mile2’s GSLC

Exam Prep Guide

© Copyright – mile2
All materials, including pages, documents, software and graphics where
applicable are the property of mile2 and are protected by federal and
international copyright laws. No part of these materials may be reproduced,
re-used or redistributed for any commercial purpose whatsoever, or
distributed to a third party for such purpose, without express written
permission from mile2. This Student Guide and Reference Materials are
licensed solely for single use by mile2 students in classes officially
sanctioned by mile2 (see www.mile2.com to confirm your event is on our
public schedule).
1. Which of the following is a traditional phase in preparing a BCP?

A. Testing, Maintenance, Awareness, and Training

B. Incident response planning
C. Development of a change control process
D. Quantitative Risk Analysis

Answer: A - Traditional BCP phases include Project Management and Initiation; Business Impact
Analysis; Recovery Strategy; Plan Design, Development and Testing, Maintenance, Awareness, and
Training. The other answers may integrate with a BCP project but are not traditional phases.
Module 9 Incident Management

2. Purposes of a BIA include:

A. Identifying additional countermeasures

B. Prioritizing critical systems
C. Completing a cost/benefit analysis
D. Naming the recovery team

Answer: B - Purposes of a BIA include:

• Document impact of outages.
• Identify organization critical business functions.
• Identify concerns if operation is degraded.
• Prioritize critical systems.
• Analyze outage impact.
• Determine recovery windows.

Module 9 Incident Management

3. Advantages of a cold site for systems recovery include:

A. Availability in a few hours

B. Operational testing is available
C. Costs less than in-house facility
D. Practical for less-popular hardware

Answer: C - Cold site advantages include:

 Available for a long time
 Various site locations
 Exclusive use by organization
  Less expensive than a hot site
 Practical for less-popular hardware configurations
Module 9 Incident Management

7. The first step of any response to a business interruption event should be what?

A. If human life is at risk, evacuate the premises.

B. Call the proper authorities.
C. Secure critical or sensitive data.
D. Determine the source of the problem.

Answer A. Nothing is more important than human life. The absolute first response should be to
prevent loss of life. If the risk is present, evacuate. See the section “What Are the Disasters That
Interrupt Business Operation?” for more information.
Module 9 Incident Management

8. What is the first step in developing a comprehensive data management program?

A. Ensure that all data systems are backed up.

B. Determine the location of all data.
C. Identify all data elements used in the organization.
D. Determine which data is most important.

Answer C – It is important to know what data the organization has and then to establish ownership
of the data, classify the data, and protect it appropriately.
Module 5 Information Security Concepts

9. A gap analysis for privacy-related regulations refers

A. to the practice of identifying the policies and procedures you currently have in place
regarding the availability of protected health information.
B. to the practice of identifying the policies and procedures you currently have in place
regarding the confidentiality of protected health information.
C. to the practice of identifying the policies and procedures you currently have in place
regarding the authenticity of protected health information.
D. to the practices of identifying the legislation you currently have in place regarding the
confidentiality of protected health information.

Answer: B – privacy laws are most concerned with confidentiality of sensitive information
Module 5 Information Security Concepts
10. Which of the following issues is LEAST important when quantifying risks associated with a
potential disaster?

A. Information gathered from agencies that report the probability of certain natural disasters
taking place in that area
B. Identifying the company's key functions and business requirements
C. Identifying critical systems that support the company's operations
D. Estimation of the potential loss and impact the company would face based on how long the
outage lasted

Answer: A - These steps outline the processes that should take place from beginning to end
pertaining to these types of plans.
Module 2 – Risk Management

11. The act of scrambling data to make it difficult for an unauthorized person from seeing it is
called all of the following EXCEPT:

A. Encode
B. Emboss
C. Encrypt
D. Encipher

Answer: B - Encrypt/encipher/encode are synonymous.

Module 6 - Encryption

12. The key used in a cryptographic operation is also called:

A. Cryptovariable
B. Cryptosequence
C. Cryptoform
D. Cryptolock

Answer: A - Key/cryptovariable are synonymous.

Module 6 - Encryption

13. What determines the correct choice of cryptographic algorithm?

A. Cost
B. Availability
C. Business requirements
D. Government regulations
Answer: C - Many algorithms are free, but the organization must select one that suits business
requirements.
Module 6 - Encryption

14. Which of the following is NOT one of the four primary objectives of cryptography?

A. Non-repudiation
B. Authentication
C. Data integrity
D. Authorization

Answer: D – Authorization is a function of access control once a user has been authenticated.
Module 6 - encryption

15. Another name for symmetric key cryptography is:

A. Shared
B. Public
C. Elliptic curve
D. Key clustering

Answer: A - Secret key or symmetric key cryptography is the technology in which encryption and
decryption use the same key, a secret key. Users share a secret key, keeping the key to themselves.
Module 6 - Encryption

16. Encrypting a hash of a message with a private key in an asymmetric system provides:

A. Proof of receipt
B. Digital signature
C. Confidentiality
D. Message availability

Answer: B a digital signature provides proof of origin of a message and message integrity. It is
created by singing a hash of a message with a private key of the sender.
Module 6 - encryption

17. What is called the standard format that was established to set up and manage Security
Associations (SA) on the Internet in IPSec?

A. Internet Key Exchange

B. Secure Key Exchange Mechanism
C. Oakley
 D. ISAKMP

Answer: D Internet Security Association Key Management Protocol (ISAKMP) manages security
associations used in IPSec.
Module 5 – Security concepts

18. Rainbow tables are often used against:

A. Digital signatures
B. Passwords
C. Asymmetric algorithms
D. Brute-force attacks

Answer: B - It is important to note that MDis more susceptible to Birthday attacks (an attack that is
very pertinent to hashing algorithms).
Module 5 – security concepts

19. What does a certificate issued by a trusted third party indicate?

A. It binds a public key to a person or organization.

B. It proves the authenticity of a message.
C. It allows for secure e-commerce transactions.
D. It prevents ciphertext attacks.

Answer: A - Some convincing strategy is necessary to reliably associate a particular person or

entity to the key pair.
Module 6 - encryption

20. Who “signs” the certificate?

A. The registration authority

B. The subscriber to the certificate
C. The certificate authority
D. The recipient of the message

Answer: C – To assure both message and identity authenticity of the certificate, the certification
authority digitally signs it.
Module 6 encryption

21. Software Restriction Policies, if implemented correctly, can help protect against what kinds of
threats?
 A. DNS poisoning
B. Malware
C. Spam
D. Smurf Attacks

Answer: B, - Restricting the ability of users to upload or download programs to their machines
may prevent problems with Malware, licensing violations (piracy), misuse of tools etc.
Module 3 – building security

22. Henry and Paul are debating the purchase of an automated vulnerability assessment software
package. What is the main disadvantage regarding the automated tool compared to manual
assessments?

A. The network manager gets personal commission when purchasing the software package.
B. False Positives may require further investigation that the administrator is not qualified to
perform.
C. An automated tools is never as accurate as a manual process
D. Implementation of the automated process may cause system failures

Answer: B Automated tools can perform a large amount of testing within a reasonable timeframe,
however they may also log a lot of false positives that requirement time and skill to assess.
Module 5 Security concepts

23. Which of the following is the most effective way to reduce the threat of social engineering?
Choose the best answer.

A. Require employees to sign a computer usage policy

B. Prevent employees from going to happy hour
C. Require employees to communicate only face-to-face
D. Extensive user education on the nature of social engineering

Answer: D - training is the best tool.

Module four – roles and responsibility

24. If an attacker gets Administrative-level access, why can’t the entries in the Event log be trusted
with certainty?

A. Entries in the event log are not digitally signed and their source cannot be validated.
B. Logs are not usually configured to record administrator level events.
C. Tools like Winzapper allow the attacker to selectively delete log entries associated with the
initial break-in and subsequent malicious activity
D. Event logs have NTFS permissions of Everyone Full Control and thus can be easily edited
Answer: C –if an attacker has access to the logs, they may alter the information in the logs.
Module 7 - Evaluating

25. A malicious hacker has been trying to penetrate company XYZ from an external network
location. He has tried every trick in his bag but still did not succeed. From the choice presented
below, what type of logical attempt is the most likely to attempt next?

A. Elevation of privileges
B. Pilfering of data
C. Denial of service
D. Installation of a back door

Answer: C – all of the others would require the attacker to have successfully penetrated the target
system.
Module 5 – security controls

26. This technique consists of using social skills to trick someone into revealing information they
should not usually release to unauthorized users. What do we call this technique or type of attack?

A. Shoulder Surfing
B. Eavesdropping
C. Social Engineering
D. Social Coining

Answer: C
Module 4 – roles and responsibility

27. Jack, a system administrator at company XYZ, has discovered some new files that were added to
one of his servers. One of the files contained programming code; after thorough examination of the
code it was discovered that it was purposely built to take advantage of a known weakness on the
system. What would you call this piece of code?

A. Vulnerability
B. Exploit
C. Buffer Overflow
D. String Format Bug

Answer: B – the exploit takes advantage of a vulnerability.

Module 5 security concepts
28. When a piece of malware executes on a computer, what privilege level or account will it execute
under? Choose the best answer.

A. System
B. Administrator
C. Same privilege as the user who installed it
D. Always runs as System or above

Answer: C – this is why users should not have admin level access.
Module 5 – Security concepts

29. Traditional firewalls have serious limitations where the data payload is not being inspected.
These firewalls usually tend to work within the lower layer of the OSI model. What layer does a
traditional firewall monitor?

A. Layers 1 and 2
B. Layers 3 and 4
C. Layers 5 and 6
D. Layer 7

Answer: B – deep packet inspection and next gen firewalls can look at layer 7.
Module 5 – security concepts

30. This document is a high level document that describes management intentions towards
security. What is the name of the document?

A. Procedures
B. Guidelines
C. Policies
D. Baselines

Answer: C Policies describe intent – procedures outline steps and baselines set configuration
requirements.
Module 3 Building security

31. Ethics is one of the subjects that often leads to heated discussions amongst penetration testers.
It is often lacking in multiple areas of information security. Which of the following statements
would best represent what ethics is?

A. The study of law and regulation that defines values and determines what is legal and illegal.
 B. The study of fundamental principles that defines values and determines moral duty and
obligation.
C. The study of fundamental testing techniques to see if they adhere to privacy codes being
enforced by regulations.
D. The study of fundamentals principles that determine moral duty and sentencing guidelines
when computer crime is committed.

Answer: B - Ethics is about beliefs and are not the same as law in many cases.
Module 4 – roles and responsibilities

32. Danielle, an employee of Corporation XYZ, has notice that Bob, one of her co–workers, has been
abusing company assets and resources for his own personal gain. According to good ethics values,
what should Danielle do in this case?

A. Immediately install a network sniffer and keystroke recorder to monitor Bob’s activities.
B. Retaliate by abusing Bob’s resources; he does it to the company, hence why not do it against
Bob himself?
C. Report Bob to upper management where a decision about a course of action can be made
along with the HR and Legal department.
D. Danielle should not get involved; this is none of her business. She should simply continue
her work day and wait until he gets caught.

Answer: C – Danielle should pass this information to management for further investigation.
Module – 4 roles and responsibilities

33. What technologies could a company deploy to protect all data passing from an employee’s
home computer to the corporate intranet?

A. IPSec
B. WEP
C. IKE
D. MD5

Answer: A – the others would not protect data travelling over the internet.
Module 5 – security concepts

34. The first layer of control that can avert a SQL injection attack on a database accessed through a
web application is:

A. The database management system.

B. Input validation.
C. Network based intrusion detection system (IDS).
D. Block all database administrator (DBA) access to production data .
Answer: B – preventing improper input is the first layer of defense for a web application.
Module 5 security concepts

36. Which of the following is the best method to counteract offline password cracking? Choose the
best answer.

A. Setting a password policy with a maximum age of days

B. Setting a password policy with a minimum age of days
C. Setting a password policy with a minimum length of characters
D. Use of one time passwords

Answer: D – a one time password system never stores the passwords thereby preventing an off-
line attack.
Module 5 – Security concepts

38. Which of the following would best represent the definition of a Penetration Test?

A. Testing of the effectiveness of applied security controls by breaking in and bypassing them.
B. Testing of the policies in place to see how compliant a company is with its own control
definition.
C. Testing the effectiveness of applied security controls by evaluating vulnerabilities and
reporting them to the client.
D. Testing the effectiveness of access control mechanisms by constant and deep inspection of
all log files. This is also called Deep Packet Inspection.

Answer: A - This is a pen test.

Module 7 - Evaluating

39. One key skill a Penetration Tester must possess is documentation. There are different
documents that will be produced in the course of doing a penetration test; out of the documents
listed below which one would be the most important document that a Penetration Tester must have
in order to be performing a test?

A. Network Diagram
B. Host and services list
C. Written Authorization
D. Security Policies

Answer: C – do NOT test without written authorization

Module 7 Evaluating
40. You have been hired by company WXY to perform a Penetration Test; in this first phase of your
test you have been challenged to remain totally stealthy. Which of the following reconnaissance
types would best be used in such a scenario?

A. Active
B. Passive
C. Intrusive
D. Allusive

Answer: B A passive attack is stealthy.

Moduel 7 evaluating

41. Vulnerabilities Scanners have large databases of known vulnerabilities and exposures that exist
within a very large number of operating systems and applications. Most scanners are prone to false
positive and in some cases false negative. The results presented by the scanners must be manually
validated. What is one of the biggest disadvantages of automated security scanners when
remaining stealthy is an issue?

A. A very large amount of traffic will be sent against the target

B. They can only test UDP based vulnerabilities
C. The database is not regularly updated in most cases
D. The scanner might require a large amount of memory, disk space, and processing power

Answer: A – a lot of unnecessary data in the question – but answer the question provided!
Module 7 - evaluating

42. This document, which is a part of good practices within an organization, describes step by step
how to accomplish a specific task. What is the name of this document?

A. Procedures
B. Guidelines
C. Policies
D. Recommendations

Answer: A a Procedures outlines the step by step actions to be taken

Module 3 – Building security

43. Which of the following would best match the following description: A program that looks
useful at first sight but attempts to break your security policy by installing unwanted software or
remote access software without your knowledge?
 A. Rootkit
B. Worm
C. Trojan
D. Virus

Answer: C
Module 5 Security concepts

44. A Denial of Service (DoS) attack can have severe effect on a company network or systems.
What is the main purpose of a DoS attack? Choose the best response.

A. To compromise a remote system

B. To disallow access to legitimate users
C. To prevent illegitimate users from getting on the network
D. To create a lot of log entries

Answer: B
Module 5 Concepts

45. Today’s security infrastructures are composed of firewall, intrusion detection systems, content
screening, certificates, tokens, and a lot more. However, there is still one aspect that is considered
to be the weak link in all infrastructures. Which of the following would represent this weak link?

A. Bad hardware
B. Bad software
C. Personnel
D. Process

Answer: C
Module 4 – roles and responsibilities

46. How would you call a malware that is set to trigger at a specific date, or sometime in the future?

A. Sleeper Cell
B. Trojan
C. Logic Bomb
D. Cloaking

Answer: C
Module 5 – security concepts

47. Once your server has been compromised with a Rootkit, what would be the best way to go
about restoring it?
 A. Erase and reinstall the OS from a trusted media.
B. Boot into Safe mode and run Anti-virus software to delete the Rootkit.
C. Use tool Ice Sword to fix problem.
D. Install Norton All-in-one security suite.

Answer: A
Module 9 Incident

48. A device or program that monitors the data traveling between computers on a network is
known as what?

A. password cracker
B. website sniffer
C. packet sniffer
D. hybrid sniffer

Answer: C
Module 5 - concepts

49. Critical data is:

A. Subject to classification by regulatory bodies or legislation

B. Data of high integrity
C. Always protected at the highest level
D. Instrumental for business operations

Answer d: Critical information is that which must be available to authorized users for the
organization to remain in business. Sensitive information is that which must be protected by
classification procedures to prevent it being seen by unauthorized persons.
Module 3 Building

50. All of the following are examples of a preventive control EXCEPT:

A. Intrusion detection system

B. Human resources policies
C. Anti-virus software
D. Fences

Answer: A - Included in preventive controls are physical, administrative, and technical measures
intended to preclude actions violating policy or increasing risk to system resources.
Module 2 Risk
51. Recovery controls attempt to:

A. Establish countermeasures to prevent further incidents

B. Return to normal operations
C. Compensate for vulnerabilities in other controls
D. Ensure that audit logs are reviewed regularly

Answer: B - Recovery controls are necessary to restore the system or operation to a normal
operating state. Establishing counter measures to prevent further incidents is more of a corrective
control rather than a recovery control.
Module 2 - risk

52. Privileged access permissions should:

A. Never be granted
B. Be subject to recertification
C. Only be granted on an emergency basis
D. Be provided to all trusted personnel

Answer: B - Privileged users must be subject to periodic recertification to maintain the broad level
of privileges that have been assigned to them.
Module 3 - Building

53. Change management must include all of the following EXCEPT:

A. Be reviewed by security
B. Be a formal process
C. Be ready to handle unexpected events
D. Be subject to user acceptance

Answer: D – changes require management acceptance – not users.

Module 3 Building

54. Separation of duties controls can be defeated through:

A. Mutual exclusivity
B. Collusion
C. Dual control
D. Accreditation

Answer: B - With an effective separation of responsibilities, fraudulent use of a system can only be
accomplished by collusion between all of those participating in its operation.
Module 4 Roles and responsibilities
55. The best technique for preventing and detecting abuse by a user with privileged access is:

A. Good policy
B. Review by management
C. Strong authentication
D. Audit logs

Answer: B – the others will only prevent or detect – not both like mgmt. review
Module 3 Building

56. Fault tolerance can be defined as:

A. The ability to detect and attempt recovery from failure

B. A robust system that resists failure
C. A system that is backed up to prevent data loss
D. Preparing alternate processing in case of loss of primary system

Answer: A - A fault-tolerance system must identify that a failure has occurred and then take
corrective action to ensure the continuity of operations is maintained with the least possible delay.
Module 9 Incident

58. When contracting a vendor for software or hardware provisioning, care must be taken to:

A. Ensure all changes are kept up-to-date.

B. Ensure all changes go through a change management process.
C. Ensure that in-house technical staff learns the system.
D. Ensure that all activity on the system is monitored.

Answer: B - Non-employee (vendor) personnel performing maintenance should be supervised by a

knowledgeable employee or other trusted person who can understand the implications of actions
being taken.
Module 7 evaluating

59. System documentation must contain all of the following EXCEPT:

A. A description of the system functionality

B. A record of all changes to a system
C. The identity of the person or position responsible for the system
D. The cost benefit analysis for the system
Answer: D
Module 1 security management

60. When an employee transfers within an organization:

A. They must undergo a new security review.

B. All old system IDs must be disabled.
C. All access permissions should be reviewed.
D. The employee must turn in all remote access devices.

Answer: C - Employee transfers or terminations must be addressed in organization policy.

Undergoing a new security review is not correct if the employee is not going to a job of greater
responsibility; disabling old system IDs is not correct — they may still need several of their old
emails, voice-mail accesses, etc.; and turning in all remote access devices is not correct because they
may still need these devices.
Module 4 roles and resp

62. Which control is NOT an administrative or management control?

A. Personnel screening
B. Contingency planning
C. Separation of duties
D. Rotation of duties

Answer: B - Contingency planning is an operational control.

Module 3 building

63. Which of the following combination of duties into one job would violate the principle of
separation of duties?

A. Managing security and systems programmer

B. Use of security systems software and auditing
C. Testing applications software and software unit testing
D. System configuration and system troubleshooting

Answer: A - Configuring security is an administrative task. If a programmer configures security he

might set it to be lax and then write programs that will more easily compromise the system.
Module 3 Building

64. Vulnerabilities in one’s own network can be discovered by which of the following?

A. Encryption
B. A pen test
 C. Data remanence
D. Degaussing

Answer: B – or a vulnerability assessment

Module 7 Evaluating

65. A technique used in risk analysis is which of the following?

A. Footprinting
B. Enumerating the network
C. ALE
D. OPSEC

Answer: C - Annual Loss Expectancy.

Module 2 - Risk

66. A risk associated with administrative management is which of the following?

A. Bypassing controls
B. Enforcing separation of duties
C. Failure to implement firewalls correctly
D. Inadequate network bandwidth

Answer: A - If administrators flaunt controls, they set examples for their staff. They also are a
greater risk because they might have elevated privileges or access to confidential data.
Module 2 Risk