GSEC-Q&A-Practice Review Test Exam Questions & Answers.
0 view 0 purchase
Course
GSEC
Institution
GSEC
GSEC-Q&A-Practice Review Test Exam Questions & Answers.
In which directory can executable programs that are part of the operating system be found?
(/) (/var) (/lib) (/dev) (/usr/bin) (/home)
INCORRECT ON PT - CORRECT ANSWER /usr/bin
The Windows Firewall (WF) provides a popup when a new ...
GSEC-Q&A-Practice Review Test Exam
Questions & Answers.
In which directory can executable programs that are part of the operating system be found?
(/) (/var) (/lib) (/dev) (/usr/bin) (/home)
INCORRECT ON PT - CORRECT ANSWER /usr/bin
The Windows Firewall (WF) provides a popup when a new service attempts to listen on your machine.
Which of the following should you train users to select from a security perspective if they are unsure of
which option to select?
The three available options for Windows Firewall are Keep Blocking, Unblock and Ask Me Later. Keep
Block does not allow the program to acquire a listening port. You should train your users to choose this
option when there is any doubt as to what they should do. There are no Safe Mode or Send Request to
Admin options.
Which Threat will be reduced when avoiding system calls from within a web app? - CORRECT ANSWER
OS command injection
( Explanation )
The primary way to avoid OS command injection attacks is to avoid system calls from your web
application, especially when the system call is built based on user input. In most cases, you should be
able to find a function or library within your programming language that can perform the same action.
How often by default does Windows Group Policy check for updated policies?
,(Once a day) (Within 30 minutes of an applied policy change) (Every quarter hour) (Every 90-120
minutes)
INCORRECT ON PT - CORRECT ANSWER Every 90-120 minutes
( Explanation )
When a computer boots up, it downloads the GPO's assigned to it and executes them automatically.
Every 90-120 minutes thereafter, the computer checks that none of the GPO's assigned to it have
changed, if any have, those are downloaded and run automatically even if the computer has not
rebooted. 0-30minutes, 30-60 minutes and 120-180 minutes are durations a group policy could possibly
be modified to use, the standard duration used by Group Policy is 90-120 minutes.
Which of the following best describes Defense-in-Depth?
Defense-in-depth is best characterized by layered defenses. The idea is that any layer of defense may
eventually fail, but a Layered Defense offers better protection. Risk management, separation of duties,
and hardened perimeters are part of a layered defense but do not describe the full concept of DiD.
Which of the following is considered a recommended practice but not a business requirement?
Guideline - Standard - Baseline - Procedure
INCORRECT ON PT - CORRECT ANSWER Guideline
( Explanation )
Guidelines, unlike standards and policies, are not mandatory. Guidelines are more of a recommendation
of how something should be done.
,Which of the following is a characteristic of Quality Updates for Windows?
Are released less frequently than Feature Updates - Support deferring installation on Home edition
devices - Include bug fixes and security patches - Increment the version of Windows - CORRECT ANSWER
Include bug fixes and security patches
( Explanation )
Quality Updates are smaller improvements to already existing software on Windows systems, and
include bug fixes and security fixes. They are released about every 30 days, whereas Feature Updates
are released a couple of times a year and increment the Windows version. Installation of Quality
Updates may be deferred for up to 30 days, except on Home edition devices.
When does applying an encryption algorithm multiple times provide additional security?
When the algorithm is a group - When the algorithm is not a group - The algorithm uses xor - The
algorithm is weak
INCORRECT ON PT - CORRECT ANSWER When the algorithm is not a group
( Explanation )
Whether an algorithm is a group is an important statistical consideration. If it is a group, then applying
the algorithm multiple times is a waste of time. In 1992, it was proven that DES is not a group, in fact, so
encrypting multiple times with DES is not equivalent to encrypting once.
How is a TCP/IP Packet generated as it moves down through the TCP/IP stack?
(Network Layer -> Transport Layer -> Internet Layer -> Application Layer ) (Network Layer -> Internet
Layer -> Transport Layer -> Application Layer) (Application Layer -> Transport Layer -> Internet Layer ->
Network Layer) (Application Layer -> Internet Layer -> Transport Layer -> Network Layer) - CORRECT
ANSWER Application Layer -> Transport Layer -> Internet Layer -> Network Layer
( Explanation )
, As a packet is generated the packet goes from the Application Layer to the Transport Layer to the
Internet Layer and finally to the Network Layer.
Which type of event classification is missed by a NIDS and has the most potential to be a serious event?
• False negative: A false negative event is when the IDS identifies data as benign when, in fact, it is
malicious. A false negative does not generate an alert for the analyst and therefore these can be
dangerous because the analyst cannot take action.• True negative: A true negative event is what we
want the IDS to see, the cases where data does not indicate any malicious activity, and the data is
correct. In the case of a true negative, the IDS does notgenerate an alert for the analyst.• True positive:
In these cases, the IDS worked as intended and correctly flagged the activity asanomalous behavior that
might be malicious. True positives generate alerts for the analyst to process.• False positive: A false
positive case is where the IDS generates an alert flagging hostile activity,which was benign. False
positives generate alerts for the analyst to process, who then must decide how to handle the activity.
Which access control mechanism requires a high amount of maintenance since all data must be
classified, and all users granted appropriate clearance?
Mandatory Access Control (MAC) is a control that is set by the system and cannot be overwritten by the
administrator. MAC will require more effort to maintain, due to data classification requirements and
user clearance.
What is the preferred method of setting up decoy ports on a server?
Set up the host to use a very small window size to manage flow control to the ports - Use software
which makes ports appear to be open but is not related to the real services - Configure a host-based
firewall to respond with RST packets when the decoy port is the destination port - Enable the actual
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Nursewendo. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.
