GSEC GIAC Security Essentials Question and Answers

Which of the following attack vectors are addressed by Xinetd and TCP Wrappers?

Which of the following is an UDP based protocol?

What is the fundamental problem with managing computers in stand-alone Windows workgroups?

Which of the following Microsoft services integrates SSO into Microsoft 365 by syncing with on-premises servers?

Which of the following is a name, symbol, or slogan with which a product is identified?

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we- are-secure.com. He installs a rootkit on the Linux server of the We-are-secure network. Which of the following statements are true about rootkits?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following is a Personal Area Network enabled device?

Which of the following is a signature-based intrusion detection system (IDS) ?

Which of the following protocols describes the operation of security In H.323?

Which of the following files contains the shadowed password entries in Linux?

The Linux command to make the /etc/shadow file, already owned by root, readable only by root is which of the following?

What is achieved with the development of a communication flow baseline?

What is the purpose of a TTL value?

Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP)?

What is a security feature available with Windows Vista and Windows 7 that was not present in previous Windows operating systems?

You work as a Linux technician for Tech Perfect Inc. You have lost the password of the root. You want to provide a new password. Which of the following steps will you take to accomplish the task?

Which of the following are advantages of Network Intrusion Detection Systems (NIDS)?

What file instructs programs like Web spiders NOT to search certain areas of a site?

Which of the following is NOT typically used to mitigate the war dialing threat?

Against policy, employees have installed Peer-to-Peer applications on their workstations and they are using them over TCP port 80 to download files via the company network from other Peer-to-Peer users on the Internet. Which of the following describes this threat?

Your system has been infected by malware. Upon investigation, you discover that the malware propagated primarily via email. The malware attacked known vulnerabilities for which patches are available, but due to problems with your configuration management system you have no way to know which systems have been patched and which haven't, slowing your progress in patching your network. Of the following, which solution would you use to protect against this propagation vector?

What is the most secure way to address an unused Windows service so it cannot be exploited by malware?

In addition to securing the operating system of production honey pot hosts, what is recommended to prevent the honey pots from assuming the identities of production systems that could result in the denial of service for legitimate users?

Which of the following features of Windows 7 allows an administrator to both passively review installed software and configure policies to prevent out-of-date or insecure software from running?

Which of the following protocols are used to provide secure communication between a client and a server over the Internet?

Each correct answer represents a part of the solution. Choose two.

What cryptographic technique does file Integrity monitoring employ?

Why are false positives such a problem with IPS technology?

Which asymmetric algorithm is used only for key exchange?

When trace route fails to get a timely response for a packet after three tries, which action will it take?

Which of the following utilities provides an efficient way to give specific users permission to use specific system commands at the root level of a Linux operating system?

An email system administrator deploys a configuration blocking all inbound and outbound executable files due to security concerns.

What Defense in Depth approach is being used?

Which common firewall feature can be utilized to generate a forensic trail of evidence and to identify attack trends against your network?

What is the term for the software that allows a single physical server to run multiple virtual servers?

Which of the following is a type of countermeasure that can be deployed to ensure that a threat vector does not meet a vulnerability?

Based on the iptables output below, which type of endpoint security protection has host 192.168.1.17 implemented for incoming traffic on TCP port 22 (SSH) and TCP port 23 (telnet)?

Which of the following statements about the integrity concept of information security management are true?

Each correct answer represents a complete solution. Choose three.

Why would someone use port 80 for deployment of unauthorized services?

What security practice is described by NIST as the application of science to the identification, collection, examination, and analysis of data while maintaining data integrity and chain of custody?

Which of the following protocols is used to send e-mails on the Internet?

Which of the following is an example of a BitLocker recovery password?

Which choice best describes the line below?

alert tcp any any -> 192.168.1.0/24 80 (content: /cgi-bin/test.cgi"; msg: "Attempted

CGI-BIN Access!!";)

Launch Calculator (calc.exe). Using PowerShell, retrieve the Calculator Process Information. What is the value of the File Version property?

Hint: The process name of Calculator is calculator

The Windows 'tracert' begins by sending what type of packet to the destination host?

Which of the following are examples of Issue-Specific policies all organizations should address?

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He is currently working on his C based new traceroute program. Since, many processes are running together on the system, he wants to give the highest priority to the cc command process so that he can test his program, remove bugs, and submit it to the office in time. Which of the following commands will John use to give the highest priority to the cc command process?

Which Authenticates Assurance Level requires a hardware-based authenticates?

Which of the following is a backup strategy?

What does Authentication Header (AH) add to the packet in order to prevent an attacker from lying about the source?

Two clients connecting from the same public IP address (for example - behind the same NAT firewall) can connect simultaneously to the same web server on the Internet, provided what condition is TRUE?

In the AGULP model, who should be assigned permissions and privileges?

IPS devices that are classified as "In-line NIDS" devices use a combination of anomaly analysis, signature-based rules, and what else to identify malicious events on the network?

Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two.

Fill in the blank with the correct answer to complete the statement below.

The permission is the minimum required permission that is necessary for a user to enter a directory and list its contents.

Which of the following is a potential WPA3 security issue?

Which of the following choices accurately describes how PGP works when encrypting email?

When designing wireless networks, one strategy to consider is implementing security mechanisms at all layers of the OSI model. Which of the following protection mechanisms would protect layer 1?

You work as a Network Administrator for McNeil Inc. You are installing an application. You want to view the log file whenever a new entry is added to the /var/log/messages log file. Which of the following commands will you use to accomplish this?

Which of the following is the FIRST step in performing an Operational Security (OP5EC) Vulnerabilities Assessment?

Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution. Choose two.

Which of the following commands is used to change file access permissions in Linux?

Which practice can help protect secrets in a cloud environment?

Many IIS servers connect to Microsoft SQL databases. Which of the following statements about SQL server security is TRUE?

What is the first thing that should be done during the containment step of incident handling?

Training an organization on possible phishing attacks would be included under which NIST Framework Core guidelines?

You work as a Network Administrator for Secure World Inc. The company has a Linux-based network. You want to run a command with the changed root directory. Which of the following commands will you use?

What dots Office 365 use natively for authentication?

Which of the following authentication methods are used by Wired Equivalent Privacy (WEP)? Each correct answer represents a complete solution. Choose two.

Which of the following is a private, RFC 1918 compliant IP address that would be assigned to a DHCP scope on a private LAN?

Which of the following radio frequencies is used by the IEEE 802.11a wireless network?

Which of the following protocols allows an e-mail client to access and manipulate a remote e-mail file without downloading it to the local computer?

Which attack stage mirrors the Information Gathering phase used in penetration testing methodology?

What type of attack can be performed against a wireless network using the tool Kismet?

Where are user accounts and passwords stored in a decentralized privilege management environment?

If the NET_ID of the source and destination address in an IP (Internet Protocol) packet match, which answer BEST describes the routing method the sending host will use?

What technical control provides the most critical layer of defense if an intruder is able to bypass all physical security controls and obtain tapes containing critical data?

When are Group Policy Objects (GPOs) NOT applied automatically to workstations?

Which of the following statements about the authentication concept of information security management is true?

What database can provide contact information for Internet domains?

Which type of risk assessment results are typically categorized as low, medium, or high-risk events?

You ask your system administrator to verify user compliance with the corporate policies on password strength, namely that all passwords will have at least one numeral, at least one letter, at least one special character and be 15 characters long. He comes to you with a set of compliance tests for use with an offline password cracker. They are designed to examine the following parameters of the password:

* they contain only numerals

* they contain only letters

* they contain only special characters

* they contain only letters and numerals

" they contain only letters and special characters

* they contain only numerals and special characters

Of the following, what is the benefit to using this set of tests?

If Linux server software is a requirement in your production environment which of the following should you NOT utilize?

How is a Distributed Denial of Service (DDOS) attack distinguished from a regular DOS attack?

A folder D:\Files\Marketing has the following NTFS permissions:

• Administrators: Full Control

• Marketing: Change and Authenticated

• Users: Read

It has been shared on the server as "MARKETING", with the following share permissions:

• Full Control share permissions for the Marketing group

Which of the following effective permissions apply if a user from the Sales group accesses the \\FILESERVER\MARKETING shared folder?

You are examining an IP packet with a header of 40 bytes in length and the value at byte 0 of the packet header is 6. Which of the following describes this packet?

Which of the following is used to allow or deny access to network resources?

Which of the following tools is also capable of static packet filtering?

What must be added to VLANs to improve security?

Which of the following access control principles helps prevent collusion and detect abuse of access?

What does an attacker need to consider when attempting an IP spoofing attack that relies on guessing Initial Sequence Numbers (ISNs)?

While building multiple virtual machines on a single host operating system, you have determined that each virtual machine needs to work on the network as a separate entity with its own unique IP address on the same logical subnet. You also need to limit each guest operating system to how much system resources it has access to. Which of the following correctly identifies steps that must be taken towards setting up these virtual environments?

Which of the following Linux commands can change both the username and group name a file belongs to?

Which of the following tasks is the responsibility of a Linux systems administrator who is deploying hardening scripts to his systems?

What protocol is a WAN technology?

Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 domain- based network. The network contains ten Windows 2003 member servers, 150 Windows XP Professional client computers. According to the company's security policy, Mark needs to check whether all the computers in the network have all available security updates and shared folders. He also needs to check the file system type on each computer's hard disk. Mark installs and runs MBSACLI.EXE with the appropriate switches on a server. Which of the following tasks will he accomplish?

You work as a Network Administrator for Tech2tech Inc. You have configured a network-based IDS for your company. You have physically installed sensors at all key positions throughout the network such that they all report to the command console.

What will be the key functions of the sensors in such a physical layout?

Each correct answer represents a complete solution. Choose all that apply.

To update from a Windows Server Update Services (WSUS) server, users of the machine must have what rights, If any?

What is the motivation behind SYN/FIN scanning?

Which access control mechanism requires a high amount of maintenance since all data must be classified, and all users granted appropriate clearance?

When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known as.

Which of the following is the reason of using Faraday cage?

Which of the following SIP methods is used to setup a new session and add a caller?

SSL session keys are available in which of the following lengths?

Using PowerShell ISE running as an Administrator, navigate to the

C:\hlindows\security\tevplatesdirectory. Use secedit.exe in analyze mode to compare the temp.sdb and uorkstdtionSecureTmplate.inf files, and output the findings to a file called log.txt. Which configuration setting under Analyze User Rights reports a mismatch?

Hints:

Use files located in the C \windows\security\templates\ directory

The log. txt file will be created in the directory the secedit.exe command is run from

What is needed for any of the four options for Azure AD multi-factor user authentication?

Which of the following correctly describes a stateless packet filter?

Which of the following is NOT a recommended best practice for securing Terminal Services and Remote Desktop?

Which Defense-in-Depth principle starts with an awareness of the value of each section of information within an organization?

You are examining a packet capture session in Wire shark and see the packet shown in the accompanying image. Based on what you see, what is the appropriate protection against this type of attempted attack?

Use Hashcat to crack a local shadow file. What Is the password for the user account AGainsboro?

Hints

Hints

• The shadow file (shadow) and Hashcat wordlist (gsecwordlist.txt) are located in the directory. home giac PasswordHashing

- Run Hashcat in straight mod* (flag -a 0) to crack the MD5 hashes (flag -m 500) in the shadow file.

• Use the hash values from the Hashcat output file and the shadow file to match the cracked password with the user name.

• If required, a backup copy of the original files can be found in the shadowbackup directory.

When you log into your Windows desktop what information does your Security Access Token (SAT) contain?

In the directory C:\lmages\steer there Is an Image file lmage_4240.png with a data string encoded inside the file. What word is hidden in the file?

Jonny Is an IT Project Manager. He cannot access the folder called "IT Projects" but can access a folder called "Sales Data" even though he's not on the sales team. Which information security principle has failed?