GIAC Security Leadership: GSLC Exam
GSLC Questions & Answers
Exam Code: GSLC
Exam Name: GIAC Security Leadership
Q & A: 567 Q&As
QUESTION 1
Tomas is the project manager of the QWS Project and is worried that the project stakeholders will
want to change the project scope frequently. His fear is based on the many open issues in the
project and how the resolution of the issues may lead to additional project changes. On what
document are Tomas and the stakeholders working in this scenario?
A. Change management plan
B. Communications management plan
C. Issue log
D. Risk management plan
Answer: A
QUESTION 2
Which of the following statements is true about the difference between worms and Trojan horses?
A. Trojan horses are a form of malicious codes while worms are not.
B. Trojan horses are harmful to computers while worms are not.
C. Worms replicate themselves while Trojan horses do not.
D. Worms can be distributed through emails while Trojan horses cannot.
Answer: C
QUESTION 3
Victor wants to use Wireless Zero Configuration (WZC) to establish a wireless network
connection using his computer running on Windows XP operating system. Which of the following
are the most likely threats to his computer?
Each correct answer represents a complete solution. Choose two.
A. Attacker can use the Ping Flood DoS attack if WZC is used.
B. Information of probing for networks can be viewed using a wireless analyzer and may be used to
gain access.
C. Attacker by creating a fake wireless network with high power antenna cause Victor’s computer to
associate with his network to gain access.
D. It will not allow the configuration of encryption and MAC filtering. Sending information is not secure
on wireless network.
Answer: BC
QUESTION 4
Olive is the program manager for her organization. She has created a request for proposal for a
large portion of her program. In this work to be procured she has set several requirements for the
vendors to participate. The chief among these requirements is a vendor must have at least four
licensed electricians in his team. This requirement for four licensed electricians is an example of
which one of the following terms?
A. Vendor analysis requirements
B. Scoring model
C. Evaluation criteria
D. Screening system
Answer: D
QUESTION 5
Which of the following PPP configuration options is used to increase the effective throughput on
PPP connections by reducing the amount of data in the frame that must travel across the link?
A. Authentication
B. Error detection
C. Compression
D. Multilink
Answer: C
QUESTION 6
Which of the following standards is used in wireless local area networks (WLANs)?
A. IEEE 802.4
B. IEEE 802.3
C. IEEE 802.11b
D. IEEE 802.5
Answer: C
QUESTION 7
Adrian knows the host names of all the computers on his network. He wants to find the IP
addresses of these computers. Which of the following TCP/IP utilities can he use to find the IP
addresses of these computers?
Each correct answer represents a complete solution. Choose two.
A. IPCONFIG
B. PING
C. NETSTAT
D. TRACERT
Answer: BD
QUESTION 8
The Project Procurement Management knowledge area focuses on which of the following
processes?
Each correct answer represents a complete solution. Choose two.
A. Contract Administration
B. Team Development
C. Staff Acquisition
D. Contract Closure
Answer: AD
QUESTION 9
In which of the following attacks does an attacker create the IP packets with a forged (spoofed)
source IP address with the purpose of concealing the identity of the sender or impersonating
another computing system?
A. Polymorphic shell code attack
B. IP address spoofing
C. Cross-site request forgery
D. Rainbow attack
Answer: B
QUESTION 10
An intruder is trying to get user passwords by pretending to be help desk staff. Which of the
following types of security attacks do you think it is?
A. Hacking
B. Man-in-the-middle
C. Spoofing
D. Social Engineering
Answer: D
QUESTION 11
You work as a Network Administrator for Blue Well Inc. The company has a Windows Server
2008 domain-based network. All client computers on the network run Windows Vista Ultimate.
Andy, a Finance Manager, uses Windows Mail to download his e-mails to his inbox. He
complains that every now and then he gets mails asking for revealing personal or financial
information. He wants that such mails are not shown to him. Which of the following steps will you
take to accomplish the task?
A. Remove domain names of such emails from the Safe Sender’s list.
B. Configure phishing filter in Internet Explorer 7.0.
Configure it to filter all phishing mails.
C. Configure phishing filter in Windows Mail.
Configure it to move such mails to the Junk Mail folder.
D. Add domain names of such emails in the Block Sender’s list.
Answer: C
QUESTION 12
You work as a Network Administrator for McNeil Inc. The company has a Windows Active
Directorybased single domain single forest network. The functional level of the forest is Windows
Server 2003. The company’s management has decided to provide laptops to its sales team
members. These laptops are equipped with smart card readers. The laptops will be configured as
wireless network clients. You are required to accomplish the following tasks:
The wireless network communication should be secured.
The laptop users should be able to use smart cards for getting authenticated.In order to accomplish the tasks, you take the following steps:
Configure 802.1x and WEP for the wireless connections.
Configure the PEAP-MS-CHAP v2 protocol for authentication
What will happen after you have taken these steps?
A. Both tasks will be accomplished.
B. The wireless network communication will be secured.
C. None of the tasks will be accomplished.
D. The laptop users will be able to use smart cards for getting authenticated.
Answer: B
QUESTION 13
Which of the following tools works both as an encryption-cracking tool and as a keylogger?
A. Magic Lantern
B. KeyGhost Keylogger
C. Alchemy Remote Executor
D. SocketShield
Answer: A
QUESTION 14
Which of the following statements about Encapsulating Security Payload (ESP) are true?
Each correct answer represents a complete solution. Choose two.
A. It is an IPSec protocol.
B. It is a text-based communication protocol.
C. It uses TCP port 22 as the default port and operates at the application layer.
D. It can also be nested with the Layer Two Tunneling Protocol (L2TP).
Answer: AD
QUESTION 15
John works as a professional Ethical Hacker. He has been assigned a project to test the security
of www.we-are-secure.com. He wants to test the effect of a virus on the We-are-secure server.
He injects the virus on the server and, as a result, the server becomes infected with the virus
even though an established antivirus program is installed on the server. Which of the following do
you think are the reasons why the antivirus installed on the server did not detect the virus injected
by John?
Each correct answer represents a complete solution. Choose all that apply.
A. The virus, used by John, is not in the database of the antivirus program installed on the server.
B. John has created a new virus.
C. The mutation engine of the virus is generating a new encrypted code.
D. John has changed the signature of the virus.
Answer: ABCD
…go to http://www.lead2pass.com/gslc.html to download the lastest full version.