are installing an application. You want to view the log file whenever a new entry is added to the /var/log/messages log file. Which of the following commands will you use to accomplish this?

What is TRUE about Workgroups and Domain Controllers?

For most organizations, which of the following should be the highest priority when it comes to physical security concerns?

Which of the following protocols implements VPN using IPSec?

You have set up a local area network for your company. Your firewall separates your network into several sections: a DMZ with semi-public servers (web, dns, email) and an intranet with private servers. A penetration tester gains access to both sections and installs sniffers in each. He is able to capture network traffic for all the devices in the private section but only for one device (the device with the sniffer) in the DMZ. What can be inferred about the design of the system?

You work as a Network Administrator for McNeil Inc. The company has a Linux-based network. David, a Sales Manager, wants to know the name of the shell that he is currently using. Which of the following commands will he use to accomplish the task?

Which of the below choices should an organization start with when implementing an effective risk management process?

Which of the following choices accurately describes how PGP works when encrypting email?

Which of the following is NOT a recommended best practice for securing Terminal Services and Remote Desktop?

Which of the following is an advantage of an Intrusion Detection System?

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He wants to change the modified date and time of the file private.txt to 11 Nov 2009 02:59:58 am. Which of the following commands will John use to accomplish his task?

Each correct answer represents a complete solution. Choose all that apply.

What type of formal document would include the following statement?

Employees are responsible for exercising good judgment regarding the reasonableness of personal use. Individual departments are responsible for creating guidelines concerning personal application of Internet/Intranet/Extranet systems. In the absence of such policies, employees should be guided by departmental policies, and if there is any uncertainty, employees should consult their supervisor or manager.

When a host on a remote network performs a DNS lookup of www.google.com, which of the following is likely to provide an Authoritative reply?

Which aspect of UNIX systems was process accounting originally developed for?

Your system has been infected by malware. Upon investigation, you discover that the malware propagated primarily via email. The malware attacked known vulnerabilities for which patches are available, but due to problems with your configuration management system you have no way to know which systems have been patched and which haven't, slowing your progress in patching your network. Of the following, which solution would you use to protect against this propagation vector?

A folder D:\Files\Marketing has the following NTFS permissions:

• Administrators: Full Control

• Marketing: Change and Authenticated

• Users: Read

It has been shared on the server as "MARKETING", with the following share permissions:

• Full Control share permissions for the Marketing group

Which of the following effective permissions apply if a user from the Sales group accesses the \\FILESERVER\MARKETING shared folder?

What Windows log should be checked to troubleshoot a Windows service that is falling to start?

An organization keeps its intellectual property in a database. Protection of the data is assigned to one system administrator who marks the data, and monitors for this intellectual property leaving the network. Which defense-In-depth principle does this describe?

Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

Which of the following elements is the most important requirement to ensuring the success of a business continuity plan?

What would the file permission example "rwsr-sr-x" translate to in absolute mode?

Which of the following utilities provides an efficient way to give specific users permission to use specific system commands at the root level of a Linux operating system?

Which of the following terms is used for the process of securing a system or a device on a network infrastructure?

Use nmap to discover a host on the 10.10.10.0/24 network, scanning only port 8082 and using the SYN or Stealth scan approach. Which host has a service called -blackice-alerts"?

In order to capture traffic for analysis, Network Intrusion Detection Systems (NIDS) operate with network cards in what mode?

If you do NOT have an original file to compare to, what is a good way to identify steganography in potential carrier files?

You ask your system administrator to verify user compliance with the corporate policies on password strength, namely that all passwords will have at least one numeral, at least one letter, at least one special character and be 15 characters long. He comes to you with a set of compliance tests for use with an offline password cracker. They are designed to examine the following parameters of the password:

* they contain only numerals

* they contain only letters

* they contain only special characters

* they contain only letters and numerals

" they contain only letters and special characters

* they contain only numerals and special characters

Of the following, what is the benefit to using this set of tests?

Which Linux command could a systems administrator use to determine if an attacker had opened up a new listening port on her system?

There are three key factors in selecting a biometric mechanism. What are they?

You work as a Linux technician for Tech Perfect Inc. You have lost the password of the root. You want to provide a new password. Which of the following steps will you take to accomplish the task?

What is the maximum number of connections a normal Bluetooth device can handle at one time?

What is it called when an OSI layer adds a new header to a packet?

You have been hired to design a TCP/IP-based network that will contain both Unix and Windows computers. You are planning a name resolution strategy. Which of the following services will best suit the requirements of the network?

In preparation to do a vulnerability scan against your company's systems. You've taken the steps below:

You've notified users that there will be a system test.

You've priontized and selected your targets and subnets.

You've configured the system to do a deep scan.

You have a member of your team on call to answer questions.

Which of the following is a necessary step to take prior to starting the scan?

What is the term for the software that allows a single physical server to run multiple virtual servers?

A new data center is being built where customer credit information will be processed and stored. Which of the following actions will help maintain the confidentiality of the data?

You work as a Network Administrator for McNeil Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest domain-based network. The company's management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks:

The wireless network communication should be secured.

The laptop users should be able to use smart cards for getting authenticated. In order to accomplish the tasks, you take the following steps:

Configure 802.1x and WEP for the wireless connections. Configure the PEAP-MS-CHAP v2 protocol for authentication. What will happen after you have taken these steps?

What is the discipline of establishing a known baseline and managing that condition known as?

On an NTFS file system, what will happen when a conflict exists between Allow and Deny permissions?

Which of the following statements would be seen in a Disaster Recovery Plan?

An attacker gained physical access to an internal computer to access company proprietary data. The facility is protected by a fingerprint biometric system that records both failed and successful entry attempts. No failures were logged during the time periods of the recent breach. The account used when the attacker entered the facility shortly before each incident belongs to an employee who was out of the area. With respect to the biometric entry system, which of the following actions will help mitigate unauthorized physical access to the facility?

What dots Office 365 use natively for authentication?

Which layer of the TCP/IP Protocol Stack Is responsible for port numbers?

To be considered a strong algorithm, an encryption algorithm must be which of the following?

Which of the following is an advantage of a Host Intrusion Detection System (HIDS) versus a Network Intrusion Detection System (NIDS)?

A program has allocated 10 characters of space for user’s response on a form. The application does not validate the number of characters that a user can input into the field before accepting the data. Which type of attack Is the application vulnerable to?

What security practice is described by NIST as the application of science to the identification, collection, examination, and analysis of data while maintaining data integrity and chain of custody?

If a DNS client wants to look up the IP address for good.news.com and does not receive an authoritative reply from its local DNS server, which name server is most likely to provide an authoritative reply?

Which of the following statements about Microsoft's VPN client software is FALSE?

A US case involving malicious code is brought to trial. An employee had opened a helpdesk ticket to report specific instances of strange behavior on her system. The IT helpdesk representative collected information by interviewing the user and escalated the ticket to the system administrators. As the user had regulated and sensitive data on her computer, the system administrators had the hard drive sent to the company's forensic consultant for analysis and configured a new hard drive for the user. Based on the recommendations from the forensic consultant and the company's legal department, the CEO decided to prosecute the author of the malicious code. During the court case, which of the following would be able to provide direct evidence?

Which of the following is generally practiced by the police or any other recognized governmental authority?

Which of the following tools is used to query the DNS servers to get detailed information about IP addresses, MX records, and NS servers?

Which of the following processes is known as sanitization?

Which of the following terms refers to the process in which headers and trailers are added around user data?

You are responsible for technical support at a company. One of the employees complains that his new laptop cannot connect to the company wireless network. You have verified that he is entering a valid password/passkey. What is the most likely problem?

Analyze the screenshot below. In what order should the vulnerabilities be remediated?

A security analyst has entered the following rule to detect malicious web traffic:

alert tcp any -> 192.168.1.0/24 SO (msg: Attempted SQL Injection!"; sld:20000O01;)

How can this rule be changed to reduce false positives?

Your customer wants to make sure that only computers he has authorized can get on his Wi-Fi. What is the most appropriate security measure you can recommend?

What is the main problem with relying solely on firewalls to protect your company's sensitive data?

Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP)?

The Windows 'tracert' begins by sending what type of packet to the destination host?

Which of the following radio frequencies is used by the IEEE 802.11a wireless network?

Which of the following is a required component for successful 802.lx network authentication?

When considering ingress filtering, why should all inbound packets be dropped if they contain a source address from within the protected network address space?

What does PowerShell remoting use to authenticate to another host in a domain environment?