Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

GIAC GSEC - GIAC Security Essentials

GIAC GSEC Premium Access     Download Demo    
Page: 10 / 12
Total 385 questions

You are doing some analysis of malware on a Unix computer in a closed test network. The IP address of the computer is 192.168.1.120. From a packet capture, you see the malware is attempting to do a DNS query for a server called iamabadserver.com so that it can connect to it. There is no DNS server on the test network to do name resolution. You have another computer, whose IP is 192.168.1.115, available on the test network that you would like for the malware connect to it instead. How do you get the malware to connect to that computer on the test network?

A.

You modify the HOSTS file on the computer you want the malware to connect to and add an entry that reads: 192.168.1.120 iamabadserver iamabadserver.com

B.

You modify the HOSTS file on the Unix computer your malware is running on and add an entry that reads: 192.168.1.115 iamabadserveriamabadserver.com

C.

You modify the HOSTS file on the Unix computer your malware is running on and add an entry that reads: 192.168.1.120 iamabadserver iamabadserver.com

D.

You modify the HOSTS file on the computer you want the malware to connect to and add an entry that reads: 192.168.1.115 iamabadserver iamabadserver.com

If a Linux administrator wanted to quickly filter out extraneous data and find a running process named RootKit, which command could he use?

A.

cat/proc;grep Rootkit

B.

ps-ef/ grep Rootkit

C.

sed’s/Rootkit/g’/var/log/messages

D.

tail/var/log/messages> Rootkit

E.

top-u Rootkit

Your IT security team is responding to a denial of service attack against your server. They have taken measures to block offending IP addresses. Which type of threat control is this?

A.

Detective

B.

Preventive

C.

Responsive

D.

Corrective

Which asymmetric algorithm is used only for key exchange?

A.

EI Gamal

B.

Diffuse-H an

C.

ECC

D.

DSA

Which of the following statements about DMZ are true?

Each correct answer represents a complete solution. Choose two.

A.

It is the boundary between the Internet and a private network.

B.

It is an anti-virus software that scans the incoming traffic on an internal network.

C.

It contains company resources that are available on the Internet, such as Web servers and

FTP servers.

D.

It contains an access control list (ACL).

Which practice can help protect secrets in a cloud environment?

A.

Avoiding the use of Terraform variables

B.

Running privileged docker runtime

C.

Excluding the tfstate file from code repositories

D.

Using the -net-host flag

Which of the following is the FIRST step in performing an Operational Security (OP5EC) Vulnerabilities Assessment?

A.

Assess the threat

B.

Assess vulnerabilities of critical information to the threat

C.

Conduct risk versus benefit analysis

D.

Implement appropriate countermeasures

E.

Identification of critical information

What are the two actions the receiver of a PGP email message can perform that allows establishment of trust between sender and receiver?

A.

Decode the message by decrypting the asymmetric key with his private key, then using the asymmetric key to decrypt the message.

B.

Decode the message by decrypting the symmetric key with his private key, then using the symmetric key to decrypt the message.

C.

Decode the message by decrypting the symmetric key with his public key, then using the symmetric key to decrypt the message.

D.

Decrypt the message by encrypting the digital signature with his private key, then using the digital signature to decrypt the message.

Which of the following are advantages of Network Intrusion Detection Systems (NIDS)?

A.

Analysis of encrypted traffic

B.

Provide insight into network traffic

C.

Detection of network operations problems

D.

Provide logs of network traffic that can be used as part of other security measures.

E.

Inexpensive to manage

F.

B, C, and D

G.

A, C, and E

The Linux command to make the /etc/shadow file, already owned by root, readable only by root is which of the following?

A.

chmod 444/etc/shadow

B.

chown root: root/etc/shadow

C.

chmod 400/etc/shadow

D.

chown 400 /etc/shadow