New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium GIAC GSEC Dumps Questions Answers

Page: 1 / 29
Total 385 questions

GIAC Security Essentials Questions and Answers

Question 1

A web application requires multifactor authentication when a user accesses the application from a home office but does not require this when the user is in the office. What access control model is this describing?

Options:

A.

Lattice based access control

B.

Access control list

C.

Variable trust access control

D.

Role based access control

Buy Now
Question 2

What is the maximum passphrase length in Windows 2000/XP/2003?

Options:

A.

255 characters

B.

127 characters

C.

95 characters

D.

63 characters

Question 3

What technique makes it difficult for attackers to predict the memory address space location for code execution?

Options:

A.

Security Cookies

B.

DFP

C.

SLMOP

D.

ASLR

E.

Stack Canaries

Question 4

Which of the following features of Windows 7 allows an administrator to both passively review installed software and configure policies to prevent out-of-date or insecure software from running?

Options:

A.

Direct Access

B.

Software Restriction Policies

C.

App Locker

D.

User Account Control

Question 5

What is the main problem with relying solely on firewalls to protect your company's sensitive data?

Options:

A.

Their value is limited unless a full-featured Intrusion Detection System is used.

B.

Their value is limited because they cannot be changed once they are configured.

C.

Their value is limited because operating systems are now automatically patched.

D.

Their value is limited because they can be bypassed by technical and non-technical means.

Question 6

What is a recommended defense against SQL injection, OS injection, and buffer overflows?

Options:

A.

Put in an application layer

B.

Validate user input

C.

Use a secure protocol like HTTPS

D.

Use stored procedures

Question 7

Which of the following is a potential WPA3 security issue?

Options:

A.

Backward compatibility

B.

Disassociate frame DoS

C.

Traffic decryption with PSK

D.

Short key lengths

Question 8

Which Defense-in-Depth principle starts with an awareness of the value of each section of information within an organization?

Options:

A.

Information centric defense

B.

Uniform information protection

C.

General information protection

D.

Perimeter layering

Question 9

Which of the following applications would be BEST implemented with UDP instead of TCP?

Options:

A.

A multicast streaming application.

B.

A web browser.

C.

A DNS zone transfer.

D.

A file transfer application.

Question 10

Which logging capability is provided natively by syslog?

Options:

A.

Secure transit

B.

Collection

C.

MuIti-platform alerting

D.

Secure centralization

Question 11

Which port category does the port 110 fall into?

Options:

A.

Well known port

B.

Dynamic port

C.

Private port

D.

Application port

Question 12

Which of the following defines the communication link between a Web server and Web applications?

Options:

A.

CGI

B.

PGP

C.

Firewall

D.

IETF

Question 13

You have reason to believe someone with a domain user account has been accessing and modifying sensitive spreadsheets on one of your application servers. You decide to enable auditing for the files to see who is accessing and changing them. You enable the Audit Object Access policy on the files via Group Policy. Two weeks later, when you check on the audit logs, you see they are empty. What is the most likely reason this has happened?

Options:

A.

You cannot enable auditing on files, just folders

B.

You did not enable auditing on the files

C.

The person modifying the files turned off auditing

D.

You did not save the change to the policy

Question 14

Which of the following would be a valid reason to use a Windows workgroup?

Options:

A.

Lower initial cost

B.

Simplicity of single sign-on

C.

Centralized control

D.

Consistent permissions and rights

Question 15

Which of the following heights of fence deters only casual trespassers?

Options:

A.

8 feet

B.

2 to 2.5 feet

C.

6 to 7 feet

D.

3 to 4 feet

Question 16

Analyze the screenshot below. What is the purpose of this message?

Options:

A.

To gather non-specific vulnerability information

B.

To get the user to download malicious software

C.

To test the browser plugins for compatibility

D.

To alert the user to infected software on the computer.

Question 17

Which of the following tasks is the responsibility of a Linux systems administrator who is deploying hardening scripts to his systems?

Options:

A.

Run them immediately after installation and before configuring system services.

B.

Ensure they are automatically run during the default installation of the OS.

C.

Test in a development environment before rolling out to production.

D.

Apply the same script(s) to every Linux host within the enterprise.

Question 18

An application developer would like to replace Triple DES in their software with a stronger algorithm of the same type. Which of the following should they use?

Options:

A.

RC5

B.

AES

C.

RSA

D.

SHA

Question 19

What is the function of the TTL (Time to Live) field in IPv4 and the Hop Limit field in IPv6 In an IP Packet header?

Options:

A.

These fields are decremented each time a packet is retransmitted to minimize the possibility of routing loops.

B.

These fields are initialized to an initial value to prevent packet fragmentation and fragmentation attacks.

C.

These fields are recalculated based on the required time for a packet to arrive at its destination.

D.

These fields are incremented each time a packet is transmitted to indicate the number of routers that an IP packet has traversed.

Question 20

When should you create the initial database for a Linux file integrity checker?

Options:

A.

Before a system is patched

B.

After a system has been compromised

C.

Before a system has been compromised

D.

During an attack

Question 21

Which of the following elements is the most important requirement to ensuring the success of a business continuity plan?

Options:

A.

Disaster Recover Plans

B.

Anticipating all relevant threats

C.

Executive buy-in

D.

Clearly defining roles and responsibilities

E.

Training

Question 22

The previous system administrator at your company used to rely heavily on email lists, such as vendor lists and Bug Traq to get information about updates and patches. While a useful means of acquiring data, this requires time and effort to read through. In an effort to speed things up, you decide to switch to completely automated updates and patching. You set up your systems to automatically patch your production servers using a cron job and a scripted apt-get upgrade command. Of the following reasons, which explains why you may want to avoid this plan?

Options:

A.

The apt-get upgrade command doesn't work with the cron command because of incompatibility

B.

Relying on vendor and 3rd party email lists enables updates via email, for even faster patching

C.

Automated patching of production servers without prior testing may result in unexpected behavior or failures

D.

The command apt-get upgrade is incorrect, you need to run the apt-get update command

Question 23

During which of the following steps is the public/private key-pair generated for Public Key Infrastructure (PKI)?

Options:

A.

Key Recovery

B.

Initialization

C.

Registration

D.

Certification

Question 24

Which of the following networking topologies uses a hub to connect computers?

Options:

A.

Bus

B.

Ring

C.

Star

D.

Cycle

Question 25

An attacker gained physical access to an internal computer to access company proprietary data. The facility is protected by a fingerprint biometric system that records both failed and successful entry attempts. No failures were logged during the time periods of the recent breach. The account used when the attacker entered the facility shortly before each incident belongs to an employee who was out of the area. With respect to the biometric entry system, which of the following actions will help mitigate unauthorized physical access to the facility?

Options:

A.

Try raising the Crossover Error Rate (CER)

B.

Try to lower the False Accept Rate (FAR)

C.

Try setting the Equal Error Rate (EER) to zero

D.

Try to set a lower False Reject Rate (FRR)

Question 26

Options:

A.

JSON

B.

XML

C.

CEF

D.

LEEF

Question 27

You are examining a packet capture session in Wire shark and see the packet shown in the accompanying image. Based on what you see, what is the appropriate protection against this type of attempted attack?

Options:

A.

Block DNS traffic across the router

B.

Disable forwarding of unsolicited TCP requests

C.

Disable IP-directed broadcast requests

D.

Block UDP packets at the firewall

Question 28

Which of the following terms is used for the process of securing a system or a device on a network infrastructure?

Options:

A.

Hardening

B.

Authentication

C.

Cryptography

D.

Sanitization

Question 29

Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 domain- based network. The network contains ten Windows 2003 member servers, 150 Windows XP Professional client computers. According to the company's security policy, Mark needs to check whether all the computers in the network have all available security updates and shared folders. He also needs to check the file system type on each computer's hard disk. Mark installs and runs MBSACLI.EXE with the appropriate switches on a server. Which of the following tasks will he accomplish?

Options:

A.

None of the tasks will be accomplished.

B.

He will be able to check the file system type on each computer's hard disk.

C.

He will be able to accomplish all the tasks.

D.

He will be able to check all available security updates and shared folders.

Question 30

For most organizations, which of the following should be the highest priority when it comes to physical security concerns?

Options:

A.

Controlling ingress and egress

B.

Controlling access to workstations

C.

Ensuring employee safety

D.

Controlling access to servers

E.

Protecting physical assets

Question 31

Which of the following is a characteristic of hash operations?

Options:

A.

Asymmetric

B.

Non-reversible

C.

Symmetric

D.

Variable length output

Question 32

Many IIS servers connect to Microsoft SQL databases. Which of the following statements about SQL server security is TRUE?

Options:

A.

SQL Server patches are part of the operating system patches.

B.

SQL Server should be installed on the same box as your IIS web server when they communicate as part of the web application.

C.

It is good practice to never use integrated Windows authentication for SQL Server.

D.

It is good practice to not allow users to send raw SQL commands to the SQL Server.

Question 33

What is log, pre-processing?

Options:

A.

Removing known bad log event entries

B.

Converting logs from one format to another

C.

Moving log entries of unknown status to an analyst's queue

D.

Transferring logs to short-term storage

Question 34

What does PowerShell remoting use to authenticate to another host in a domain environment?

Options:

A.

Two factor codes

B.

Unique application passwords

C.

PreShared keys

D.

Kerberos tickets

Question 35

Which of the following is an advantage of an Intrusion Detection System?

Options:

A.

It is a mature technology.

B.

It is the best network security.

C.

It never needs patching.

D.

It is a firewall replacement.

Question 36

An email system administrator deploys a configuration blocking all inbound and outbound executable files due to security concerns.

What Defense in Depth approach is being used?

Options:

A.

Protected Enclaves

B.

Uniform Protection

C.

Vector Oriented

D.

Information Centric

Question 37

The following three steps belong to the chain of custody for federal rules of evidence. What additional step is recommended between steps 2 and 3?

STEP 1 - Take notes: who, what, where, when and record serial numbers of machine(s) in question.

STEP 2 - Do a binary backup if data is being collected.

STEP 3 - Deliver collected evidence to law enforcement officials.

Options:

A.

Rebuild the original hard drive from scratch, and sign and seal the good backup in a plastic bag.

B.

Conduct a forensic analysis of all evidence collected BEFORE starting the chain of custody.

C.

Take photographs of all persons who have had access to the computer.

D.

Check the backup integrity using a checksum utility like MD5, and sign and seal each piece of collected evidence in a plastic bag.

Question 38

How often is session information sent to the web server from the browser once the session information has been established?

Options:

A.

With any change in session data

B.

With every subsequent request

C.

With any hidden form element data

D.

With the initial request to register the session

Question 39

You are implementing wireless access at a defense contractor. Specifications say, you must implement the AES Encryption algorithm. Which encryption standard should you choose?

Options:

A.

WPA

B.

TKIP

C.

WEP

D.

WPA 2

Question 40

Which of the following is a backup strategy?

Options:

A.

Differential

B.

Integrational

C.

Recursive

D.

Supplemental

Question 41

Which of the following protocols provides maintenance and error reporting function?

Options:

A.

UDP

B.

ICMP

C.

PPP

D.

IGMP

Question 42

You work as a Network Administrator for Net Soft Inc. You are designing a data backup plan for your company's network. The backup policy of the company requires high security and easy recovery of data. Which of the following options will you choose to accomplish this?

Options:

A.

Take a full backup daily with the previous night's tape taken offsite.

B.

Take a full backup daily and use six-tape rotation.

C.

Take a full backup on Monday and an incremental backup on each of the following weekdays. Keep Monday's backup offsite.

D.

Take a full backup on alternate days and keep rotating the tapes.

E.

Take a full backup on Monday and a differential backup on each of the following weekdays. Keep Monday's backup offsite.

F.

Take a full backup daily with one tape taken offsite weekly.

Question 43

What is the name of the registry key that is used to manage remote registry share permissions for the whole registry?

Options:

A.

regkey

B.

regmng

C.

winreg

D.

rrsreg

Question 44

Which file would the entry below be found in?

net.ipv6.conf.all.acctpt-ra=0

Options:

A.

/etcsysctl.conf

B.

/etc/crontab

C.

/etc/shadow

D.

/etc/hosts

E.

/etc/pam.d/system-auth

Question 45

There are three key factors in selecting a biometric mechanism. What are they?

Options:

A.

Reliability, encryption strength, and cost

B.

Encryption strength, authorization method, and cost

C.

Reliability, user acceptance, and cost

D.

User acceptance, encryption strength, and cost

Question 46

What advantage does a Client-to-Client VPN have over other types of VPNs?

Options:

A.

The traffic never traverses any network segment in clear text

B.

The client applications do not need to support cryptography

C.

Network devices do not have to look at the message content to provide QoS

D.

The VPN gateway is located at the edge of the corporate network

Question 47

What type of attack can be performed against a wireless network using the tool Kismet?

Options:

A.

IP spoofing

B.

Eavesdropping

C.

Masquerading

D.

Denial of Service

Question 48

In the directory C:\lmages\steer there Is an Image file lmage_4240.png with a data string encoded inside the file. What word is hidden in the file?

Options:

A.

pontine

B.

prolific

C.

abysmal

D.

petroleum

E.

mushroom

F.

Chicago

G.

marshmallow

Question 49

Which of the following are used to suppress gasoline and oil fires? Each correct answer represents a complete solution. Choose three.

Options:

A.

Halon

B.

CO2

C.

Soda acid

D.

Water

Question 50

SSL session keys are available in which of the following lengths?

Options:

A.

40-bit and 128-bit.

B.

64-bit and 128-bit.

C.

128-bit and 1,024-bit.

D.

40-bit and 64-bit.

Question 51

You have implemented a firewall on the company's network for blocking unauthorized network connections. Which of the following types of security control is implemented in this case?

Options:

A.

Detective

B.

Preventive

C.

Directive

D.

Corrective

Question 52

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He is currently working on his C based new traceroute program. Since, many processes are running together on the system, he wants to give the highest priority to the cc command process so that he can test his program, remove bugs, and submit it to the office in time. Which of the following commands will John use to give the highest priority to the cc command process?

Options:

A.

nice -n 19 cc -c *.c &

B.

nice cc -c *.c &

C.

nice -n -20 cc -c *.c &

D.

nice cc -c *.c

Question 53

Which of the following protocols are used to provide secure communication between a client and a server over the Internet?

Each correct answer represents a part of the solution. Choose two.

Options:

A.

SSL

B.

HTTP

C.

TLS

D.

SNMP

Question 54

Use PowerShell ISE to

examineC:\Windows\security\templates\WorkstationSecureTemplate.inf. Which setting is configured in the template?

Options:

A.

ResetLockoutCount

B.

NewAdministratorName

C.

MinirnumPasswordAge

D.

Require logonToChangoPassword

E.

SeRemotPlnteractiveLogonRlght

F.

MaxRenewAge

G.

AuditSystemEvents

Question 55

Which Windows event log would you look in if you wanted information about whether or not a specific diver was running at start up?

Options:

A.

Application

B.

System

C.

Startup

D.

Security

Question 56

Which of the following is a Personal Area Network enabled device?

Options:

A.

Corporate access point extender

B.

Bluetooth mouse

C.

Home Win router

D.

Network enabled printer

Question 57

Included below is the output from a resource kit utility run against local host.

Which command could have produced this output?

Options:

A.

Schtasks

B.

Task kill

C.

SC

D.

Task list

Question 58

Which of the following are the types of intrusion detection systems?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Host-based intrusion detection system (HIDS)

B.

Client-based intrusion detection system (CIDS)

C.

Server-based intrusion detection system (SIDS)

D.

Network intrusion detection system (NIDS)

Question 59

A Network Engineer is charged with maintaining and protecting a network with a high availability requirement. In addition to other defenses, they have chosen to implement a NIPS. How should the NIPS failure conditions be configured to ensure availability if the NIPS is installed in front of the Firewall that protects the DMZ?

Options:

A.

Fail safe

B.

Fail smart

C.

Fail-closed

D.

Fail-open

Question 60

What type of HTTP session tracking artifact is designed to expire once a user’s web browser session is closed?

Options:

A.

URL Session ID

B.

Client Side Certificate

C.

Hidden Form Field

D.

Non-Persistent Cookie

Question 61

How many clients Is a single WSUS server designed to support when the minimum system requirements are met?

Options:

A.

10000

B.

B. 5OOO

C.

1000

Question 62

What does Authentication Header (AH) add to the packet in order to prevent an attacker from lying about the source?

Options:

A.

Integrity Check Value

B.

AES-128 encryption

C.

Triple DES encryption

D.

32-bit sequence number

Question 63

What Windows log should be checked to troubleshoot a Windows service that is falling to start?

Options:

A.

Application

B.

System

C.

Security

D.

Setup

Question 64

Which of the following are advantages of Network Intrusion Detection Systems (NIDS)?

Options:

A.

Analysis of encrypted traffic

B.

Provide insight into network traffic

C.

Detection of network operations problems

D.

Provide logs of network traffic that can be used as part of other security measures.

E.

Inexpensive to manage

F.

B, C, and D

G.

A, C, and E

Question 65

Which of the following is NOT a recommended best practice for securing Terminal Services and Remote Desktop?

Options:

A.

Require TLS authentication and data encryption whenever possible.

B.

Make sure to allow all TCP 3389 traffic through the external firewall.

C.

Group Policy should be used to lock down the virtual desktops of thin-client users.

D.

Consider using IPSec or a VPN in addition to the RDP encryption if you are concerned about future RDP vulnerabilities.

Question 66

A folder D:\Files\Marketing has the following NTFS permissions:

• Administrators: Full Control

• Marketing: Change and Authenticated

• Users: Read

It has been shared on the server as "MARKETING", with the following share permissions:

• Full Control share permissions for the Marketing group

Which of the following effective permissions apply if a user from the Sales group accesses the \\FILESERVER\MARKETING shared folder?

Options:

A.

No access

B.

Full Control

C.

Read

D.

Change

Question 67

The Linux command to make the /etc/shadow file, already owned by root, readable only by root is which of the following?

Options:

A.

chmod 444/etc/shadow

B.

chown root: root/etc/shadow

C.

chmod 400/etc/shadow

D.

chown 400 /etc/shadow

Question 68

Which of the following TCP dump output lines indicates the first step in the TCP 3-way handshake?

Options:

A.

07:09:43.368615 download.net 39904 > ftp.com.21: S

733381829:733381829(0) win 8760 (DF)

B.

07:09:43.370302 ftp.com.21 > download.net.39904: S

1192930639:1192930639(0} ack 733381830 win 1024

1460> (DF)

C.

09:09:22.346383 ftp.com.21 > download.net.39904: , rst 1 win

2440(DF)

D.

07:09:43.370355 download.net.39904 > ftp.com.21: , ack 1 win

8760 (DF)

Question 69

How are differences in configuration settings handled between Domain and Local Group Policy Objects (GPOs)?

Options:

A.

Local and Domain GPOs control different configuration settings, so there will not be conflicts.

B.

Settings in the domain-wide GPO override conflicting settings in the local GPO on each computer.

C.

Settings in the local GPO override conflicting settings when the domain-wide GPO is applied.

D.

Precedence depends on which GPO was updated first.

Question 70

What dots Office 365 use natively for authentication?

Options:

A.

Microsoft CHAP

B.

Exchange Online

C.

Azure Active Directory

D.

Central Authentication Service

E.

Extensible Authentication Protocol

Question 71

Which of the following applications cannot proactively detect anomalies related to a computer?

Options:

A.

Firewall installed on the computer

B.

NIDS

C.

HIDS

D.

Anti-virus scanner

Question 72

Which field in the IPv6 header is used for QoS. or specifying the priority of the packet?

Options:

A.

Hop Limit

B.

Traffic Class

C.

Version

D.

Next Header

Question 73

What method do Unix-type systems use to prevent attackers from cracking passwords using pre-computed hashes?

Options:

A.

Unix systems can prevent users from using dictionary words for passwords

B.

The algorithms creates hashes using a CPU- intensive algorithm.

C.

The algorithm creates hashes using salts or randomized values

D.

Unix/Linux systems use hashing functions which cannot be reversed

E.

The system encrypts the password using a symmetrical algorithm

Question 74

Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution. Choose two.

Options:

A.

It reduces the need for globally unique IP addresses.

B.

It allows external network clients access to internal services.

C.

It allows the computers in a private network to share a global, ISP assigned address to connect to the Internet.

D.

It provides added security by using Internet access to deny or permit certain traffic from the Bastion Host.

Question 75

Which of the following is used to allow or deny access to network resources?

Options:

A.

Spoofing

B.

ACL

C.

System hardening

D.

NFS

Question 76

Which of the following are the types of access controls?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Physical

B.

Administrative

C.

Automatic

D.

Technical

Question 77

What could be used to mitigate hash collisions?

Options:

A.

Using a larger key space for the encryption

B.

Using additional arbitrary data to append to the file

C.

Using separate keys for encryption and decryption

D.

Using a larger bit length for the algorithm

Question 78

Which of the following statements about the authentication concept of information security management is true?

Options:

A.

It ensures the reliable and timely access to resources.

B.

It ensures that modifications are not made to data by unauthorized personnel or processes.

C.

It determines the actions and behaviors of a single individual within a system, and identifies that particular individual.

D.

It establishes the users' identity and ensures that the users are who they say they are.

Question 79

How can an adversary utilize a stolen database of unsalted password hashes?

Options:

A.

Decrypt them to find the dear text passwords

B.

Compare the hashed output of guessed passwords with them

C.

Authenticate with the service associated with the on-line database

D.

Reverse engineer them to find the encryption key

Question 80

Your organization is developing a network protection plan. No single aspect of your network seems more important than any other. You decide to avoid separating your network into segments or categorizing the systems on the network. Each device on the network is essentially protected in the same manner as all other devices.

This style of defense-in-depth protection is best described as which of the following?

Options:

A.

Uniform protection

B.

Threat-oriented

C.

Information-centric

D.

Protected enclaves

Question 81

What defensive measure could have been taken that would have protected the confidentiality of files that were divulged by systems that were compromised by malware?

Options:

A.

Ingress filtering at the host level

B.

Monitoring for abnormal traffic flow

C.

Installing file integrity monitoring software

D.

Encrypting the files locally when not in use

Question 82

A system administrator sees the following URL in the webserver logs:

Which action will mitigate against this attack?

Options:

A.

Force all web applications to use SSL/US

B.

Encode web traffic using Base64 before transmission

C.

Filter potentially harmful characters from user input

D.

Authenticate users before allowing database queries

Question 83

Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two.

Options:

A.

It uses TCP port 443 as the default port.

B.

It is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site.

C.

It is a protocol used to provide security for a database server in an internal network.

D.

It uses TCP port 80 as the default port.

Question 84

Which of the following resources is a knowledge base of real-world observed adversary tactics and techniques?

Options:

A.

Lockheed Martin Cyber Kill Chain

B.

MITRE ATT&CK

C.

CIS Controls

D.

NIST Framework

Question 85

What is the SHA1 hash of the Ale /bin/Is?

Options:

A.

a895bac9c3

B.

54771b4r

C.

a39bed3C496fC764fc518d3e2d56f7d0f4C625fb

D.

93c1 ffbd22ebcad798886fb4aa46fa 357b23d80a

E.

aa40739f465ded2245872b1e4972e33d5bObb1cb

F.

494a 192859f 244c69d5bdc46255d b44l9e 7d051 f

G.

d3a21675a8f 19518d8b8f3cefOf6a21 del da6cc7

Question 86

Which of the following is the reason of using Faraday cage?

Options:

A.

To prevent Denial-of-Service (DoS) attack

B.

To prevent shoulder surfing

C.

To prevent mail bombing

D.

To prevent data emanation

Question 87

You work as a Network Administrator for Tech2tech Inc. You have configured a network-based IDS for your company. You have physically installed sensors at all key positions throughout the network such that they all report to the command console.

What will be the key functions of the sensors in such a physical layout?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

To collect data from operating system logs

B.

To notify the console with an alert if any intrusion is detected

C.

To analyze for known signatures

D.

To collect data from Web servers

Question 88

You work as a Network Administrator for World Perfect Inc. The company has a Linux-based network. You have configured a Linux Web server on the network. A user complains that the Web server is not responding to requests. The process list on the server shows multiple instances of the HTTPD process. You are required to stop the Web service. Which of the following commands will you use to resolve the issue?

Options:

A.

killall httpd

B.

endall httpd

C.

kill httpd

D.

end httpd

Question 89

You work as a Network Administrator for Rick International. The company has a TCP/IP-based network. A user named Kevin wants to set an SSH terminal at home to connect to the company's network. You have to configure your company's router for it. By default, which of the following standard ports does the SSH protocol use for connection?

Options:

A.

443

B.

22

C.

21

D.

80

Question 90

Which of the following commands is used to change file access permissions in Linux?

Options:

A.

chgrp

B.

chperm

C.

chmod

D.

chown

Question 91

A US case involving malicious code is brought to trial. An employee had opened a helpdesk ticket to report specific instances of strange behavior on her system. The IT helpdesk representative collected information by interviewing the user and escalated the ticket to the system administrators. As the user had regulated and sensitive data on her computer, the system administrators had the hard drive sent to the company's forensic consultant for analysis and configured a new hard drive for the user. Based on the recommendations from the forensic consultant and the company's legal department, the CEO decided to prosecute the author of the malicious code. During the court case, which of the following would be able to provide direct evidence?

Options:

A.

The IT helpdesk representative

B.

The company CEO

C.

The user of the infected system

D.

The system administrator who removed the hard drive

Question 92

The TTL can be found in which protocol header?

Options:

A.

It is found in byte 8 of the ICMP header.

B.

It is found in byte 8 of the IP header.

C.

It is found in byte 8 of the TCP header.

D.

It is found in byte 8 of the DNS header.

Question 93

What is the command-line tool for Windows XP and later that allows administrators the ability to get or set configuration data for a very wide variety of computer and user account settings?

Options:

A.

IPCONFIG.EXE

B.

NETSTAT.EXE

C.

WMIC.EXE

D.

C0NF1G.EXE

Question 94

Which of the following logging tasks should be evaluated in real-time?

Options:

A.

Inside and perimeter log trends review

B.

Routine account creation/removal

C.

Log management system performance

D.

Loss of service on critical assets

Question 95

Training an organization on possible phishing attacks would be included under which NIST Framework Core guidelines?

Options:

A.

Detect

B.

Identify

C.

Respond

D.

Protect

Question 96

Which of the following are network connectivity devices?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Network analyzer

B.

Bridge

C.

Brouter

D.

Firewall

E.

Repeater

F.

Hub

Question 97

Which of the following terms refers to the process in which headers and trailers are added around user data?

Options:

A.

Encapsulation

B.

Authentication

C.

Authorization

D.

Encryption

Question 98

What is the motivation behind SYN/FIN scanning?

Options:

A.

The SYN/FIN combination is useful for signaling to certain Trojans.

B.

SYN/FIN packets are commonly used to launch denial of service attacks against BSD hosts.

C.

The crafted SYN/FIN packet sometimes gets past firewalls and filtering routers.

D.

A SYN/FIN packet is used in session hijacking to take over a session.

Question 99

When discussing access controls, which of the following terms describes the process of determining the activities or functions that an Individual is permitted to perform?

Options:

A.

Authentication

B.

Identification

C.

Authorization

D.

Validation

Question 100

Why are false positives such a problem with IPS technology?

Options:

A.

File integrity is not guaranteed.

B.

Malicious code can get into the network.

C.

Legitimate services are not delivered.

D.

Rules are often misinterpreted.

Question 101

Which of the following items are examples of preventive physical controls? Each correct answer represents a complete solution. Choose three.

Options:

A.

Biometric access controls

B.

Closed-circuit television monitors

C.

Fire extinguishers

D.

Locks and keys

Question 102

Which of the following statements would be seen in a Disaster Recovery Plan?

Options:

A.

"Instructions for notification of the media can be found in Appendix A"

B.

"The Emergency Response Plan should be executed in the case of any physical disaster listed on page 3."

C.

"The target for restoration of business operations is 72 hours from the declaration of disaster."

D.

"After arriving at the alternate site, utilize the server build checklist to rebuild all servers on the server rebuild list."

Question 103

Which layer of the TCP/IP Protocol Stack Is responsible for port numbers?

Options:

A.

Network

B.

Transport

C.

Internet

D.

Application

Question 104

Why would someone use port 80 for deployment of unauthorized services?

Options:

A.

Google will detect the service listing on port 80 and post a link, so that people all over the world will surf to the rogue service.

B.

If someone were to randomly browse to the rogue port 80 service they could be compromised.

C.

This is a technique commonly used to perform a denial of service on the local web server.

D.

HTTP traffic is usually allowed outbound to port 80 through the firewall in most environments.

Question 105

A Host-based Intrusion Prevention System (HIPS) software vendor records how the Firefox Web browser interacts with the operating system and other applications, and identifies all areas of Firefox functionality. After collecting all the data about how Firefox should work, a database is created with this information, and it is fed into the HIPS software. The HIPS then monitors Firefox whenever it's in use. What feature of HIPS is being described in this scenario?

Options:

A.

Signature Matching

B.

Application Behavior Monitoring

C.

Host Based Sniffing

D.

Application Action Modeling

Question 106

What must be added to VLANs to improve security?

Options:

A.

Network hubs

B.

Air gaps

C.

Spanning tree interfaces

D.

Access control lists

Question 107

Which access control mechanism requires a high amount of maintenance since all data must be classified, and all users granted appropriate clearance?

Options:

A.

Mandatory

B.

Discretionary

C.

Rule set-based

D.

Role-Based

Question 108

When you log into your Windows desktop what information does your Security Access Token (SAT) contain?

Options:

A.

The Security ID numbers (SIDs) of all the groups to which you belong

B.

A list of cached authentications

C.

A list of your domain privileges

D.

The Security ID numbers (SIDs) of all authenticated local users

Question 109

Which of the following SIP methods is used to setup a new session and add a caller?

Options:

A.

ACK

B.

BYE

C.

REGISTER

D.

INVITE

E.

CANCEL

Question 110

In PKI, when someone wants to verify that the certificate is valid, what do they use to decrypt the signature?

Options:

A.

Receiver's digital signature

B.

X.509 certificate CA's private key

C.

Secret passphrase

D.

CA's public key

Question 111

Which of the following statements about policy is FALSE?

Options:

A.

A well-written policy contains definitions relating to "what" to do.

B.

A well-written policy states the specifics of "how" to do something.

C.

Security policy establishes what must be done to protect information stored on computers.

D.

Policy protects people who are trying to do the right thing.

Question 112

You work as a Network Administrator for McNeil Inc. The company has a Linux-based network. David, a Sales Manager, wants to know the name of the shell that he is currently using. Which of the following commands will he use to accomplish the task?

Options:

A.

mv $shell

B.

echo $shell

C.

rm $shell

D.

ls $shell

Question 113

Which of the following correctly describes a stateless packet filter?

Options:

A.

Streams are rebuilt for analysis

B.

Data is passed through unchecked

C.

Packet processing is very slow

D.

Security is verified at the application level

Question 114

An attacker is able to trick an IDS into ignoring malicious traffic through obfuscation of the packet payload. What type of IDS error has occurred?

Options:

A.

True Negative

B.

True Positive

C.

False Positive

D.

False Negative

Question 115

What does it mean if a protocol such as HTTP is stateless?

Options:

A.

The client responds to server request and keeps track of the conversation.

B.

If a stateless protocol is used it cannot be traced.

C.

It means it is unreliable.

D.

The server responds to a single request and then forgets about it.

Page: 1 / 29
Total 385 questions