GIAC gsec practice test
GIAC Security Essentials Exam
Question 1
You work as an Administrator for McRoberts Inc. The company has a Linux-based network. You are
logged in as a non-root user on your client
computer. You want to delete all files from the /garbage directory. You want that the command you
will use should prompt for the root user
password. Which of the following commands will you use to accomplish the task?
- A. rm -rf /garbage*
- B. del /garbage/*.*
- C. rm -rf /garbage* /SU
- D. su -c "RM -rf /garbage*"
Answer:
D
Explanation:
In order to accomplish the task, you will have to use the su command. This command will switch the
user. According to the question, the
command should prompt for the root user password. If you do not specify any user account with the
su command, the command switches the
login for the root user and prompts for the root user password. The -c switch with the su command
passes a single command to the shell. You
can use the rm command with the -c option to remove the required files. The -rf switch with the rm
command does not confirm the user before
file deletion.
167/168
Questions & Answers PDF
P-
168/168
Question 2
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based
network. He is working as a root user on the Linux operating system. He wants to delete his
private.txt file from his operating system. He knows that the deleted file can be recovered easily.
Hence, he wants to delete the file securely. He wants to hide the shredding, and so he desires to add
a final overwrite of the file private.txt with zero. Which of the following commands will John use to
accomplish his task?
- A. rmdir -v private.txt
- B. shred -vfu private.txt
- C. shred -vfuz private.txt
- D. rm -vf private.txt
Answer:
C
Explanation:
166/168
Questions & Answers PDF
P-
According to the scenario, John will use the shred -vfuz private.txt command. The shred command
with the -z option adds a final overwrite
with zeros to hide shredding.
Answer option D is incorrect. This command removes the file forcibly, but it does not perform a
secure deletion.
Answer option B is incorrect. This command overwrites the file forcibly with changing permissions to
allow writing.
Answer option A is incorrect. The rmdir command is used to remove the directories but not the files.
The rmdir command is used to remove a
directory in a Linux computer.
Syntax:
rmdir [options] <directory name>
Example:
The following command will remove a directory named xdir from the /home/user directory:
rmdir /home/user/xdir
Question 3
You work as a Network Administrator for Secure World Inc. The company has a Linux-based network.
You want to run a command with the changed root directory. Which of the following commands will
you use?
- A. ls <new root> <command>
- B. chroot <new root> <command>
- C. route <new root> <command>
- D. chdir <new root> <command>
Answer:
B
Explanation:
In order to run a command with the changed root directory, you will have to execute the following
command:
chroot <new root> <command>
chroot runs a command or an interactive shell with a special root directory. It runs the specified
command with the root directory set to <new
root>.
Answer option A is incorrect. The ls command is used to list files and directories in a Linux computer.
Answer option D is incorrect. The chdir command changes the current directory to the path specified
with the command.
Answer option C is incorrect. The route command manipulates the kernel's IP routing tables.
Question 4
You work as a Network Administrator for Net World Inc. The company has a Linux-based network.
You are optimizing performance and security on your Web server. You want to know the ports that
are listening to FTP. Which of the following commands will you use?
- A. netstat -a | grep FTP
- B. FTP netstat -r
- C. FTP netstat -a
- D. netstat -r | grep FTP
Answer:
A
Explanation:
In order to accomplish the task, you will have to use the following command:
netstat -a | grep FTP
The netstat command with the -a switch produces all connections and listening ports. The grep
command will help search entries that contain
165/168
Questions & Answers PDF
P-
the FTP word.
Answer option D is incorrect. The netstat -r command is equivalent to the route command. It shows
the route table of a computer.
Answer options C and B are incorrect. These syntaxes are not supported by the netstat command.
Question 5
You work as a Network Administrator for McRobert Inc. You want to know the NetBIOS name of your
computer. Which of the following commands will you use?
- A. NETSTAT -s
- B. NBTSTAT -s
- C. NBTSTAT -n
- D. NETSTAT -n
Answer:
C
Explanation:
NBTSTAT -n displays the list of local NetBIOS names.
Answer options D and A are incorrect. The netstat command displays protocol-related statistics and
the state of current TCP/IP connections. It
is used to get information about the open connections on a computer, incoming and outgoing data,
as well as the ports of remote computers
to which the computer is connected. The netstat command gets all this networking information by
reading the kernel routing tables in the
memory.
Question 6
You have been hired to design a TCP/IP-based network that will contain both Unix and Windows
computers. You are planning a name resolution strategy. Which of the following services will best suit
the requirements of the network?
- A. APIPA
- B. LMHOSTS
- C. DNS
- D. DHCP 164/168 Questions & Answers PDF P-
- E. WINS
Answer:
C
Explanation:
You should plan to install DNS to fulfill the requirements of the network.
Question 7
Which of the following are the types of access controls?
Each correct answer represents a complete solution. Choose three.
- A. Physical
- B. Administrative
- C. Automatic
- D. Technical
Answer:
A, B, and D
Explanation:
Security guards, locks on the gates, and alarms come under physical access control.
Policies and procedures implemented by an organization come under administrative access control.
IDS systems, encryption, network segmentation, and antivirus controls come under technical access
control.
Answer option C is incorrect. There is no such type of access control as automatic control.
Question 8
Which of the following statements about buffer overflow is true?
- A. It manages security credentials and public keys for message encryption.
- B. It is a collection of files used by Microsoft for software updates released between major service pack releases.
- C. It is a condition in which an application receives more data than it is configured to accept.
- D. It is a false warning about a virus.
Answer:
C
Explanation:
Buffer overflow is a condition in which an application receives more data than it is configured to
accept. This usually occurs due to
programming errors in the application. Buffer overflow can terminate or crash the application.
Answer option A is incorrect. Certification authority (CA) is an entity in a network, which manages
163/168
Questions & Answers PDF
P-
security credentials and public keys for
message encryption. It issues certificates that confirm the identity and other attributes of a
certificate in relation to other entities. Depending
on the public key infrastructure implementation, a certificate includes the owner's name, the
owner's public key, information about the public
key owner, and the expiry date of the certificate.
Answer option D is incorrect. Hoax is a false warning about a virus. It is commonly spread through e-
mail messages. Good Time and Irina
viruses are some of the well-known hoaxes. Users can verify the authenticity of such warnings by
visiting various websites of anti-virus
software.
Answer option B is incorrect. Hotfix is a collection of files used by Microsoft for software updates
that are released between major service pack
releases. A hotfix is about a problem, occurring under specific circumstances, which cannot wait to
be fixed till the next service pack release.
Hotfixes are generally related to security problems. Hence, it is essential to fix these problems as
soon as possible.
Question 9
You work as a Network Administrator for McNeil Inc. You are installing an application. You want to
view the log file whenever a new entry is added to the /var/log/messages log file. Which of the
following commands will you use to accomplish this?
- A. TAIL -show /var/log/messages
- B. TAIL -f /var/log/messages
- C. TAIL -50 /var/log/messages
- D. TAIL -view /var/log/messages
Answer:
B
Explanation:
The TAIL command is used to display the last few lines of a file. The default is 10. TAIL is often used by
a system administrator to read the
most recent entries in log files.
TAIL [-n] filename
where n specifies the number of lines a user wants to view. If no value is provided for n, ten lines will
be retrieved. For example, the following
command is used to view the last ten lines of the /var/log/cron log file:
TAIL /var/log/cron
The following command will show the last 3 lines of the file /var/log/cron.
tail -n 3 /var/log/cron
Answer options A and D are incorrect. In Linux, there are no switches such as -show and -view used
with the TAIL command.
Question 10
You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based
network. You are required to search for the error messages in the /var/log/messages log file. Which
of the following commands will you use to accomplish this?
- A. ps /var/log/messages
- B. cat /var/log/messages | look error
- C. cat /var/log/messages | grep error
- D. cat /var/log/messages
Answer:
C
Explanation:
The grep command is used to search for a specific pattern of text in a file. It helps administrators in
searching large amounts of text for a
certain error message or name.
Answer option B is incorrect. There is no such command as look in Linux.
162/168
Questions & Answers PDF
P-
Answer option A is incorrect. The ps command reports the status of processes that are currently
running on a Linux computer.