Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Examstrust Logo
examstrust mcafee
  1. Home
  2. GIAC
  3. Management
  4. GSLC - GIAC Security Leadership Certification (GSLC)

GIAC GSLC GIAC Security Leadership Certification (GSLC) Exam Practice Test

Page: 1 / 57
Total 567 questions
Get GSLC Full Access Download GSLC PDF

GIAC Security Leadership Certification (GSLC) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$61.25  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Add to Cart
Question 1

Which of the following options is an approach to restricting system access to authorized users?

Options:

A.

MIC

B.

DAC

C.

RBAC

D.

MAC

Question 2

Which of the following is the rating for gasoline or oil fires?

Options:

A.

Class C

B.

Class B

C.

Class D

D.

Class A

Question 3

Which networking protocol is used to authenticate users or devices before granting them access to a network?

Options:

A.

IPSec

B.

PAgP

C.

RADIUS

D.

SRP

Question 4

A user has opened a Web site that automatically starts downloading malicious code onto his computer.

What should he do to prevent this?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Disable ActiveX Controls

B.

Disable Active Scripting

C.

Implement File Integrity Auditing

D.

Configure Security Logs

Question 5

Which of the following protocols uses a combination of public key and symmetric encryption to provide communication privacy, authentication, and message integrity for secure browsing on the Internet?

Options:

A.

MS-CHAP v2

B.

SSL

C.

WEP

D.

EFS

Question 6

Which of the following viruses replaces the boot sector data with its own malicious code?

Options:

A.

Chernobyl

B.

Explore.Zip

C.

MBR

D.

Nimda

Question 7

Which of the following is a software testing method that uses an internal perspective of the system to design test cases based on the internal structure?

Options:

A.

Water Fall

B.

Black box

C.

White box

D.

Gray box

Question 8

You are concerned about attackers simply passing by your office, discovering your wireless network, and getting into your network via the wireless connection. Which of the following are NOT steps in securing your wireless connection?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Using either WEP or WPA encryption

B.

Hardening the server OS

C.

MAC filtering on the router

D.

Not broadcasting SSID

E.

Strong password policies on workstations.

Question 9

Which of the following records is the first entry in a DNS database file?

Options:

A.

MX

B.

SOA

C.

CNAME

D.

SRV

Question 10

Which of the following is the default security level for the Internet zone?

Options:

A.

Medium

B.

High

C.

Low

D.

Medium-Low

Question 11

Which type of repudiation states that the creator of the message denies ever creating the message even after creating it?

Options:

A.

Repudiation of submission

B.

Repudiation of creation

C.

Repudiation of receipt

D.

Repudiation of origin

Question 12

Which of the following is NOT a principle and practice of the 'Minimize the number of highconsequence targets' principle?

Options:

A.

Principle of least privilege

B.

Principle of separation of privileges, duties, and roles

C.

Principle of separation of domains

D.

Principle of trusted entities from untrusted entities

Question 13

What does noise in a power line indicate?

Options:

A.

Power degradation that is low and less than normal

B.

Interference superimposed onto the power line

C.

Momentary high voltage

D.

Prolonged loss of power

Question 14

Which of the following is a popular replacement for halon gas?

Options:

A.

FM-200

B.

CO2

C.

SO2

D.

Ozone

Question 15

Which of the following is used for high-level or comprehensive analysis, as well as for root cause analysis?

Options:

A.

Assumptions analysis

B.

Delphi method

C.

Brainstorming

D.

Checklist analysis

Question 16

John works as a professional Ethical Hacker. He has been assigned the task of testing the security of He installs a sniffer on the We-are-secure server thinking that the following protocols of the We-are-secure server are being used in the network:

• HTTP

• SSL

• SSH

• IPSec

Considering the above factors, which of the following types of packets can he expect to see captured in encrypted form when he checks the sniffer's log file?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

SSH

B.

IPSec

C.

HTTP

D.

SSL

Question 17

Which of the following is the process of comparing cryptographic hash functions of system executables and configuration files?

Options:

A.

Reconnaissance

B.

File integrity auditing

C.

Shoulder surfing

D.

Spoofing

Question 18

Which of the following is a structured review of the procurement process originated at the Plan Procurements process?

Options:

A.

Procurement document package

B.

Administer Procurements process

C.

Procurement auditing

D.

Project Procurement Management

Question 19

Which of the following encrypts its code differently with each infection or generation of infections?

Options:

A.

Boot sector virus

B.

Stealth virus

C.

Polymorphic virus

D.

Macro virus

Question 20

Which of the following methods will free up bandwidth in a Wireless LAN (WLAN)?

Options:

A.

Deploying a powerful antenna.

B.

Change hub with switch.

C.

Disabling SSID broadcast.

D.

Implement WEP.

Question 21

Which of the following programs collects email addresses of users and creates a mailing list?

Options:

A.

Worms

B.

Stealth virus

C.

Boot virus

D.

Spambot

Question 22

Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 Active Directory domain-based network. The domain consists of four domain controllers, six Windows 2003 member servers, and 500 Windows XP Professional client computers. The PKI infrastructure is already configured on the network. The current configuration of the network allows only managers to use EFS on local computers. Sometimes Mark faces problems when managers lose their private keys due to the user profile becoming corrupt or being lost. Due to this, the files that were persistently encrypted by using the corresponding public key are inaccessible. He wants to restore access to the encrypted files as quickly as possible. What will he do to accomplish the task?

Options:

A.

Ask the managers to log on to the network with a new user account.

B.

Rename all the encrypted files and ask the managers to open the files.

C.

Configure key archival on certificate authority (CA).

D.

Ask the managers to use the Distributed file system (Dfs) to encrypt important files.

Question 23

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. Rick, your assistant, is configuring some laptops for wireless access. For security, WEP needs to be configured for wireless communication. By mistake, Rick configures different WEP keys in a laptop than that is configured on the Wireless Access Point (WAP). Which of the following statements is true in such situation?

Options:

A.

The laptop will be able to access the wireless network but other wireless devices will be unable to communicate with it.

B.

The laptop will be able to access the wireless network but the security will be compromised.

C.

The WAP will allow the connection with the guest account's privileges.

D.

The laptop will not be able to access the wireless network.

Question 24

Which of the following statements are true about SSIDs?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

All wireless devices on a wireless network must have the same SSID in order to communicate with each other.

B.

SSIDs are case insensitive text strings and have a maximum length of 64 characters.

C.

SSID is used to identify a wireless network.

D.

Configuring the same SSID as that of the other Wireless Access Points (WAPs) of other networks will create a conflict.

Question 25

Which of the following malware spread through the Internet and caused a large DoS attack in 1988?

Options:

A.

LoveLetter worm

B.

Klez worm

C.

Morris worm

D.

SQL slammer worm

Question 26

You work as a Software Developer for PassGuide Inc. The company uses Visual Studio.NET as its application development platform. You create an application using .NET Framework. You use the application to create an assembly. Now you need to encrypt assembly data. The company has not provided encryption requirements to you. Which of the following symmetric cryptography classes will you use to accomplish this task?

Options:

A.

RijndaelManaged

B.

3DES

C.

DES

D.

TDEA

E.

RSA

Question 27

Which of the following attributes is a tool that does not aid the project manager in quality planning?

Options:

A.

Benchmarking practices

B.

Design of experiments

C.

Media selection

D.

Benefit of analysis

Question 28

Which of the following functions can you use to mitigate a command injection attack?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

escapeshellcmd()

B.

escapeshellarg()

C.

htmlentities()

D.

strip_tags()

Question 29

Maria works as the Chief Security Officer for PassGuide Inc. She wants to send secret messages to the CEO of the company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Maria using?

Options:

A.

Public-key cryptography

B.

Steganography

C.

RSA algorithm

D.

Encryption

Question 30

You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The company's network is connected to the Internet through a T1 line. The firewall is configured on the network for securing the internal network from the intruders on the Internet. The functional level of the forest is Windows Server 2008. You are designing a public key infrastructure (PKI) for the network. The network will use a root enterprise certificate authority (CA) and a subordinate CA. The root CA will be used to issue certificates to the subordinate CA, and the subordinate CA will be used to issue certificates to the clients.

The management of the company wants to ensure that the security of high-level CAs is not compromised. Which of the following steps will you take to accomplish the task?

Options:

A.

Take the root CA offline after it issues certificates to its subordinate CAs.

B.

Take the subordinate CA offline after it gets the certificates from the root CA.

C.

Place all CA servers in a locked room.

D.

Configure a firewall on the network.

Question 31

Which of the following tools can be used to read NetStumbler's collected data files and present street maps showing the logged WAPs as icons, whose color and shape indicates WEP mode and signal strength?

Options:

A.

NetStumbler

B.

WEPcrack

C.

StumbVerter

D.

Kismet

Question 32

Which of the following is the process of comparing cryptographic hash functions of system executables and configuration files?

Options:

A.

File integrity auditing

B.

Reconnaissance

C.

Spoofing

D.

Shoulder surfing

Question 33

A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it'll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?

Options:

A.

Add the identified risk to the issues log.

B.

Add the identified risk to a quality control management control chart.

C.

Add the identified risk to the low-level risk watchlist.

D.

Add the identified risk to the risk register.

Question 34

You discover that all available network bandwidth is being used by some unknown service. You discover that UDP packets are being used to connect the echo service on one machine to the chargen service on another machine. What kind of attack is this?

Options:

A.

Smurf

B.

Denial of Service

C.

Virus

D.

Evil Twin

Question 35

John is a malicious attacker. He illegally accesses the server of We-are-secure Inc. He then places a backdoor in the We-are-secure server and alters its log files. Which of the following steps of malicious hacking includes altering the server log files?

Options:

A.

Reconnaissance

B.

Maintaining access

C.

Covering tracks

D.

Gaining access

Question 36

Which of the following security protocols can be used to support MS-CHAPv2 for wireless client authentication?

Each correct answer represents a complete solution. Choose two.

Options:

A.

HTTP

B.

PEAP

C.

IPSec

D.

PPTP

Question 37

Adam works as a Penetration Tester for Umbrella Inc. He is assigned a project of testing the security of the company's network. He is using the Metasploit Framework for developing and executing exploit code against a remote target machine. The Metasploit Framework is the important sub-project of the Metasploit Project. Which of the following are the other sub-projects under the Metasploit projet?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

shellcode archive

B.

Metasploit system

C.

Opcode Database

D.

security research

Question 38

You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. All client computers on the network run Windows XP Professional. You configure a public key infrastructure (PKI) on the network. You configure a root CA and a subordinate CA on the network. For security reasons, you want to take the root CA offline. You are required to configure the CA servers to support for certificate revocation. Choose the steps you will require to accomplish the task.

Options:

A.

Question 39

Which of the following types of virus is capable of changing its signature to avoid detection?

Options:

A.

Polymorphic virus

B.

Boot sector virus

C.

Macro virus

D.

Stealth virus

Question 40

Which of the following types of firewall ensures that the packets are part of the established session?

Options:

A.

Stateful inspection firewall

B.

Circuit-level firewall

C.

Switch-level firewall

D.

Application-level firewall

Question 41

Which of the following attacks can be mitigated by providing proper training to the employees in an organization?

Options:

A.

Social engineering

B.

Smurf

C.

Denial-of-Service

D.

Man-in-the-middle

Question 42

Which of the following statements correctly defines a script kiddie?

Options:

A.

He is an individual who uses hacking programs developed by others to attack information systems and spoil websites.

B.

He is an individual who is an expert in various computer fields such as operating systems, networking, hardware, software, etc. and enjoys the mental challenge of decoding computer programs, solving network vulnerabilities and security threats, etc.

C.

He is an individual who breaks communication systems to perform hacking.

D.

He is an individual who has lost respect and integrity as an employee in any organization.

Question 43

Rick is the project manager for TTM project. He is in the process of procuring services from vendors. He makes a contract with a vendor in which he precisely specify the services to be procured, and any changes to the procurement specification will increase the costs to the buyer. Which type of contract is this?

Options:

A.

Fixed Price with Economic Price Adjustment

B.

Fixed Price Incentive Fee

C.

Cost Plus Fixed Fee Contract

D.

Firm Fixed Price

Question 44

In the image of the Screened Host Firewall Architecture given below, select the element that is commonly known as the access router.

Options:

A.

Question 45

You work as Network and Security Manager for PassGuide Inc. The management of the company is quite concerned about the security of the network. The management has assigned this task to you to improve the security. Which of the following access methods will you use if the method is to be primarily based on pre-established access, and users cannot change it?

Options:

A.

PAC

B.

OrBAC

C.

MAC

D.

RBAC

Question 46

IDS systems can be classified in many different ways. Which of the following is not a way that IDS systems are commonly classified?

Options:

A.

Latent

B.

Network Based

C.

Passive

D.

Active

E.

Host Based

Question 47

One of the sales people in your company complains that sometimes he gets a lot of unsolicited messages on his PDA. After asking a few questions, you determine that the issue only occurs in crowded areas like airports. What is the most likely problem?

Options:

A.

Blue snarfing

B.

A virus

C.

Spam

D.

Blue jacking

Question 48

You work as an Administrator for Bluesky Inc. The company has 145 Windows XP Professional client computers and eighty Windows 2003 Server computers. You want to install a security layer of WAP specifically designed for a wireless environment. You also want to ensure that the security layer provides privacy, data integrity, and authentication for client-server communications over a wireless network. Moreover, you want a client and server to be authenticated so that wireless transactions remain secure and the connection is encrypted. Which of the following options will you use to accomplish the task?

Options:

A.

Wireless Transport Layer Security (WTLS)

B.

Recovery Console

C.

Wired Equivalent Privacy (WEP)

D.

Virtual Private Network (VPN)

Question 49

John works as a Website Administrator in ABC Inc. The company has to set a privacy policy on all the computers. The policy requires John to restrict only third party cookies that do not have a compact private policy or that use personally identifiable information without a user's implicit consent. He reports to the Technical Support Executive that he wants to set the policy. The Technical Support Executive asks him to configure the settings in the Privacy tab page. Which of the following privacy settings will John use to accomplish the task?

Options:

A.

High

B.

Low

C.

Block All Cookies

D.

The policy cannot be set.

Question 50

You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?

Options:

A.

Automated penetration testing

B.

Code review

C.

Manual penetration testing

D.

Vulnerability scanning

Question 51

Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security equivalent to wired networks for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. Which of the following statements are true about WEP?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

WEP uses the RC4 encryption algorithm.

B.

Automated tools such as AirSnort are available for discovering WEP keys.

C.

It provides better security than the Wi-Fi Protected Access protocol.

D.

The Initialization Vector (IV) field of WEP is only 24 bits long.

Question 52

Which of the following is the practice of a domain name registrant using the five-day "grace period" (the Add Grace Period or AGP) at the beginning of the registration of an ICANN-regulated second-level domain to test the marketability of the domain?

Options:

A.

Proxy server

B.

Domain tasting

C.

NMap

D.

PsPasswd

Question 53

Which of the following statements is true about the difference between worms and Trojan horses?

Options:

A.

Trojan horses are a form of malicious codes while worms are not.

B.

Trojan horses are harmful to computers while worms are not.

C.

Worms replicate themselves while Trojan horses do not.

D.

Worms can be distributed through emails while Trojan horses cannot.

Question 54

You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the Incident handling process will utilize the signature to resolve this incident?

Options:

A.

Containment

B.

Recovery

C.

Identification

D.

Eradication

Question 55

Which of the following layers of TCP/IP model is used to move packets between the Internet Layer interfaces of two different hosts on the same link?

Options:

A.

Application layer

B.

Transport Layer

C.

Link layer

D.

Internet layer

Question 56

What is the term used to describe the cost of the solution after the solution has been implemented in production by a vendor?

Options:

A.

Total cost of ownership

B.

Total ownership costing

C.

Sustainability fees

D.

Lifecycle maintenance fees

Question 57

Which of the following statements are true about MS-CHAPv2?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It can be replaced with EAP-TLS as the authentication mechanism for PPTP.

B.

It provides an authenticator-controlled password change mechanism.

C.

It is subject to offline dictionary attacks.

D.

It is a connectionless protocol.

Question 58

You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest single domain network. The domain functional level is set to Windows Server 2003. You have configured an Active Directory-integrated DNS zone on the network. A new security policy dictates that each incoming DNS query should be recorded. Which of the following steps will you take to implement the new security policy?

Options:

A.

Create a GPO.

Configure Audit Object Access.

Attach the GPO to the domain.

B.

Do nothing, each incoming DNS queries is recorded by default in DNS.LOG file.

C.

Enable debug logging on the DNS server.

D.

Create a new OU.

Move the DNS server account to the OU.

Create a GPO.

Configure Audit Logon events.

Attach the GPO to the OU.

Question 59

Which of the following items are generally analyzed by Internet filters?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Content

B.

Certificates

C.

Uniform Resource Locators (URLs)

D.

Network Topology

Question 60

Which of the following are types of social engineering attacks?

Each correct answer represents a complete solution. Choose two.

Options:

A.

An unauthorized person calls a user and pretends to be a system administrator in order to get the user's password.

B.

An unauthorized person inserts an intermediary software or program between two communicating hosts to listen to and modify the communication packets passing between the two hosts.

C.

An unauthorized person modifies packet headers by using someone else's IP address to hide his identity.

D.

An unauthorized person gains entrance to the building where the company's database server resides and accesses the server by pretending to be an employee.

Question 61

Which of the following terms describes the statement given below?

"It refers to a range of skills, tools, and techniques used to manage time when accomplishing specific tasks, projects, and goals. This set encompasses a wide scope of activities, and these include planning, allocating, setting goals, delegation, analysis of time spent, monitoring, organizing, scheduling, and prioritizing."

Options:

A.

Time Management

B.

Digital Rights Management

C.

Perception Management

D.

Change Management

Question 62

Which of the following processes is NOT a part of the Project Procurement Management Knowledge Area?

Options:

A.

Develop Project Management Plan

B.

Request Seller Responses

C.

Contract Administration

D.

Plan Purchases and Acquisitions

Question 63

John works as a Programmer for We-are-secure Inc. On one of his routine visits to the company, he noted down the passwords of the employees while they were typing them on their computer screens.

Which of the following social engineering attacks did he just perform?

Options:

A.

Shoulder surfing

B.

Important user posing

C.

Dumpster diving

D.

Authorization by third party

Question 64

Which of the following is used to describe the type of FTP access in which a user does not have permissions to list the contents of directories, but can access the contents if he knows the path and file name?

Options:

A.

Secure FTP

B.

Blind FTP

C.

Passive FTP

D.

Hidden FTP

Question 65

Fill in the blank with the appropriate term.

NOTE. Do not use abbreviation.

________ is a configurable client identification that allows a client to communicate with a particular base station.

Options:

Question 66

Which of the following activities result in change requests?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Preventive actions

B.

Inspection

C.

Defect repair

D.

Corrective actions

Question 67

Which of the following exists between the client and the server system to provide security and allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer protocols?

Options:

A.

Application-level gateway

B.

Proxy server

C.

Firewall

D.

DMZ

Question 68

Which of the following protocols uses a combination of public key and symmetric encryption to provide communication privacy, authentication, and message integrity for secure browsing on the Internet?

Options:

A.

SSL

B.

MS-CHAP v2

C.

EFS

D.

WEP

Question 69

You and your project team have identified the project risks and now are analyzing the probability and impact of the risks. What type of analysis of the risks provides a quick and high-level review of each identified risk event?

Options:

A.

Quantitative risk analysis

B.

Seven risk responses

C.

Qualitative risk analysis

D.

A risk probability-impact matrix

Question 70

Which of the following tools can be used to detect the steganography?

Options:

A.

Blindside

B.

ImageHide

C.

Dskprobe

D.

Snow

Question 71

You are the Network Administrator for a large corporate network. You want to monitor all network traffic on your local network for suspicious activities and receive a notification when a possible attack is in process. Which of the following actions will you take for this?

Options:

A.

Install a host-based IDS

B.

Enable verbose logging on the firewall

C.

Install a DMZ firewall

D.

Install a network-based IDS

Question 72

John works as an IT Technician for PassGuide Inc. One morning, John receives an e-mail from the company's Manager asking him to provide his logon ID and password, but the company policy restricts users from disclosing their logon IDs and passwords. Which type of possible attack is this?

Options:

A.

Social engineering

B.

Replay attack

C.

Trojan horse

D.

DoS

Question 73

You have configured a virtualized Internet browser on your Windows XP professional computer. Using the virtualized Internet browser, you can protect your operating system from which of the following?

Options:

A.

Mail bombing

B.

Distributed denial of service (DDOS) attack

C.

Brute force attack

D.

Malware installation from unknown Web sites

Question 74

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of He receives the following e-mail:

The e-mail that John has received is an example of __________.

Options:

A.

Social engineering attacks

B.

Virus hoaxes

C.

Spambots

D.

Chain letters

Question 75

You have been hired as a project manager for a project. The initial project planning predicts a benefitcost ratio (BCR) of the project as 3.5. What does this figure mean?

Options:

A.

A loss of 3.5 percent

B.

A profit of 3.5 percent

C.

A loss of $3.5 for each dollar expended

D.

A payback of $3.5 for each dollar expended

Question 76

You are working on your computer system with Linux Operating system. After working for a few hours, the hard disk goes to the inactive state (sleep). You try to restart the system and check the power circuits. You later discover that the hard disk has crashed. Which of the following precaution methods should you apply to keep your computer safe from such issues?

Options:

A.

Use Incident handling

B.

Use SMART model

C.

Use OODA loop

D.

Use Information assurance

Question 77

Which of the following techniques is based on a set of criteria that has been acquired in a specific knowledge area or product area?

Options:

A.

Expert judgment

B.

Program Evaluation Review Technique (PERT) chart

C.

Function Point Analysis (FP Analysis)

D.

Delphi technique

Question 78

You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest network. You have recently added three new SCSI hard disk drives to a domain controller that already has two physical disk drives. The new SCSI disk drives are configured in a RAID-5 array. You are required to enhance the performance of the Active Directory database on the domain controller. Which of the following steps will you take to accomplish the task?

Each correct answer represents a part of the solution. Choose two.

Options:

A.

Move the log files to a separate physical disk other than the one used in RAID-5 or used by the operating system.

B.

Move the log files to the RAID-5 array.

C.

Move the NTDS.DIT file to the RAID-5 array.

D.

Move the NTDS.DIT file to a disk other than the one used in RAID-5 or used by the operating system.

Question 79

Which of the following are the benefits of information classification for an organization?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It helps identify which information is the most sensitive or vital to an organization.

B.

It ensures that modifications are not made to data by unauthorized personnel or processes.

C.

It helps reduce the Total Cost of Ownership (TCO).

D.

It helps identify which protections apply to which information.

Question 80

Which of the following statements are true about locating rogue access points using WLAN discovery software such as NetStumbler, Kismet, or MacStumbler if you are using a Laptop integrated with Wi-Fi compliant MiniPCI card?

Each correct answer represents a complete solution. Choose two.

Options:

A.

These tools can determine the authorization status of an access point.

B.

These tools cannot detect rogue access points if the victim is using data encryption.

C.

These tools detect rogue access points if the victim is using IEEE 802.11 frequency bands.

D.

These tools can determine the rogue access point even when it is attached to a wired network.

Question 81

You are the Network Administrator for a company that does a large amount of defense contract business.

A high level of security, particularly regarding sensitive documents, is required. Which of the following steps will you take to secure network printers?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Remove the printers from the network and not allow remote printing.

B.

Ensure that the printers hard drive is scanned for spyware.

C.

Secure all remote administrative protocols such as telnet.

D.

Limit the size of print jobs on the printer.

E.

Do not allow duplicate print jobs.

Question 82

Management has asked you to perform a risk audit and report back on the results. Bonny, a project team member asks you what a risk audit is. What do you tell Bonny?

Options:

A.

A risk audit is a review of all the risks that have yet to occur and what their probability of happening are

B.

A risk audit is a review of the effectiveness of the risk responses in dealing with identified risks and their root causes, as well as the effectiveness of the risk management process.

C.

A risk audit is an audit of all the risks that have occurred in the project and what their true impact on cost and time has been.

D.

A risk audit is a review of all the risk probability and impact for the risks, which are still present in the project but which have not yet occurred.

Question 83

You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. You are working as a root user on the Linux operating system. Your company is facing an IP spoofing attack. Which of the following tools will you use to get an alert saying that an upcoming IP packet is being spoofed?

Options:

A.

Dsniff

B.

ethereal

C.

Despoof

D.

Neotrace

Question 84

Which of the following files must be configured to enable hostname lookups to use the Domain Name Service (DNS)?

Options:

A.

libnss_ldap

B.

/etc/pam.d

C.

/etc/nsswitch.conf

D.

/etc/pam.d/sshd

Question 85

John works as a Security Administrator for Enet Inc. He uses a 4 digits personal identification number (PIN) to access the computer and a token is used to perform offline checking whether John has entered the correct PIN or not. Which of the following attacks is possible on John's computer?

Options:

A.

Replay

B.

Smurf

C.

Man-In-The-Middle

D.

Brute force

Load More GSLC Questions
Page: 1 / 57
Total 567 questions
Get GSLC Full Access Download GSLC PDF