GIAC GSEC Exam Questions

Question 6 of 279

When using Pretty Good Privacy (PGP) to digitally sign a message, the signature is created in a two-step process. First, the message to be signed is submitted to
PGP's cryptographic hash algorithm. What is one of the hash algorithms used by PGP for this process?

Blowfish

DES

SHA-l

Cast

Correct Answer: C

Pretty Good Privacy (PGP) uses cryptographic hash algorithms to create digital signatures, ensuring the authenticity and integrity of a message. Among the hash algorithms utilized by PGP, SHA-1 (Secure Hash Algorithm 1) is one of the commonly used options. SHA-1 generates a unique fixed-size 160-bit hash value from an input message, which forms a critical part of the digital signature process.

Question 7 of 279

You are the security director for an off-shore banking site. From a business perspective, what is a major factor to consider before running your new vulnerability scanner against the company's business systems?

It may harm otherwise healthy systems.

It may produce false negative results.

It may generate false positive results.

It may not return enough benefit for the cost.

Correct Answer: A

From a business perspective, a major factor to consider before running a new vulnerability scanner against the company's business systems is that it may harm otherwise healthy systems. While false positives and false negatives are indeed important considerations, the potential disruption or damage to operational systems can have immediate and significant business impacts. Ensuring that the systems remain operational and unaffected is crucial for maintaining business continuity and customer trust, especially for a critical service like an off-shore banking site.

Question 8 of 279

Which of the following is a benefit to utilizing Cygwin for Windows?

The ability to install a complete Red Hat operating system Install on Windows.

The ability to bring much more powerful scripting capabilities to Windows.

The ability to run a production Apache server.

The ability to install a complete Ubuntu operating system install on Windows.

Correct Answer: B

Cygwin is a collection of open-source tools that provides a Linux-like environment on Windows. This environment includes a large number of Unix utilities and libraries, as well as a Bash shell, which allows users to leverage powerful scripting languages like Perl, Python, and Ruby on Windows. Therefore, the primary benefit of utilizing Cygwin for Windows is bringing more powerful scripting capabilities to the system.

Question 9 of 279

What technical control provides the most critical layer of defense if an intruder is able to bypass all physical security controls and obtain tapes containing critical data?

Camera Recordings

Security guards

Encryption

Shredding

Corrective Controls

Correct Answer: C

Encryption is the most critical layer of defense if an intruder bypasses all physical security controls and obtains tapes containing critical data. This is because encryption ensures that the data on the tapes is unreadable to anyone who does not have the correct decryption key, effectively protecting the data even if physical security fails.

Question 10 of 279

Two clients connecting from the same public IP address (for example - behind the same NAT firewall) can connect simultaneously to the same web server on the
Internet, provided what condition is TRUE?

The server is not using a well-known port.

The server is on a different network.

The client-side source ports are different.

The clients are on different subnets.

Correct Answer: C

Two clients connecting from the same public IP address can connect simultaneously to the same web server as long as the client-side source ports are different. This is because the source port, combined with the client's IP address, forms a unique identifier for each connection session. The server uses this identifier to distinguish between the two clients' requests, even though they share the same public IP address.