GSEC Exam Questions

Dilbert wants to have a script run on his Windows server every time Wally logs into it. Where should he place this script?

Which file would the entry below be found in? net.ipv6.conf.all.acctpt-ra=0

What could be used to mitigate hash collisions?

When file integrity checking is enabled, what feature is used to determine if a monitored file has been modified?

A program has allocated 10 characters of space for user's response on a form. The application does not validate the number of characters that a user can input into the field before...

A security analyst has entered the following rule to detect malicious web traffic: alert tcp any -> 192.168.1.0/24 SO (msg: Attempted SQL Injection!"; sld:20000001;) How can this r...

What must be added to VLANs to improve security?

Which services will have listening ports on a hardened Linux log server?

What is it called when an OSI layer adds a new header to a packet?

A database is accessed through an application that users must authenticate with, on a host that only accepts connections from a subnet where the business unit that uses the data is...

What is a characteristic of iOS security?

Which of the following activities would take place during the containment phase?

What is a recommended defense against SQL injection, OS injection, and buffer overflows?

What advantage does a Client-to-Client VPN have over other types of VPNs?

An organization keeps its intellectual property in a database. Protection of the data is assigned to one system administrator who marks the data, and monitors for this intellectual...

If a Linux administrator wanted to quickly filter out extraneous data and find a running process named RootKit, which command could he use?

Rainbow Tables are used in what kind of password cracking?

A simple cryptosystem that keeps the same letters and shuffles the order is an example of what?

A company disables cd drives for users; what defense strategy is this a part of?

What dots Office 365 use natively for authentication?

An email system administrator deploys a configuration blocking all inbound and outbound executable files due to security concerns. What Defense in Depth approach is being used?

In the AGULP model, who should be assigned permissions and privileges?

Which of the following correctly describes a stateless packet filter?

In an Active Directory domain, which is the preferred method of keeping host computers patched?

What is the purpose of a TTL value?

What security practice is described by NIST as the application of science to the identification, collection, examination, and analysis of data while maintaining data integrity and...

The TTL can be found in which protocol header?

Which of the following consists of the security identifier number (SID) of your user account, the SID of all of your groups and a list of all your user rights?

Analyze the file below. When will the program /home/sink/utils/remove temp hies.py run?

What technique makes it difficult for attackers to predict the memory address space location for code execution?

A system administrator sees the following URL in the webserver logs: Which action will mitigate against this attack?

What is the fundamental problem with managing computers in stand-alone Windows workgroups?

Jonny Is an IT Project Manager. He cannot access the folder called "IT Projects" but can access a folder called "Sales Data" even though he's not on the sales team. Which informati...

What cryptographic technique does file Integrity monitoring employ?

Which of the following is a potential WPA3 security issue?

Which asymmetric algorithm is used only for key exchange?

Which of the following is Azure's version of a superuser?

Which of the following is an example of a BitLocker recovery password?

Which of the following attacks can be mitigated by avoiding making system calls from within a web application?

Use Wireshark to analyze Desktop;PCAP FILES/charile.pcap What is the destination IP address in packet #3?

Use nmap to discover a host on the 10.10.10.0/24 network, scanning only port 8082 and using the SYN or Stealth scan approach. Which host has a service called -blackice-alerts"?

Use Hashcat to crack a local shadow file. What Is the password for the user account AGainsboro? - The shadow file (shadow) and Hashcat wordlist (gsecwordlist.txt) are located in th...

Use Hashcat to crack a local shadow file. What Is the password for the user account AGainsboro? - The shadow file (shadow) and Hashcat wordlist (gsecwordlist.txt) are located in th...

Open the MATE terminal and use the tcpdump program to read - /pcaps /cass tech.pcap. What is the source port number?

What is the SHA1 hash of the Ale /bin/Is?

Use PowerShell ISE to examineC:\Windows\security\templates\WorkstationSecureTemplate.inf. Which setting is configured in the template?

In the directory C:\lmages\steer there Is an Image file lmage_4240.png with a data string encoded inside the file. What word is hidden in the file?

Launch Calculator (calc.exe). Using PowerShell, retrieve the Calculator Process Information. What is the value of the File Version property? Hint: The process name of Calculator is...

Using PowerShell ISE running as an Administrator, navigate to the C:\hlindows\security\tevplatesdirectory. Use secedit.exe in analyze mode to compare the temp.sdb and uorkstdtionSe...

Use sudo to launch Snort with the, /etc /snort /snort.conf file In full mode to generate alerts based on incoming traffic to echo. What is the source IP address of the traffic trig...