SANS GISCP and GIAC FINAL EXAM
QUESTIONS WITH CORRECT
SOLUTIONS||100% GUARANTEED
PASS|| UPDATED 2026/2027
SYLLABUS||ALREADY A+
GRADED||<<RECENT VERSION>>
INF Security Templates - ANSWER ✓ Reusable security settings that can be
applied using the command Secedit /configure /db secedit.sdb /cfg
Linux Logs with SYSLOG - ANSWER ✓ Record major events that take place
often found in /var/log/messages
syslog - ANSWER ✓ Linux logger records major events that take place often
found in /var/log/messages
syslogd - ANSWER ✓ Linux daemon responsible for accepting incoming log
entries and dealing with them based on a set of rules found in /etc/syslog.conf
syslog.conf - ANSWER ✓ Configuration file used by Linux system logger
daemon. Selectors (Facility,Log Level) on left and Actions on right.
Facilities - ANSWER ✓ Specifies how the messages are produced in a Linux
syslog file.
Levels - ANSWER ✓ Syslog selector based on the priorities: Emerg or Panic,
Alert, Crit, Err, Warning, Notice, Info, Debug, None, * - ALL
Actions - ANSWER ✓ Syslog message output handling. Used to specify a file,
printer, terminal, First In First Out file or remote host.
, Centralized Logging - ANSWER ✓ Provides protection against the destruction
and modification of log files. Easy to search and scan log files from a single
location.
Log Aggregators - ANSWER ✓ Splunk, Kiwi, Snare, WinSyslog, ArcSight,
LogRythm
winrn.vbs - ANSWER ✓ VB Script used to manage Windows Event Collector
settings from the command line.
wecutil.exe - ANSWER ✓ Command line tool to manage the Windows Event
Collector Utility.
Microsoft System Center Operations Manager (MOM) - ANSWER ✓ Microsoft
product that watches over your servers by continuously extracting and storing their
event logs and looking for patterns in the data.
Security Template - ANSWER ✓ Windows INF file that can contain: Password
Policy, Lockout Policy, Kerberos Policy, Audit Policy, User Rights, Event Log
Settings, NTFS, Services, Registry
Security Templates - ANSWER ✓ Windows editor for Microsoft Management
Console (MMC) for modifying reusable security INF files.
SCA Snap-in - ANSWER ✓ MMC Snap-in for configuration and analysis of
security. Applying an auditing a local computers templates (does not work over
network, as that is what Group Policy is for)
Application White Listing - ANSWER ✓ Process where cryptographically signed
binaries are verified before execution and applications are checked against lists of
applications that can and cannot run. Does not prevent shell code from being
inserted into running process.
Application Sandboxing - ANSWER ✓ Restricts a running process to certain
operating system operations.
Application Sandboxing - ANSWER ✓ SELinux, AppArmor, GRSecurity are
examples of this type of application for Linux
, Tripwire - ANSWER ✓ This software product is an example of intrusion
detection through integrity checking, Creates secure database of file and directory
attributes.
Integrity Checkers - ANSWER ✓ Tools like TripWire that are used to detect
intrusions through file and folder modifications.
IP Tables - ANSWER ✓ Built in Linux stateful firewall with NAT capability
chroot - ANSWER ✓ Unix application feature that only allows the program to
access resources within its executing folder.
chkrootkit - ANSWER ✓ Unix malware detection tool that looks for
rootkits,sniffers, deleted logs, Trojans, kernel modules
CIS Hardening Guide - ANSWER ✓ Group of worlds Security experts got
together to create a guide for securing Windows, Linux, IOS, VMware etc. and
published it for free.
Bastille - ANSWER ✓ Reports on how secure your installation is and provides
the step by step process for hardening it.
Multi Level Security (MLS) - ANSWER ✓ Multi Level Security - Sensitivity
Level Number
Multi-Category Security (MCS) - ANSWER ✓ Multi-Category Security -
Category Number 0 - 1024 in Fedora
MLS/MCS - ANSWER ✓ These two acronyms are used in Fedora for controling:
Sensitivity Level : Category ex: s0:c0.c10
Mandatory Access Model - ANSWER ✓ MLS Enforces the Mandatory Access
Model used in Labeled Security Protection Profile (LSPP) env. constrains the
ability of a subject or initiator to access or generally perform some sort of
operation on an object or target
, Mandatory Access Control (MAC) - ANSWER ✓ Access model based on
security clearance of subject and classification attributes of object. Type of access
control by which the operating system constrains the ability of a subject or initiator
to access or generally perform some sort of operation on an object or target.
Subjects and objects each have a set of security attributes. Whenever a subject
attempts to access an object, an authorization rule enforced by the operating system
kernel examines these security attributes and decides whether the access can take
place. Any operation by any subject on any object will be tested against the set of
authorization rules (aka policy) to determine if the operation is allowed. A database
management system, in its access control mechanism, can also apply mandatory
access control; in this case, the objects are tables, views, procedures, etc.
With mandatory access control - ANSWER ✓ this security policy is centrally
controlled by a security policy administrator; users do not have the ability to
override the policy and, for example, grant access to files that would otherwise be
restricted.
Discretionary Access Control (DAC) - ANSWER ✓ governs the ability of
subjects to access objects, allows users the ability to make policy decisions and/or
assign security attributes. Most commonly used access control model in operating
systems today.
ICS Databases - ANSWER ✓ Historians, wide use of excel, GIS Servers,
Memory databases, Alarm Databases, Security Databases, Project Databases with
SCADA/DCS application
Geographic Information System (GIS) - ANSWER ✓ Database containing Global
Positioning System (GPS) information and maps or charts of assets.
Access Control List (ACL) - ANSWER ✓ A list of Access Control Entries (ACE)
that identifies a trustee and specifies the access rights allowed, denied, or audited
for that trustee. two types: a discretionary access control list (DACL) and a system
access control list (SACL) .
Access Control Entries (ACE) - ANSWER ✓ identifies a trustee and specifies the
access rights allowed, denied, or audited for that trustee. A list of this object type
creates the Access Control List (ACL)
QUESTIONS WITH CORRECT
SOLUTIONS||100% GUARANTEED
PASS|| UPDATED 2026/2027
SYLLABUS||ALREADY A+
GRADED||<<RECENT VERSION>>
INF Security Templates - ANSWER ✓ Reusable security settings that can be
applied using the command Secedit /configure /db secedit.sdb /cfg
Linux Logs with SYSLOG - ANSWER ✓ Record major events that take place
often found in /var/log/messages
syslog - ANSWER ✓ Linux logger records major events that take place often
found in /var/log/messages
syslogd - ANSWER ✓ Linux daemon responsible for accepting incoming log
entries and dealing with them based on a set of rules found in /etc/syslog.conf
syslog.conf - ANSWER ✓ Configuration file used by Linux system logger
daemon. Selectors (Facility,Log Level) on left and Actions on right.
Facilities - ANSWER ✓ Specifies how the messages are produced in a Linux
syslog file.
Levels - ANSWER ✓ Syslog selector based on the priorities: Emerg or Panic,
Alert, Crit, Err, Warning, Notice, Info, Debug, None, * - ALL
Actions - ANSWER ✓ Syslog message output handling. Used to specify a file,
printer, terminal, First In First Out file or remote host.
, Centralized Logging - ANSWER ✓ Provides protection against the destruction
and modification of log files. Easy to search and scan log files from a single
location.
Log Aggregators - ANSWER ✓ Splunk, Kiwi, Snare, WinSyslog, ArcSight,
LogRythm
winrn.vbs - ANSWER ✓ VB Script used to manage Windows Event Collector
settings from the command line.
wecutil.exe - ANSWER ✓ Command line tool to manage the Windows Event
Collector Utility.
Microsoft System Center Operations Manager (MOM) - ANSWER ✓ Microsoft
product that watches over your servers by continuously extracting and storing their
event logs and looking for patterns in the data.
Security Template - ANSWER ✓ Windows INF file that can contain: Password
Policy, Lockout Policy, Kerberos Policy, Audit Policy, User Rights, Event Log
Settings, NTFS, Services, Registry
Security Templates - ANSWER ✓ Windows editor for Microsoft Management
Console (MMC) for modifying reusable security INF files.
SCA Snap-in - ANSWER ✓ MMC Snap-in for configuration and analysis of
security. Applying an auditing a local computers templates (does not work over
network, as that is what Group Policy is for)
Application White Listing - ANSWER ✓ Process where cryptographically signed
binaries are verified before execution and applications are checked against lists of
applications that can and cannot run. Does not prevent shell code from being
inserted into running process.
Application Sandboxing - ANSWER ✓ Restricts a running process to certain
operating system operations.
Application Sandboxing - ANSWER ✓ SELinux, AppArmor, GRSecurity are
examples of this type of application for Linux
, Tripwire - ANSWER ✓ This software product is an example of intrusion
detection through integrity checking, Creates secure database of file and directory
attributes.
Integrity Checkers - ANSWER ✓ Tools like TripWire that are used to detect
intrusions through file and folder modifications.
IP Tables - ANSWER ✓ Built in Linux stateful firewall with NAT capability
chroot - ANSWER ✓ Unix application feature that only allows the program to
access resources within its executing folder.
chkrootkit - ANSWER ✓ Unix malware detection tool that looks for
rootkits,sniffers, deleted logs, Trojans, kernel modules
CIS Hardening Guide - ANSWER ✓ Group of worlds Security experts got
together to create a guide for securing Windows, Linux, IOS, VMware etc. and
published it for free.
Bastille - ANSWER ✓ Reports on how secure your installation is and provides
the step by step process for hardening it.
Multi Level Security (MLS) - ANSWER ✓ Multi Level Security - Sensitivity
Level Number
Multi-Category Security (MCS) - ANSWER ✓ Multi-Category Security -
Category Number 0 - 1024 in Fedora
MLS/MCS - ANSWER ✓ These two acronyms are used in Fedora for controling:
Sensitivity Level : Category ex: s0:c0.c10
Mandatory Access Model - ANSWER ✓ MLS Enforces the Mandatory Access
Model used in Labeled Security Protection Profile (LSPP) env. constrains the
ability of a subject or initiator to access or generally perform some sort of
operation on an object or target
, Mandatory Access Control (MAC) - ANSWER ✓ Access model based on
security clearance of subject and classification attributes of object. Type of access
control by which the operating system constrains the ability of a subject or initiator
to access or generally perform some sort of operation on an object or target.
Subjects and objects each have a set of security attributes. Whenever a subject
attempts to access an object, an authorization rule enforced by the operating system
kernel examines these security attributes and decides whether the access can take
place. Any operation by any subject on any object will be tested against the set of
authorization rules (aka policy) to determine if the operation is allowed. A database
management system, in its access control mechanism, can also apply mandatory
access control; in this case, the objects are tables, views, procedures, etc.
With mandatory access control - ANSWER ✓ this security policy is centrally
controlled by a security policy administrator; users do not have the ability to
override the policy and, for example, grant access to files that would otherwise be
restricted.
Discretionary Access Control (DAC) - ANSWER ✓ governs the ability of
subjects to access objects, allows users the ability to make policy decisions and/or
assign security attributes. Most commonly used access control model in operating
systems today.
ICS Databases - ANSWER ✓ Historians, wide use of excel, GIS Servers,
Memory databases, Alarm Databases, Security Databases, Project Databases with
SCADA/DCS application
Geographic Information System (GIS) - ANSWER ✓ Database containing Global
Positioning System (GPS) information and maps or charts of assets.
Access Control List (ACL) - ANSWER ✓ A list of Access Control Entries (ACE)
that identifies a trustee and specifies the access rights allowed, denied, or audited
for that trustee. two types: a discretionary access control list (DACL) and a system
access control list (SACL) .
Access Control Entries (ACE) - ANSWER ✓ identifies a trustee and specifies the
access rights allowed, denied, or audited for that trustee. A list of this object type
creates the Access Control List (ACL)
