GSEC Online Practice Questions and Answers

Two clients connecting from the same public IP address (for example - behind the same NAT firewall) can connect simultaneously to the same web server on the Internet, provided what condition is TRUE?

A. The server is not using a well-known port.

B. The server is on a different network.

C. The client-side source ports are different.

D. The clients are on different subnets.

Which of the following is a valid password for a system with the default "Password must meet complexity requirements" setting enabled as part of the GPO Password policy requirements?

A. The Cat Chased its Tail AII Night

B. disk ACCESS failed

C. SETI@HOME

D. SaNS2006

Many IIS servers connect to Microsoft SQL databases. Which of the following statements about SQL server security is TRUE?

A. SQL Server patches are part of the operating system patches.

B. SQL Server should be installed on the same box as your IIS web server when they communicate as part of the web application.

C. It is good practice to never use integrated Windows authentication for SQL Server.

D. It is good practice to not allow users to send raw SQL commands to the SQL Server.

When you log into your Windows desktop what information does your Security Access Token (SAT) contain?

A. The Security ID numbers (SIDs) of all the groups to which you belong

B. A list of cached authentications

C. A list of your domain privileges

D. The Security ID numbers (SIDs) of all authenticated local users

What is the discipline of establishing a known baseline and managing that condition known as?

A. Condition deployment

B. Observation discipline

C. Security establishment

D. Configuration management

Which Defense-in-Depth principle starts with an awareness of the value of each section of information within an organization?

A. Information centric defense

B. Uniform information protection

C. General information protection

D. Perimeter layering

The Return on Investment (ROI) measurement used in Information Technology and Information Security fields is typically calculated with which formula?

A. ROI = (gain - expenditure)/(expenditure) X 100%

B. ROI = (gain + expenditure)/(expenditure) X 100%

C. ROI = (loss + expenditure)/(expenditure) X 100%

D. ROI = (loss - expenditure)/(expenditure) X 100%

You work as a Network Administrator for Tech2tech Inc. You have configured a network-based IDS for your company. You have physically installed sensors at all key positions throughout the network such that they all report to the command console.

What will be the key functions of the sensors in such a physical layout? Each correct answer represents a complete solution. Choose all that apply.

A. To collect data from operating system logs

B. To notify the console with an alert if any intrusion is detected

C. To analyze for known signatures

D. To collect data from Web servers

What does the "x" character in the second field of the user account record of the /etc/passwd file indicate?

A. The user account is using a shadow password.

B. The user account is shared by more than one user.

C. The user account is disabled.

D. The user account does not exist.

Which of the following processes is known as sanitization?

A. Assessing the risk involved in discarding particular information.

B. Verifying the identity of a person, network host, or system process.

C. Physically destroying the media and the information stored on it.

D. Removing the content from the media so that it is difficult to restore.