Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free GIAC GSLC Practice Exam with Questions & Answers | Set: 2

Questions 16

IDS systems can be classified in many different ways. Which of the following is not a way that IDS systems are commonly classified?

Options:
A.

Latent

B.

Network Based

C.

Passive

D.

Active

E.

Host Based

GIAC GSLC Premium Access
Questions 17

You are taking over the security of an existing network. You discover a machine that is not being used as such, but has software on it that emulates the activity of a sensitive database server. What is this?

Options:
A.

A Virus

B.

A reactive IDS.

C.

A Honey Pot

D.

A Polymorphic Virus

Questions 18

An attacker makes an attempt against a Web server. The result is that the attack takes the form of URLs. These URLs search for a certain string that identifies an attack against the Web server. Which IDS/IPS detection method do the URLs use to detect and prevent an attack?

Options:
A.

Policy-based detection

B.

Signature-based detection

C.

Anamoly-based detection

D.

Honey pot detection

Questions 19

You are the program manager for your organization. You have proposed a program that will cost $750,000 and will last for four years. Management is concerned with the cost of the program in relation to the return your program will bring. If the rate of return is six percent what is the minimum value your project should return in four years based on the investment of the program?

Options:
A.

$795,000

B.

$750,001

C.

$946,857

D.

$750,000

Questions 20

Janet is the project manager of the NHQ Project for her company. Janet is nearly done leading the project and there have been no cost or schedule overruns in the development of the new software for her company. The project team has been completing their work on time and there is still $75,000 left in the project budget. Janet decides to have the project team implement some extra features to the project scope to use all of the $75,000 in the budget even though the customer didn't specifically ask for the added features. This scenario is an example of which one of the following?

Options:
A.

Scope creep

B.

Gold plating

C.

Change management

D.

Value added change

Questions 21

Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?

Options:
A.

Authentication

B.

Integrity

C.

Non-repudiation

D.

Confidentiality

Questions 22

You work as a Network Administrator for NetTech Inc. The company has a Windows Server 2008 Active Directory-based single domain single forest network. The company's network is connected to the Internet through a T1 line. The firewall is configured on the network for securing the internal network from the intruders on the Internet. You are designing a public key infrastructure (PKI) for the network. The network will use a root enterprise certificate authority (CA) and two subordinate CAs. The root CA will be used to issue certificates to the subordinate CAs, and the subordinate CAs will be used to issue certificates to the clients. The security policy of the company dictates that the security of high-level CAs should not be compromised. Which of the following steps will you take to implement the security policy of the company?

Options:
A.

Take the root enterprise CA offline after it issues certificates to its subordinate CAs.

B.

Place all CA servers in a locked room.

C.

Take subordinate CAs offline after they get their certificates from the root CA.

D.

Configure a firewall on the network.

Questions 23

Adrian knows the host names of all the computers on his network. He wants to find the IP addresses of these computers. Which of the following TCP/IP utilities can he use to find the IP addresses of these computers?

Each correct answer represents a complete solution. Choose two.

Options:
A.

IPCONFIG

B.

PING

C.

NETSTAT

D.

TRACERT

Questions 24

Which of the following statements about IPSec are true?

Each correct answer represents a complete solution. Choose two.

Options:
A.

It uses Internet Protocol (IP) for data integrity.

B.

It uses Authentication Header (AH) for data integrity.

C.

It uses Password Authentication Protocol (PAP) for user authentication.

D.

It uses Encapsulating Security Payload (ESP) for data confidentiality.

Questions 25

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He copies the whole structure of the We-are-secure Web site to the local disk and obtains all the files on the Web site. Which of the following techniques is he using to accomplish his task?

Options:
A.

Eavesdropping

B.

Fingerprinting

C.

Web ripping

D.

TCP FTP proxy scanning

Questions 26

Which of the following terms describes the statement given below?

"It refers to a range of skills, tools, and techniques used to manage time when accomplishing specific tasks, projects, and goals. This set encompasses a wide scope of activities, and these include planning, allocating, setting goals, delegation, analysis of time spent, monitoring, organizing, scheduling, and prioritizing."

Options:
A.

Time Management

B.

Digital Rights Management

C.

Perception Management

D.

Change Management

Questions 27

You want to use PGP files for steganography. Which of the following tools will you use to accomplish the task?

Options:
A.

Stealth

B.

Snow

C.

Blindside

D.

ImageHide

Questions 28

John works as a professional Ethical Hacker. He has been assigned the task of testing the security of www.we-are-secure.com. He installs a sniffer on the We-are-secure server thinking that the following protocols of the We-are-secure server are being used in the network:

HTTP

SSL

SSH

IPSec

Considering the above factors, which of the following types of packets can he expect to see captured in encrypted form when he checks the sniffer's log file?

Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

SSH

B.

SSL

C.

HTTP

D.

IPSec

Questions 29

You are an Administrator for a network at an investment bank. You are concerned about individuals breeching your network and being able to steal data before you can detect their presence and shut down their access. Which of the following is the best way to address this issue?

Options:
A.

Implement a strong password policy.

B.

Implement a honey pot.

C.

Implement a strong firewall.

D.

Implement network based anti virus.

Questions 30

Which of the following statements about Encapsulating Security Payload (ESP) is true?

Options:
A.

ESP is always used in combination with Authentication Header (AH).

B.

ESP can encrypt data and verify data integrity.

C.

ESP is never used in combination with Authentication Header (AH).

D.

ESP only verifies data integrity.

Exam Code: GSLC
Certification Provider: GIAC
Exam Name: GIAC Security Leadership Certification (GSLC)
Last Update: Sep 12, 2025
Questions: 567

GIAC Related Exams

GSEC - GIAC Security Essentials
GCFA - GIACCertified Forensics Analyst
GSSP-.NET - GIAC GIAC Secure Software Programmer - C#.NET
GCFR - GIAC Cloud Forensics Responder (GCFR)
GCED - GIAC Certified Enterprise Defender
GPEN - GIAC Penetration Tester
GSNA - GIAC Systems and Network Auditor
GSSP-Java - GIAC Secure Software Programmer – Java
GICSP - Global Industrial Cyber Security Professional (GICSP)
GPYC - GIAC Python Coder (GPYC)
GISF - GIAC Information Security Fundamentals
GCPM - GIAC Certified Project Manager Certification Practice Test
GPPA - GIAC Certified Perimeter Protection Analyst
GCCC - GIAC Critical Controls Certification (GCCC)
GCFW - GIAC Certified Firewall Analyst
GIAC Free Access
Get GIAC Full Access

GIAC Free Exams
GIAC Free Exams
Prepare for GIAC certification with free access to reliable study resources and practice tests at Examstrack.