Latest GIAC GSOC Actual Free Exam Questions & Community Discussion, Page 4

Question #43

Which of the following is a common indicator of an endpoint compromise?
Response:

A. A regular backup process running

B. A user receiving a password expiration notification

C. A scheduled software update

D. An unauthorized application being installed without user consent

Discussion 0

Correct Answer: D Vote an answer

Question #44

Which of these strategies should be employed to effectively share analytics insights with stakeholders?
Response:

A. Always present data in raw form for transparency

B. Share insights only with the IT department

C. Use technical jargon to demonstrate thorough analysis

D. Customize the communication style based on the audience

Discussion 0

Correct Answer: D Vote an answer

Question #45

What role does endpoint detection and response (EDR) software play in endpoint defense?
Response:

A. It replaces the need for any antivirus solutions.

B. It only logs events without providing any real-time analysis or response.

C. EDR solutions help in identifying and mitigating threats in real-time.

D. EDR software is solely responsible for data backup processes.

Discussion 0

Correct Answer: C Vote an answer

Question #46

What is a primary goal of network traffic analysis in an enterprise environment?
Response:

A. To prioritize traffic based on management preferences

B. To advertise network services more effectively

C. To provide entertainment to network administrators

D. To identify and mitigate unauthorized data exfiltration

Discussion 0

Correct Answer: D Vote an answer

Question #47

In the context of SSH, what is a common attack method?
(Choose Three)
Response:

A. Man-in-the-middle attacks to intercept data

B. Exploiting vulnerabilities in older SSH versions

C. Brute force attacks to guess passwords

D. Using SMTP to intercept SSH keys

E. ICMP tunneling to hide communications

Discussion 0

Correct Answer: A,B,C Vote an answer

Question #48

Your team has detected a significant increase in traffic to a DNS server, leading to degraded network performance. Upon investigation, you identify the traffic as part of a DNS amplification attack.
Which of the following steps should your team take to mitigate the attack and secure the DNS infrastructure?
(Choose Three)
Response:

A. Block traffic from suspicious IP addresses

B. Enable rate limiting on DNS queries to reduce malicious traffic

C. Implement DNSSEC to improve the integrity of DNS responses

D. Disable DNS logging to improve performance

E. Set up a single open DNS resolver to handle external traffic

Discussion 0

Correct Answer: A,B,C Vote an answer

Question #49

What is a proactive step in endpoint defense to detect vulnerabilities before they are exploited?
Response:

A. Conducting regular penetration testing on endpoints

B. Waiting for a vendor to announce vulnerabilities

C. Relying solely on antivirus software for threat detection

D. Implementing a strict policy against reporting potential security flaws

Discussion 0

Correct Answer: A Vote an answer

Question #50

Which protocol is essential for establishing secure sessions over the internet and is a focus in network traffic analysis?
Response:

A. HTTPS

B. RPC

C. FTP

D. SNMP

Discussion 0

Correct Answer: A Vote an answer

Question #51

When analyzing HTTP(S) traffic, which two elements are crucial to identify potential attacks?
(Choose Two)
Response:

A. The User-Agent header to determine the browser used

B. Unusually long URLs that may indicate a buffer overflow attack

C. Frequent requests to non-existent pages, possibly indicating a scanning attack

D. The Accept-Language header for localization preferences

Discussion 0

Correct Answer: B,C Vote an answer

Question #52

How does understanding the business context help in intrusion analysis?
Response:

A. It helps in allocating a bigger budget to the IT department.

B. It provides insights into which assets are most critical to secure first.

C. It allows for prioritizing incidents based on the attacker's profile.

D. It ensures that all incidents are treated with equal priority.

Discussion 0

Correct Answer: B Vote an answer

Question #53

You are a security analyst for an e-commerce company. Recently, customers have reported seeing strange pop-ups and being redirected to suspicious websites while browsing your company's website, even though HTTPS is enabled. Upon investigation, you discover that an attacker is performing an SSL strip attack, downgrading traffic from HTTPS to HTTP.
Which of the following steps should you take to mitigate this attack and secure user traffic?
(Choose Three)
Response:

A. Disable all SSL/TLS encryption

B. Enable logging of certificate warnings and suspicious traffic

C. Upgrade SSL/TLS certificates and ensure they are valid and up to date

D. Redirect all HTTP traffic to HTTPS automatically

E. Implement HTTP Strict Transport Security (HSTS) to force HTTPS connections

Discussion 0

Correct Answer: C,D,E Vote an answer

Question #54

Which of the following are typical responsibilities of a Blue Team?
(Choose Two)
Response:

A. Developing and implementing security incident response protocols

B. Performing regular security assessments and audits

C. Outsourcing all cybersecurity responsibilities to minimize costs

D. Conducting penetration testing against their own organization without permission

Discussion 0

Correct Answer: A,B Vote an answer

Question #55

Which statement best describes the importance of SSL/TLS in HTTPS?
Response:

A. It provides a mechanism for clients to authenticate themselves to the server.

B. It establishes a secure channel over an insecure network in a client-server communication.

C. It serves as the underlying protocol for data transmission, replacing HTTP entirely.

D. It compresses HTTP content to improve load times securely.

Discussion 0

Correct Answer: B Vote an answer

Question #56

Your SOC team is struggling to keep up with the large volume of alerts generated by your SIEM system. Many alerts are low-priority, and the team is overwhelmed, leading to delayed response times for critical incidents. You have been tasked with improving the efficiency of the SIEM.
Which of the following actions should you take to optimize SIEM performance and reduce alert fatigue?
(Choose Three)
Response:

A. Fine-tune SIEM rules to reduce false positives

B. Escalate all alerts, regardless of severity

C. Correlate logs from multiple sources to identify and prioritize critical threats

D. Disable logging for non-critical systems

E. Implement automation to handle low-severity alerts

Discussion 0

Correct Answer: A,C,E Vote an answer

GIAC GSOC Actual Free Exam Questions & Community Discussion

Download Free GIAC GSOC Demo