Download Free GIAC GSLC PDF and VCE Updated Today

28 Jul

Vendor: GIAC
Exam Code: GSLC
Exam Name: GIAC Security Leadership

QUESTION 1
Tomas is the project manager of the QWS Project and is worried that the project stakeholders will want to change the project scope frequently. His fear is based on the many open issues in the project and how the resolution of the issues may lead to additional project changes. On what document are Tomas and the stakeholders working in this scenario?

A.    Change management plan
B.    Communications management plan
C.    Issue log
D.    Risk management plan

Answer: A

QUESTION 2
Which of the following statements is true about the difference between worms and Trojan horses?

A.    Trojan horses are a form of malicious codes while worms are not.
B.    Trojan horses are harmful to computers while worms are not.
C.    Worms replicate themselves while Trojan horses do not.
D.    Worms can be distributed through emails while Trojan horses cannot.

Answer: C

QUESTION 3
Victor wants to use Wireless Zero Configuration (WZC) to establish a wireless network connection using his computer running on Windows XP operating system. Which of the following are the most likely threats to his computer?
Each correct answer represents a complete solution. Choose two.

A.    Attacker can use the Ping Flood DoS attack if WZC is used.
B.    Information of probing for networks can be viewed using a wireless analyzer and may be used to gain access.
C.    Attacker by creating a fake wireless network with high power antenna cause Victor’s computer to associate with his network to gain access.
D.    It will not allow the configuration of encryption and MAC filtering. Sending information is not secure on wireless network.

Answer: BC

QUESTION 4
Olive is the program manager for her organization. She has created a request for proposal for a large portion of her program. In this work to be procured she has set several requirements for the vendors to participate. The chief among these requirements is a vendor must have at least four licensed electricians in his team. This requirement for four licensed electricians is an example of which one of the following terms?

A.    Vendor analysis requirements
B.    Scoring model
C.    Evaluation criteria
D.    Screening system

Answer: D

QUESTION 5
Which of the following PPP configuration options is used to increase the effective throughput on PPP connections by reducing the amount of data in the frame that must travel across the link?

A.    Authentication
B.    Error detection
C.    Compression
D.    Multilink

Answer: C

QUESTION 6
Which of the following standards is used in wireless local area networks (WLANs)?

A.    IEEE 802.4
B.    IEEE 802.3
C.    IEEE 802.11b
D.    IEEE 802.5

Answer: C

QUESTION 7
Adrian knows the host names of all the computers on his network. He wants to find the IP addresses of these computers. Which of the following TCP/IP utilities can he use to find the IP addresses of these computers?
Each correct answer represents a complete solution. Choose two.

A.    IPCONFIG
B.    PING
C.    NETSTAT
D.    TRACERT

Answer: BD

QUESTION 8
The Project Procurement Management knowledge area focuses on which of the following processes?
Each correct answer represents a complete solution. Choose two.

A.    Contract Administration
B.    Team Development
C.    Staff Acquisition
D.    Contract Closure

Answer: AD

QUESTION 9
In which of the following attacks does an attacker create the IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing system?

A.    Polymorphic shell code attack
B.    IP address spoofing
C.    Cross-site request forgery
D.    Rainbow attack

Answer: B

QUESTION 10
An intruder is trying to get user passwords by pretending to be help desk staff. Which of the following types of security attacks do you think it is?

A.    Hacking
B.    Man-in-the-middle
C.    Spoofing
D.    Social Engineering

Answer: D

QUESTION 11
You work as a Network Administrator for Blue Well Inc. The company has a Windows Server 2008 domain-based network. All client computers on the network run Windows Vista Ultimate. Andy, a Finance Manager, uses Windows Mail to download his e-mails to his inbox. He complains that every now and then he gets mails asking for revealing personal or financial information. He wants that such mails are not shown to him. Which of the following steps will you take to accomplish the task?

A.    Remove domain names of such emails from the Safe Sender’s list.
B.    Configure phishing filter in Internet Explorer 7.0.
Configure it to filter all phishing mails.
C.    Configure phishing filter in Windows Mail.
Configure it to move such mails to the Junk Mail folder.
D.    Add domain names of such emails in the Block Sender’s list.

Answer: C

QUESTION 12
You work as a Network Administrator for McNeil Inc. The company has a Windows Active Directorybased single domain single forest network. The functional level of the forest is Windows Server 2003. The company’s management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks:
The wireless network communication should be secured.
The laptop users should be able to use smart cards for getting authenticated.
In order to accomplish the tasks, you take the following steps:
Configure 802.1x and WEP for the wireless connections.
Configure the PEAP-MS-CHAP v2 protocol for authentication
What will happen after you have taken these steps?

A.    Both tasks will be accomplished.
B.    The wireless network communication will be secured.
C.    None of the tasks will be accomplished.
D.    The laptop users will be able to use smart cards for getting authenticated.

Answer: B

QUESTION 13
Which of the following tools works both as an encryption-cracking tool and as a keylogger?

A.    Magic Lantern
B.    KeyGhost Keylogger
C.    Alchemy Remote Executor
D.    SocketShield

Answer: A

QUESTION 14
Which of the following statements about Encapsulating Security Payload (ESP) are true?
Each correct answer represents a complete solution. Choose two.

A.    It is an IPSec protocol.
B.    It is a text-based communication protocol.
C.    It uses TCP port 22 as the default port and operates at the application layer.
D.    It can also be nested with the Layer Two Tunneling Protocol (L2TP).

Answer: AD

QUESTION 15
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He wants to test the effect of a virus on the We-are-secure server. He injects the virus on the server and, as a result, the server becomes infected with the virus even though an established antivirus program is installed on the server. Which of the following do you think are the reasons why the antivirus installed on the server did not detect the virus injected by John?
Each correct answer represents a complete solution. Choose all that apply.

A.    The virus, used by John, is not in the database of the antivirus program installed on the server.
B.    John has created a new virus.
C.    The mutation engine of the virus is generating a new encrypted code.
D.    John has changed the signature of the virus.

Answer: ABCD

QUESTION 16
You are a project manager of a construction project. You are documenting project purchasing decisions, specifying the approach, and identifying potential sellers. You are in which of the following processes?

A.    Plan Procurements
B.    Administer Procurements
C.    Close Procurements
D.    Conduct Procurements

Answer: A

QUESTION 17
Which of the following is a virus that can redirect the disk head to read another sector instead of the one in which it resides?

A.    Multipartite virus
B.    Macro virus
C.    Stealth virus
D.    Boot sector virus

Answer: C

QUESTION 18
An organization has a standardized change management plan that all project managers must adhere to. A project manager has worked with the Change Control Board in his organization to approve a change to project scope. What should the standardized change management plan require the project manager to do with the approved scope change?

A.    Perform risk assessment on the new change.
B.    Communicate the change to the vendor.
C.    Create a cost estimate for the change.
D.    Update the WBS.

Answer: D

QUESTION 19
John is a merchant. He has set up a LAN in his office. Some important files are deleted as a result of virus attack. John wants to ensure that it does not happen again. What will he use to protect his data from virus?

A.    Backup
B.    Symmetric encryption
C.    Firewall
D.    Antivirus

Answer: D

QUESTION 20
Which of the following are types of social engineering attacks?
Each correct answer represents a complete solution. Choose two.

A.    An unauthorized person calls a user and pretends to be a system administrator in order to get the user’s password.
B.    An unauthorized person inserts an intermediary software or program between two communicating hosts to listen to and modify the communication packets passing between the two hosts.
C.    An unauthorized person modifies packet headers by using someone else’s IP address to hide his identity.
D.    An unauthorized person gains entrance to the building where the company’s database server resides and accesses the server by pretending to be an employee.

Answer: AD

QUESTION 21
Kerberos is a computer network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Which of the following statements are true about the Kerberos authentication scheme?
Each correct answer represents a complete solution. Choose all that apply.

A.    Kerberos requires continuous availability of a central server.
B.    Kerberos builds on Asymmetric key cryptography and requires a trusted third party.
C.    Dictionary and brute force attacks on the initial TGS response to a client may reveal the subject’s passwords.
D.    Kerberos requires the clocks of the involved hosts to be synchronized.

Answer: ACD

QUESTION 22
Which of the following tools can be used for stress testing of a Web server?
Each correct answer represents a complete solution. Choose two.

A.    Internet bots
B.    Spyware
C.    Anti-virus software
D.    Scripts

Answer: AD

If you want to pass GIAC GSLC successfully, donot missing to read latest lead2pass GIAC GSLC practice exams.
If you can master all lead2pass questions you will able to pass 100% guaranteed.

http://www.lead2pass.com/GSLC.html