Issuu on Google+

GSLC EXAM GSLC GIAC Security Leadership

http://www.certificationtutorials.com/giac/GSLC-exam.htm

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

1


Question: 1 You are the project manager of a Web development project. You want to get information about your competitors by hacking into their computers. You and the project team determine should the hacking attack not be performed anonymously, you will be traced. Hence, you hire a professional hacker to work on the project. This is an example of what type of risk response? A. Acceptance B. Avoidance C. Transference D. Mitigation

Answer: C Explanation: Whenever the risk is transferred to someone else, it is an example of transference risk response. Transference usually has a fee attached to the service provider that will own the risk event. What is transference? Transference is a strategy to mitigate negative risks or threats. In this strategy, consequences and the ownership of a risk is transferred to a third party. This strategy does not eliminate the risk but transfers responsibility of managing the risk to another party. Insurance is an example of transference. Answer option D is incorrect. Mitigation are activities to reduce the probability and/or impact of a risk event. Answer option A is incorrect. Acceptance is when the risk event is accepted and allowed to happen. This response is typical for smaller risk events. Answer option B is incorrect. Avoidance are actions to avoid the risk event.

Question: 2 Which of the following password authentication schemes enables a user with a domain account to log on to a network once, using a password or smart card, and to gain access to multiple computers in the domain without being prompted to log in again? A. Kerberos B. Single Sign-On C. Dynamic D. One-time password

Answer: B Explanation:

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

2


Single Sign-On (SSO) is a system capability that enables users to access a number of applications without having to log on and/or provide a password to each application. In SSO, a user can access all computer applications and systems where he has access permission without entering multiple passwords. This reduces human error and systems failure and is therefore highly desirable. There are many commercial SSO solutions available in the market. Some of them are as follows: Central Authentication Service (CAS) The Dutch NREN CoSign Enterprise Single Sign-On (E-SSO) Web Single Sign-On (Web SSO) Security Assertion Markup Language (SAML) Direct SSO Shibboleth Answer option D is incorrect. A one-time password (OTP) is a password only valid for a single login session or transaction. OTP avoids a number of shortcomings that are associated with traditional passwords. The most important shortcoming that is addressed by OTP is that OTP is not vulnerable to replay attacks. If a potential intruder manages to record an OTP that was already used to log into a service or to conduct a transaction, he will not be able to abuse it since it will be no longer valid. Answer option A is incorrect. Kerberos is a secure protocol that supports ticketing authentication. A ticket is granted in response to a client computer authentication request by the Kerberos authentication server, if the request contains valid user credentials and a valid Service Principal Name (SPN). The ticket is then used by the client computer to access network resources. To enable Kerberos authentication, the client and server computers must have a trusted connection to the domain Key Distribution Center (KDC). The task of KDC is to distribute shared secret keys to enable encryption. Answer option C is incorrect. In the dynamic password authentication scheme, passwords are changed after a specified time or time interval.

Question: 3 Mark works as a Network Administrator for We-are-secure Inc. He finds that the We-are-secure server has been infected with a virus. He presents to the company a report that describes the symptoms of the virus. A summary of the report is given below: This virus has a dual payload, as the first payload of the virus changes the first megabyte of the hard drive to zero. Due to this, the contents of the partition tables are deleted and the computer hangs. The second payload replaces the code of the flash BIOS with garbage values. This virus spreads under the Portable Executable File Format under Windows 95, Windows 98, and Windows ME. Which of the following viruses has the symptoms as the one described above? A. I Love You B. Nimda

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

3


C. Chernobyl D. Melissa

Answer: C Explanation: The Chernobyl (CIH) virus is a good example of a dual payload virus. Since the first payload of the virus changes the first megabyte of a computer's hard drive to zero, the contents of the partition tables are deleted, resulting in the computer hanging. The second payload of CIH replaces the code of the flash BIOS with garbage values so that the flash BIOS is unable to give a warning, the end result being that the user is incapable of changing the BIOS settings. CIH spreads under the Portable Executable file format under Windows 95, Windows 98, and Windows ME. Answer option A is incorrect. The I LOVE YOU virus is a VBScript virus in which a victim gets an email attachment titled as "I Love You" with an attachment file named as "Love-Letter-For-You.txt.vbs". When the victim clicks on this attachment, the virus script infects the victim's computer. The virus first scans system's memory for passwords, which are sent back to the virus' creator. In the next step, the virus replicates itself and sends its copy to each address in the victim's Outlook address book. Finally, the virus corrupts files with extensions .vbs, .vbe, .js, .css, .wsh, .sct, .hta, .jpg, .jpeg, .mp2, and .mp3 by overwriting them with a copy of itself. Answer option D is incorrect. The Melissa virus infects Word 97 documents and the NORMAL.DOT file of Word 97 and Word 2000. This macro virus resides in word documents containing one macro named as "Melissa". The Melissa virus has the ability to spread itself very fast by using an e-mail. When the document infected by the Melissa virus is opened for the first time, the virus checks whether or not the user has installed Outlook on the computer. If it finds the Outlook, it sends e-mail to 50 addresses from the address book of the Outlook. This virus can spread only by using the Outlook. This virus is also known as W97M/Melissa, Kwyjibo, and Word97.Melissa. Answer option B is incorrect. Nimda is a mass mailing virus that spreads itself in attachments named README.EXE. It affects Windows 95, 98, ME, NT4, and Windows 2000 users. Nimda uses the Unicode exploit to infect IIS Web servers.

Question: 4 You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directorybased single domain single forest network. The company's network is connected to the Internet through a T1 line. The firewall is configured on the network for securing the internal network from the intruders on the Internet. The functional level of the forest is Windows Server 2008. You are designing a public key infrastructure (PKI) for the network. The network will use a root enterprise certificate authority (CA) and a subordinate C

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

4


A. The root CA will be used to issue certificates to the subordinate CA, and the subordinate CA will be used to issue certificates to the clients. The management of the company wants to ensure that the security of high-level CAs is not compromised. Which of the following steps will you take to accomplish the task? A. Place all CA servers in a locked room. B. Configure a firewall on the network. C. Take the subordinate CA offline after it gets the certificates from the root CA. D. Take the root CA offline after it issues certificates to its subordinate CAs.

Answer: D Explanation: In order to accomplish the task, you will have to take the root CA offline after it issues certificates to its subordinate CAs. In any organization, the security of the higher-level CAs in a network is critical. The higher-level CAs issue certificates to their subordinate CAs. If an intruder successfully penetrates the security of one high-level CA, the security of all its subordinates is compromised. In order to prevent such a penetration from taking place, it is highly recommended that the higher-level CAs be taken offline once they issue certificates to their subordinate CAs. Answer option C is incorrect. As the subordinate CA is used to issue certificates to clients on the network, you cannot take it offline. Answer option A is incorrect. Placing all CA servers in a locked room will prevent the servers from being accessed physically. However, it will not prevent them from any intrusion. Answer option B is incorrect. According to the question, a firewall is already configured on the network. A firewall is used to protect an internal network or an intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all the traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Hence, configuring a firewall will not prevent CAs from intrusion.

Question: 5 You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 domain-based network. The network has three Windows Server 2008 member servers and 150 Windows Vista client computers. The network contains a Windows Server 2008 Core computer named SERVER1 with NTFS file system. SERVER1 has a 802.11 wireless LAN adapter. The Wireless LAN Service is installed on SERVER1. You want to know about the 802.11 wireless LAN interface information, network information, and wireless settings on the system on SERVER1. Which of the following commands will you use to accomplish the task?

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

5


A. netsh wlan show all B. netsh wlan show drivers C. netsh wlan show interfaces D. netsh wlan show settings

Answer: A Explanation: In order to know about the 802.11 wireless LAN interface information, network information, and wireless settings on the system on SERVER1, you will have to run the following command on the command prompt: netsh wlan show all The netsh wlan show all command is used to display the entire collection of 802.11 wireless interface information, network information, and wireless settings on the system. The command output also includes the following information: Wireless adapter driver information Wireless interface status Wireless configuration settings Wireless network filters Wireless network profiles list and details Visible wireless networks Answer option D is incorrect. The netsh wlan show settings command is used to display the current global settings of the wireless LAN. Answer option B is incorrect. The netsh wlan show drivers command is used to display the 802.11 wireless LAN interface driver information. Answer option C is incorrect. The netsh wlan show interfaces command is used to display a list of the current wireless interfaces on a computer. The command output includes the following information : The number of interfaces on the computer. Interface name Description GUID Interface state

Question: 6 Which of the following protocols does IPsec use to perform various security functions in the network? Each correct answer represents a complete solution. Choose all that apply. A. Encapsulating Security Payload B. Authentication Header C. Skinny Client Control Protocol D. Internet Key Exchange

Answer: ABD

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

6


Explanation: The IPsec suite is a framework of open standards. IPsec uses the following protocols to perform various security functions: Internet Key Exchange (IKE): IKE (Internet Key Exchange) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE uses a Diffie-Hellman key exchange to set up a shared session secret, from which cryptographic keys are derived. Public key techniques or alternatively pre-shared keys are used to mutually authenticate the communicating parties. Encapsulating Security Payload (ESP): Encapsulating Security Payload (ESP) is an IPSec protocol that provides confidentiality with authentication, integrity, and anti-replay. ESP can be used alone in combination with Authentication Header (AH). ESP can also be used nested with the Layer Two Tunneling Protocol (L2TP). Normally, ESP does not sign the entire packet unless it is being tunneled. Typically, only the data payload is protected, not the IP header. Authentication Header (AH): Authentication Header (AH) is an IPsec protocol. The AH provides connectionless integrity and data origin authentication of IP packets. It can also protect the IP packets against replay attacks by using the sliding window technique and discarding old packets. The AH protects the IP payload and all header fields of an IP datagram except for mutable fields. Answer option C is incorrect. SCCP (Skinny Client Control Protocol) is the only Cisco-proprietary protocol of the four signaling protocols. It is used to control Cisco IP phones and other Cisco endpoint devices (such as the ATA 186/188). Skinny functions as a stimulus/response protocol similar to MGCP. Any interaction with a Cisco IP phone (such as lifting the handset, dialing a digit, etc.) causes the IP phone to send Skinny messages to the call processing software, which then responds with a Skinny message instructing the device with the action to take.

Question: 7 John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.weare-secure.com. He wants to test the effect of a virus on the We-are-secure server. He injects the virus on the server and, as a result, the server becomes infected with the virus even though an established antivirus program is installed on the server. Which of the following do you think are the reasons why the antivirus installed on the server did not detect the virus injected by John? Each correct answer represents a complete solution. Choose all that apply. A. John has created a new virus. B. John has changed the signature of the virus. C. The virus, used by John, is not in the database of the antivirus program installed on the server. D. The mutation engine of the virus is generating a new encrypted code.

Answer: ABCD

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

7


Explanation: Every virus cannot be detected by a signature-based antivirus largely for the following reasons: If an attacker has changed the signature of a virus, any signature-based antivirus will not be able to find the virus. Any new virus will not be captured by the antivirus, as it will not be on the list in the antivirus database. If the virus is not in the database of a signature-based antivirus, it will be virtually impossible for the antivirus to detect that virus. If the mutation engine of a polymorphic virus is generating a new encrypted code, this changes the signature of the virus. Therefore, polymorphic viruses cannot be detected by a signature-based antivirus. What are the techniques of detecting viruses? The following are the techniques of detecting viruses: Short-Term Virus Detection: In this technique, the product detects an infection very soon after the occurrence of the infection. Long-Term Virus Detection: In this technique, the product may use either spectral analysis, in which the product searches for specific patterns (signatures) in malicious code, or heuristic analysis, in which the product analyzes malicious code to figure out its capability. What are virus databases? Virus databases are the databases in which all the information about the virus such as the date of creation of the virus, working of the virus, methods of prevention from the virus, etc. are given. Many antivirus companies and network security communities collect all the information about the virus to create awareness among users. Alwil's AVAST database, F-Secure AntiVirus database, Kaspersky AntiVirus database, and McAfee's Virus Information Library are some good examples of the virus databases.

Question: 8 In which of the following social engineering attacks does an attacker first damage any part of the target's equipment and then advertise himself as an authorized person who can help fix the problem. A. Important user posing attack B. Impersonation attack C. In person attack D. Reverse social engineering attack

Answer: D Explanation: A reverse social engineering attack is a person-to-person attack in which an attacker convinces the target that he or she has a problem or

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

8


might have a certain problem in the future and that he, the attacker, is ready to help solve the problem. Reverse social engineering is performed through the following steps: An attacker first damages the target's equipment. He next advertises himself as a person of authority, ably skilled in solving that problem. In this step, he gains the trust of the target and obtains access to sensitive information. If this reverse social engineering is performed well enough to convince the target, he often calls the attacker and asks for help. Answer options B, A, and C are incorrect. Person-to-Person social engineering works on the personal level. It can be classified as follows: Impersonation: In the impersonation social engineering attack, an attacker pretends to be someone else, for example, the employee's friend, a repairman, or a delivery person. In Person Attack: In this attack, the attacker just visits the organization and collects information. To accomplish such an attack, the attacker can call a victim on the phone, or might simply walk into an office and pretend to be a client or a new worker. Important User Posing: In this attack, the attacker pretends to be an important member of the organization. This attack works because there is a common belief that it is not good to question authority. Third-Party Authorization: In this attack, the attacker tries to make the victim believe that he has the approval of a third party. This works because people believe that most people are good and they are being truthful about what they are saying. ReportsHelpBuy

Question: 9 Which methodology is a method to analyze the involved tasks in completing a given project, especially the time needed to complete each task, and identifying the minimum time needed to complete the total project? A. Gantt B. CPM C. FP D. PERT

Answer: D Explanation: A PERT chart is a project management tool used to schedule, organize, and coordinate tasks within a project. PERT stands for Program Evaluation Review Technique, a methodology developed by the U.S. Navy in the 1950s to manage the Polaris submarine missile program. A PERT chart presents a graphic illustration of a project as a network diagram consisting of numbered nodes (either circles or rectangles) representing events, or milestones in the project linked by labeled vectors (directional lines) representing tasks in the project. The direction of

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

9


the arrows on the lines indicates the sequence of tasks. Answer option A is incorrect. A Gantt chart is a type of bar chart that illustrates a project schedule. Gantt charts illustrate the start and finish dates of the terminal elements and summary elements of a project. Terminal elements and summary elements comprise the work breakdown structure of the project. Some Gantt charts also show the dependency (i.e, precedence network) relationships between activities. Gantt charts have become a common technique for representing the phases and activities of a project work breakdown structure (WBS), so they can be understood by a wide audience. Answer option B is incorrect. Critical Path Method, abbreviated CPM, or Critical Path Analysis, is a mathematically based algorithm for scheduling a set of project activities. It is an important tool for effective project management. It provides the following benefits: Provides the graphical view of the project. Predicts the time required to complete the project. Shows which activities are critical to maintain the schedule and which are not. CPM models the activities and events of a project as a network. Activities are depicted as nodes on the network, and events that signify the beginning or ending of activities are depicted as arcs or lines between the nodes. Answer option C is incorrect. A function point is a unit of measurement to express the amount of business functionality an information system provides to a user. Function points are the units of measure used by the IFPUG Functional Size Measurement Method. The IFPUG FSM Method is an ISO recognized software metric to size an information system based on the functionality that is perceived by the user of the information system, independent of the technology used to implement the information system.

Question: 10 John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task? A. Steganography B. Web ripping C. Email spoofing D. Social engineering

Answer: A

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

10


Explanation: According to the scenario, John is performing the Steganography technique for sending malicious data. Steganography is an art and science of hiding information by embedding harmful messages within other seemingly harmless messages. It works by replacing bits of unused data, such as graphics, sound, text, and HTML, with bits of invisible information in regular computer files. This hidden information can be in the form of plain text, cipher text, or even in the form of images. Answer option B is incorrect. Web ripping is a technique in which the attacker copies the whole structure of a Web site to the local disk and obtains all files of the Web site. Web ripping helps an attacker to trace the loopholes of the Web site. Answer option D is incorrect. Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of the people to trick someone rather than their technical skills. A user should always distrust people who ask him for his account name or password, computer name, IP address, employee ID, or other information that can be misused. Answer option C is incorrect. John is not performing email spoofing. In email spoofing, an attacker sends emails after writing another person's mailing address in the from field of the email id.

Question: 11 Drop the appropriate value to complete the formula.

Answer:

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

11


Explanation: A Single Loss Expectancy (SLE) is the value in dollar ($) that is assigned to a single event. The SLE can be calculated by the following formula: SLE = Asset Value ($) X Exposure Factor (EF) The Exposure Factor (EF) represents the % of assets loss caused by a threat. The EF is required to calculate the Single Loss Expectancy (SLE). The Annualized Loss Expectancy (ALE) can be calculated by multiplying the Single Loss Expectancy (SLE) with the Annualized Rate of Occurrence (ARO). Annualized Loss Expectancy (ALE) = Single Loss Expectancy (SLE) X Annualized Rate of Occurrence (ARO) Annualized Rate of Occurrence (ARO) is a number that represents the estimated frequency in which a threat is expected to occur. It is calculated based upon the probability of the event occurring and the number of employees that could make that event occur.

Question: 12 Which of the following are considered Bluetooth security violations? Each correct answer represents a complete solution. Choose two. A. Bluebug attack B. Social engineering C. Bluesnarfing D. Cross site scripting attack E. SQL injection attack

Answer: AB Explanation: Bluesnarfing is the act of stealing data from a person's cell phone. Bluetooth technology uses the object exchange (OBEX) protocol to transfer the data easily without any authentication. Bluesnarfers take advantage of this vulnerability to extract data from a Bluetooth user. A bluebug attack is also a security violation that creates a serial connection to the phone, allowing access to all the included AT commands. It allows the attacker to place phone calls, send and receive messages, and connect to Internet data services. This attack provides the attacker complete control over devices through the AT commands. Answer options D, B, and E are incorrect. Neither social engineering nor the cross site scripting and SQL injection attacks are considered Bluetooth security violations. What is social engineering? Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of the people to trick someone rather than their technical skills. A user should always distrust people

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

12


who ask him for his account name or password, computer name, IP address, employee ID, or other information that can be misused. What is a cross site scripting attack? A cross site scripting attack is one in which an attacker enters malicious data into a Website. For example, the attacker posts a message that contains malicious code to any newsgroup site. When another user views this message, the browser interprets this code and executes it and, as a result, the attacker is able to take control of the user's system. Cross site scripting attacks require the execution of client-side languages such as JavaScript, Java, VBScript, ActiveX, Flash, etc. within a user's Web environment. With the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking, etc.

Question: 13 You work as a Network Administrator for Infosec Inc. Nowadays, you are facing an unauthorized access in your Wi-Fi network. Therefore, you analyze a log that has been recorded by your favorite sniffer, Ethereal. You are able to discover the cause of the unauthorized access after noticing the following string in the log file: (Wlan.fc.type_subtype eq 32 and llc.oui eq 0x00601d and llc.pid eq 0x0001) When you find All your 802.11b are belong to us as the payload string, you are convinced about which tool is being used for the unauthorized access. Which of the following tools have you ascertained? A. Kismet B. NetStumbler C. AiroPeek D. AirSnort

Answer: B Explanation: NetStumbler, a war driving tool, uses an organizationally unique identifier (OID) of 0x00601d and a protocol identifier (PID) of 0x0001. Each version has a typical payload string. For example, NetStumbler 3.2.3 has a payload string: 'All your 802.11b are belong to us'. Therefore, when you see the OID and PID values, you discover that the attacker is using NetStumbler, and when you see the payload string, you are able to ascertain that the attacker is using NetStumbler 3.2.3. What is NetStumbler? NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. It detects wireless networks and marks their relative position with a GPS. It uses an 802.11 Probe

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

13


Request that has been sent to the broadcast destination address. When NetStumbler is connected to a GPS, it records a GPS coordinate for the highest signal strength found at each access point. The main features of NetStumbler are as follows: It displays the signal strength of a wireless network, MAC address, SISD, channel details, etc. It is commonly used for: a.War driving b.Detecting unauthorized access points c.Detecting causes of interference on a WLAN d.WEP ICV error tracking e.Making Graphs and Alarms on 802.11 Data, including Signal Strength How to detect NetStumbler and identify it NetStumbler uses an organizationally unique identifier (OID) of 0x00601d and a protocol identifier (PID) of 0x0001. It also uses a data payload size of 58 bytes containing a unique string that can be used to identify the version of NetStumbler. For example, Version 3.2.0 carries 'Flurble gronk bloopit, bnip Frundletrune', Version 3.2.3 has a payload string 'All your 802.11b are belong to us' , and 3.3.0 has a payload string that is intentionally left blank. Hence, with the help of these fingerprints, not only can a Network Administrator easily detect the symptoms of NetStumbler but he can also identify the version of NetStumbler being used by an attacker. Answer option C is incorrect. AiroPeek is a Windows-based commercial wireless LAN analyzer for IEEE 802.11b. It supports all high level protocols such as TCP/IP, NetBEUI, IPX, etc. It can be used to perform the following tasks: Site surveys Security assessments Channel scanning Real time and past capture WEP decryption Client troubleshooting WLAN monitoring Remote WLAN analysis Application layer protocol analysis Answer option A is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks: Site surveys Security assessments Channel scanning Real time and past capture WEP decryption Client troubleshooting WLAN monitoring Remote WLAN analysis Application layer protocol analysis Answer option A is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

14


wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks: To identify networks by passively collecting packets To detect standard named networks To detect masked networks To collect the presence of non-beaconing networks via data traffic Answer option D is incorrect. AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys.

Question: 14 Which of the following options is an approach to restricting system access to authorized users? A. RBAC B. MAC C. DAC D. MIC Answer: A Explanation: Role-based access control (RBAC) is an approach to restricting system access to authorized users. It is a newer alternative approach to mandatory access control (MAC) and discretionary access control (DAC). RBAC is sometimes referred to as role-based security. RBAC is a policy neutral and flexible access control technology sufficiently powerful to simulate DAC and MAC. Conversely, MAC can simulate RBAC if the role graph is restricted to a tree rather than a partially ordered set. Answer option C is incorrect. Discretionary access control (DAC) is a kind of access control defined by the Trusted Computer System Evaluation Criteria as "a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission on to any other subject". Answer option B is incorrect. Mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In practice, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object will be tested against the set of authorization rules to determine if the operation is allowed.

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

15


Answer option D is incorrect. Mandatory Integrity Control (MIC), also called Integrity levels, is a core security feature, introduced in Windows Vista and Windows Server 2008, which adds Integrity Levels (IL) to processes running in a login session. This mechanism is able to selectively restrict the access permissions of certain programs or software components which are considered to be potentially less trustworthy, compared with other software running under the same user account which is more trusted.

Question: 15 You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest domain-based network. The company has recently provided fifty laptops to its sales team members. You are required to configure an 802.11 wireless network for the laptops. The sales team members must be able to use their data placed at a server in a cabled network. The planned network should be able to handle the threat of unauthorized access and data interception by an unauthorized user. You are also required to prevent the sales team members from communicating directly to one another. Which of the following actions will you perform to accomplish the task? Each correct answer represents a complete solution. Choose all that apply. A. Implement the open system authentication for the wireless network. B. Implement the IEEE 802.1X authentication for the wireless network. C. Configure the wireless network to use WEP encryption for the data transmitted over a wireless network. D. Using group policies, configure the network to allow the wireless computers to connect to the ad hoc networks only. E. Using group policies, configure the network to allow the wireless computers to connect to the infrastructure networks only.

Answer: BCD Explanation: In order to enable wireless networking, you have to install access points in various areas of your office building. These access points generate omni directional signals to broadcast network traffic. Unauthorized users can intercept these packets. Hence, security is the major concern for a wireless network. The two primary threats are unauthorized access and data interception. In order to accomplish the task, you will have to take the following steps: Using group policies, configure the network to allow the wireless computers to connect to the infrastructure networks only. This will prevent the sales team members from communicating directly to one another. Implement the IEEE 802.1X authentication for the wireless network. This will allow only authenticated users to access the network data and resources.

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

16


Configure the wireless network to use WEP encryption for data transmitted over a wireless network. This will encrypt the network data packets transmitted over wireless connections. Although WEP encryption does not prevent intruders from capturing the packets, it prevents them from reading the data inside. What is infrastructure network? Infrastructure is a basic topology of a wireless network. An infrastructure network consists of an access point that connects wireless devices to the standard cable network. An access point is connected to the cabled network through a cable and it generates omni directional signals. When wireless devices come within the range of the access point, they are able to communicate with the cabled local area network.

The access point works as a central bridge device to include wireless devices in the cabled LAN. What is IEEE 802.1X authentication? The IEEE 802.1X standard defines a method of authenticating and authorizing users to connect to an IEEE 802 LAN. It blocks users from accessing the network on the failure of authentication. IEEE 802.1X supports the Extensible Authentication Protocol-Transport Level Security (EAP-TLS) and Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) protocols. In the IEEE802.1X authentication system, an access point receives a connection request from a wireless client and forwards the request to the RADIUS server. The RADIUS server then uses the Active Directory database to determine whether the client should be granted access to the network. What is WEP? Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security, which is equivalent to wired networks, for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. WEP incorporates a checksum in each frame to provide protection against the attacks that attempt to reveal the key stream.

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

17


Thank You For Trying Our Demo

GSLC EXAM GSLC GIAC Security Leadership

http://www.certificationtutorials.com/giac/GSLC-exam.htm

If you have any questions or difficulties regarding this product, feel free to contact Us. For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features!

For interactive and self-paced preparation of exam GSLC, try our practice exams. Practice exams also include self assessment and reporting features

http://www.certificationtutorials.com

18


GIAC GSLC GSLC