1. Which of the following is used to describe the type of FTP access in which a user does not have permissions to list the contents of directories, but can access the contents if he knows the path and file name?

    C. Blind FTP. Blind FTP means that the user cannot see the names of files in the FTP site's directory. They can only download from the FTP site files whose names they already know, and when they upload a file, it does not appear in the directory.
  2. Which system is designed to analyze, detect, and report on security-related events?

    D. NIPS
  3. Which of the following viruses is designed to prevent antivirus researchers from examining its code by using various methods that make tracing and disassembling difficult?

    B. Armored virus. An armored virus is a type of virus that has been designed to thwart attempts by analysts from examining its code by using various methods to make tracing, disassembling, and reverse engineering more difficult.
  4. Which of the following provides security by implementing authentication and encryption on Wireless LAN (WLAN)?

    A. WEP. Wired Equivalent Privacy is a weak security algorithm for IEEE 802.11 wireless networks.
  5. Which of the following are the examples of administrative controls? (Choose all that apply.)

    • C. Security policy
    • C. Security awareness training
  6. John works as a programmer for We-Are-Secure, Inc. On one of his routine visits to the company, he noted down the passwords of the employees while they are typing on their comuter screens. Which of the following social engineering attacks did he just perform?

    D. Shoulder surfing. Shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information.
  7. Choose the firewall profiles supported by Windows Server 2008 and Windows Vista:

    D. User profile
  8. Which of the following encryption algorithms is applied in the PGP encryption system?

    D. IDEA. International Data Encryption Algorithm (IDEA) is a symmetric block cipher, intended as a replacement for the Data Encryption Standard (DES).
  9. - No external traffic should be allowed into the network.
    - Administrators should be able to restrict the websites which can be accessed by the internal users.
    Which of the following technologies should be used to accomplish the above goals?

    A. Proxy server. A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers.
  10. Which of the following are the goals of risk management? (Choose all that apply.)
    A. Identifying the risk
    B. Finding an economic balance between the impact of the risk and the cost of the countermeasure
    C. Identifying the accused
    D. Assessing the impact of potential threats
    • A. Identifying the risk
    • B. Finding an economic balance between the impact of the risk and the cost of the countermeasure
    • D. Assessing the impact of potential threats
  11. The promiscuous mode is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just the packets addressed to it. Which of the following tools works by placing the host system network card into the promiscuous mode?

    B. Sniffer. A sniffer is a computer program or piece of hardware that can intercept and log traffic passing over a network.
  12. The project team has been completing their work on time and there is still $75,000 left in the project budget. Janet decides to have the project team implement some extra features to use all of the budget. This is an example of:

    B. Gold plating. Gold plating refers to the addition of any feature not considered in the original scope plan.
  13. You are responsible for security at a compnay that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?

    C. Vulnerability scanning. A vulnerability scanner is a computer program designed to assess computers, computer systems, networks, or applications for weaknesses.
  14. Single Loss Expectancy = Asset value x ____:

    A. Exposure Factor (AF)
  15. A ___ is a computer system on the Internet that is expressly set up to attract and trap people who attempt to penetrate other people's computer systems.
    Honeypot. A honeypot is a trap set to detect, deflect, or in some manner couteract attempts at unauthorized use of information systems.
  16. Which of the following protocols is used as a transport protocol for Internet dial-up connections?

    D. PPP. Point-to-Point Protocol is a data link protocol commonly used in establishing a direct connection between two networking nodes.
  17. You want to ensure your message cannot be read by anyone but the recipient. Which of the following keys will you use to encrypt the message?

    D. The recipient's public key
  18. Which of the following programs can collect various types of personal information, such as internet surfing habits and web sites that the user has visited?

    C. Spyware. Spyware is a type of malware that can be installed on computers which collects small pieces of information about users without their knowledge.
  19. Which of the following applications would be considered a data warehousing application?

    B. Fraud detection. A data warehouse (DW) is a database used for reporting. The data stored in the warehouse is uploaded from the operational systems. DWs are optimized for speed of data analysis.
  20. Which of the following options is an approach to restricting system access to authorized users?

    A. RBAC. Role-Based Access Control is an approach to restricting system access to authorized users. It is a newer alternative approach to Mandatory Access Control (MAC) and Discretionary Access Control (DAC).
  21. Mark is deploying an 802.11 WLAN using WEP. Client computers must be able to automatically connect to the network, but unauthorized computers must not be allowed to view or connect to the network. What will accomplish this?
    A. Configure the authentication type for the WLAN to Open
    B. Install a firewall software on each WAP
    C. Configure the authentication type for the WLAN to Shared
    D. Disable SSID broadcast and enable MAC filtering on all WAPs
    E. Broadcast SSID to connect to the access point (AP)
    F. On each client computer, add the SSID for the WLAN as the preferred network
    • C. Configure the authentication type for the WLAN to Shared
    • D. Disable SSID broadcast and enable MAC filtering on all WAPs
    • F. On each client computer, add the SSID for the WLAN as the preferred network
  22. You have determined that any vendor that would like to bid on your project must have a MCSE on staff, eight years of Cisco experience, and at least two references from similar projects. What have you created?

    D. Screening system for the vendors
  23. Which of the following tools is based on Linux and used to carry out penetration testing?

    B. BackTrack. BackTrack is a GNU/Linux distribution aimed at digital forensics use and penetration testing. JPlag is a plaigiarism detection tool aiming to detect similarities among source code files. Vedit a text editor. Ettercap is a multipurpose sniffer/interceptro/logger for a switched LAN.
  24. A ___ router performs packet-filtering and is used as a firewall.
  25. Which of the following IEEE standards can be sniffed with Kismet? (Choose all that apply.)

    E. All of the above
  26. Which of the following is NOT a part of the Project Procurement Management Knowledge Area?

    A. Develop project management plan
  27. You want to apply an additional network packet filtering device that is intermediate to your enterprise's internal network and the outer network. Which of the following network zones will you create to accomplish this task?

    D. Border network area
  28. Which of the following are countermeasures to prevent unauthorized database access attacks? (Choose all that apply.)

    E. All of the above
  29. Which interface does an IPS sensor use to communicate with a security appliance for management purposes?

    A. Command and control interface
  30. An attacker makes an attempt against a web server. The result is tha tthe attack takes the form of URLs. These URLs search for a certain string that identifies an attack against the web server. Which IDS/IPS detection method do the URLs use to detect and prevent an attack?

    A. Signature-based detection. Signature-based IDS monitors packets in the network and compares them with preconfigured and predetermined attack patterns known as signatures. Anomaly-based IDS determines normal network activity and alerts when abnormal traffic is detected.
  31. Which of the following is used to communicate with an authentication server commonly used in UNIX networks?

    C. TACACS. Terminal Access Controller Access Control System (TACACS) is a remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. MS-CHAP is the MS version of the challenge-handshake protocol. IPX and SPX are networking protocols on Novell Netware OS. SMTP is an internet standard for e-mail transmission across IP networks.
  32. Which of the following backup sites takes the longest recovery time?

    B. Cold site
  33. Which of the following features of IE prevent users from a type of scam that entices users to disclose personal information such as social security number, bank account details, or credit card number?

    D. Phishing filter
  34. You want to have secure communication on the company's intranet. You decide to use public and private key pairs. What will you implement to accomplish this?

    C. Certificate server. Certificate servers validate, or certify, keys as part of a Public Key Infrastructure.
  35. You have installed Windows Vista Home Premium. The computer is connected through an ADSL connection. You want to protect yourself from traps of fraudulent sites. Which of the following IE7 features will you use?

    C. Phishing filter
  36. You have detected what appears to be an unauthorized WAP on your network. However this WAP has the same MAC address as one of your real WAPs and is broadcasting a stronger signal. What is this called?

    C. The evil twin attack
  37. What is the purpose of cryptography?

    C. Cryptography is used to protect information from unauthorized access, whether that information is stored or transmitted. The technique will encrypt the data and decrypt it when required.
  38. What is the primary model for creating security policies?

    B. Deny everything unless specifically allowed.
  39. What is the insecure area between a trusted network and untrusted network called?

    A. DMZ. A demilitarized zone is a prescribed insecure area between a trusted network and an untrusted network.
  40. Which of the following is not a responsibility of facility security?

    A. The physical security responsibilities revolve around the site layout, building materials, builiding age, provision of the infrastructure, and requirements of health and safety.
  41. Which of the following is a symmetric algorithm used in encrypting information?

    D. Symmetric algorithms use a single cryptographic key to encrypt and decrypt a message. The most popular types are DES, AES, and CAST.
  42. What is the term used to recognize the function of DNS server designated to handle queries for resolving external DNS domain names by sending requests to another DNS server?

    C. A DNS server which sends queries to other servers to resolve external or offsite DNS domain names is called a forwarder.
  43. Which of the following is a quantitative assessment used in risk management?

    C. Risk assessments are either qualitative or quantitative. Quantitative assessments include Spanning Tree Analysis and Failure Modes and Effect Analysis.
  44. In decision tree analysis, which node is the start of the decision tree?

    A. The root node is the start of the decision tree in decision tree analysis.
  45. What type of incident is cyberstalking considered to be?

    B. Cyberstalking is a form of harassment which uses electronic devices to track a person's activities.
  46. What is the technique used to store accessed information temporarily called?

    B. Caching is the technique used to temporarily store recently accessed information.
  47. What character is used to represent an invalid character in DNS names?

    C. DNS names can consist of upper and lower case letters, numbers, and hyphens. Invalid characters are replaced by hyphens.
  48. Which of the following is not considered a layer of a Defense-in-Depth solution?

    A. Application servers are not themselves a component of the Defense-in-Depth solution, however, software such as host-based IDS may be installed on the server which would be considered a Defense-in-Depth component of the solution.
  49. Which key standard was developed for financial institutions to transmit securities across electronic mediums?

    A. ANSI X9.17 was developed for financial institutions. It uses a heirarchical approach to ensure keys are secure.
  50. What risk analysis program is a strategic assessment and planning technique used for understanding security.

    C. RADIUS is an authentication tool. Operational Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a risk-based strategic assessment and planning technique.
  51. What analysis method used by IDS solutions identifies unacceptable behavior based on deviations from standards set by RFC documents?

    B. Protocol anomaly-based IDS solutions identify deviations from RFC standards, as well as attacks not having signatures. Well-defined protocols will reduce the number of false-positive results.
  52. Which of the following security concerns falls into the administrative type for access controls?

    A. The administrative controls involve the actions, policies, and management of the control system, and include procedures, hiring, security policies, monitoring, user management, and privilege management. The other types are physical and technical.
Card Set
GIAC Security Leadership Course (GSLC) exam study