GSEC 2024 STUDY GUIDE EXAM.
What is a benefit of running Windows 10 on an ARM platform versus either an X86 or
X64 platform?
-Access to all the same applications as an X86 or x64 platform
-Longer device battery life
-Can only run applications purchased at the Microsoft store
-Suppor...
GSEC 2024 STUDY GUIDE EXAM.
What is a benefit of running Windows 10 on an ARM platform versus either an X86 or
X64 platform?
-Access to all the same applications as an X86 or x64 platform
-Longer device battery life
-Can only run applications purchased at the Microsoft store
-Supports the ReFS filesystem - CORRECT ANSWER Longer device battery life
Windows on ARM will have longer battery life and will be less expensive. Some editions of Windows
come in both 32-bit (×86) and 64-bit (×64) versions for platforms with Intel or AMD CPUs. However,
Microsoft wants to move away from the older 32-bit (x86) platform and support only 64-bit (×64) going
forward, at least for
traditional laptops and desktop PCs. For the ARM platform, there are special editions of Windows 10
and'later, plus the obsolete Windows RT and Windows Phone products (which were replaced by the
ARM version of Windows 10). Be careful, the Windows for ARM editions do not have the same features
and cannot run all the same applications as Windows for x86/x64. The x86/×64 emulator on Windows
for ARM is very good; but not perfect. X86 applications should be recompiled to ARM64 when an app
relies on a driver that isn't designed for ARM. There is no backward compatibility with Windows RT.
Which layer of the OS model deals with routing between network segments?
-Layer 2
-Layer 3
-Layer 4
,-Layer 6 - CORRECT ANSWER Layer 3
or the Network Layer, deals with logical addressing and finding paths from one IP address to a
destination IP address. Layer 4, or the Transport Layer, handles transmission requirements, such as
ensuring that no packets are lost during transport, dividing data into segments, or specifying an order
for packets. Layer 6, or the Presentation Layer, handles the formatting of data, and Layer 2 (Data Link)
connects physical network components to data
Which of the following is an advantage of a Host Intrusion Detection System (HIDS) versus a Network
Intrusion Detection System (NIDS)?
-Ability to detect malicious traffic before it has been decrypted.
-Ability to decrypt network traffic
-Ability to listen to network traffic at the perimeter
-Ability to detect-malicious traffic after it has been decrypted by the host - CORRECT ANSWER Ability to
detect-malicious traffic after it has been decrypted by the host
Notably, a Host Intrusion Detection System (HIDS) does not suffer from the same restrictions of the
Network Intrusion Detection System (NIDS) when processing
encrypted traffic, since the HIDS can process the traffic after it is unencrypted by the host.
Based on the output of the log file below, what action is the firewall taking?
,-Stateful Packet Filtering is blocking an attempted secure connection between host 172.16.64.143 and
server 162.220.223.28
-Circuit Level Gateway is blocking an attempt by host 172.16.64.143 to connect to server 162.220.223.28
via a proxy server
-Operating System Control is preventing a program from executing on the local host 172.16.64.143
-Application Control is stopping an application from establishing a secure connection to the external
server 162.220.223.28 - CORRECT ANSWER Application Control is stopping an application from
establishing a secure connection to the external server 162.220.223.28
These alerts were generated by an Application Control firewall. The firewall is preventing what it
believes to be an application (Skype, Mule, Ultrasurf) from making an HTTPS connection to external host
162.220.223.28.
Operating System Control stops programs from running on a computer. The log file indicates this is
network traffic. Stateful Packet Filtering blocks packets based on IP address and port number, not on
application or payload. Circuit Level Gateways are a type of firewall which monitor TCP connections to
determine if they are
legitimate. However, they do not monitor the packet payload.
When downloading software from the Internet, what algorithm can be used to verify the integrity of the
download?
-AES
-ECC
-MD5
-RC6 - CORRECT ANSWER MD5
, MD5 accepts arbitrary lengths of input and produces a fixed-length output that is 128 bits; which is
referred to as the key length. The purpose behind hashing a file is
to create numeric representation of a file where the representation is unique every time. A hashing
algorithm's output might be referred to as a hash, digest, or fingerprint. MD5 does not modify the
original file in any manner whatsoever.
Which of the following processes reviews a complete incident and ensures that any gaps are identified
and corrected?
-Triaging
-Patching
-Verification
-Remediation - CORRECT ANSWER Remediation
Closely tied to recovery is remediation. Remediation involves taking in the full story of the attack and
ensuring that all gaps are identified and remediated: The root cause of an incident can have many
contributing factors. The detection may have
been on a system that was reached after a web server was compromised in a DMZ, followed by lateral
movement. A quick fix may be to patch and change passwords on the system where the incident was
detected; however, the breadth of the attack
may involve many systems. A "flat network" could have contributed to the ease in which an attacker was
able.to. move around. This is when the internal design of the
organization is such where there are no protected enclaves and controls preventing inside users from
reaching sensitive systems such as those in a data center. Fixing this contributing factor may require a
complete re-architecture of the network. The
initial foothold may have been gained through an internet-facing system such as a web server, or it
could have been gained through a phishing attack where a user opened a malicious document.
How many ports will be scanned by nmap in the following command?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Nursewendo. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $18.49. You're not tied to anything after your purchase.
