Page |1
GSEC Exam Questions And Answers 100%
Guaranteed Success 2025.
DAC - ans-(discretionary access control) model specifies that every object has an
owner, and the owner has full, explicit control of the object
MAC - ans-Mandatory Access Control model that uses labels to determine access.
NTFS uses DAC instead of MAC and is set by the system
RBAC (Role Based Access Control) - ans-model in which access is based on a user's
job function within the organization and determined by role or group assignment
RSBAC (RBAC) - ans-ruleset based access control (e.g. firewall rules)
List Based Access Control - ans-list of users and their privileges with access to
object
Token-Based Access Control - ans-Token based access control associates a list of
objects and their privileges with each user. (The opposite of list based.) Privileges
are called 'capabilities'
capabilities - ans-token based access privileges
onboarding - ans-account administration; setting up user account and access
management
, Page |2
maintenance (access) - ans-periodic review of user accounts and access | must
perform when user changes roles responsibilities
monitoring (access) - ans-authentications and authorizations must be monitored |
log access transactions, including both successful and failed login attempts
offboarding - ans-prompt revocation of access
SSO - ans-Single sign-on. Authentication method where users can access multiple
resources on a network using a single account. SSO can provide central
authentication against a federated database for different operating systems.
reversible encryption - ans-key required to decrypt
irreversible encryption - ans-one-way function (hash); hash is stored, not plain
text
password cracking - ans-offline password guessing from exfiltrated file or
database of usernames and passwords get plaintext given only encrypted
John the Ripper - ans-Cracks encrypted password files. John's Cracking Modes:
Single Crack Mode (uses variations of account name, GECOS, and more) Wordlist
Mode (Uses Dictionary and Hybrid) Incremental Mode (uses brute force guessing)
External Mode (uses an external program to generate guesses. John Autodetects
passwords in: *standard & double length DES *BSDI exetended DES *FreeBSD
Md5 *OpenBSD Blowfish * LANMAN
, Page |3
John the Ripper - single crack mode - ans-uses variations of account name,
GECOS, and more faster and used first
John the Ripper - incremental mode - ans-powerful, slow; all combinations and
lengths attempted can run indefinitely
John the Ripper - word list mode - ans-uses dictionary and hybrid can perform
substitutions and transformations
John the Ripper - external mode - ans-uses an external program (modules) to
generate guesses for algorithms not natively supported
dictionary attack - ans-fast password attack method that automates
password guessing by comparing encrypted passwords against a predetermined
list of possible password values.
hybrid attack (pwd) - ans-modifies dictionary words in guessing attempts
brute force attack - ans-the password cracker tries every possible combination of
characters will always recover password given time
precomputation attack - ans-rainbow tables calculated
Cain - ans-Powerful multipurpose tool for Windows that can sniff and crack
passwords, perform RDP, VoIP capture and RTP stream replay
, Page |4
salt - ans-random value added to plaintext password before hashing to produce
unique values, eliminate collisions
CSC - ans-Critical Security Controls (20) formerly SANS now maintained by Center
for Internet Security (CIS) generally technical and preferably automated | offense
informs defense automate control must map to attack
policy - ans-directive that defines the 'what'; reduces liability for people; supports
org mission and accomplishment of objectives; mandatory | execs $ users make
jobs easier 3 - 5 pages
procedure - ans-HOW derived from policy and used for operations and therefore
tactical operational mandatory
standards - ans-WHAT specific hardware / software technology to use -
mandatory for the whole organizations and strategic
baseline - ans-more specific implementation of a standard; specific mandatory;
e.g. hardening guide
guideline - ans-An official recommendation or advice that indicates policies,
standards, or procedures for how something should be accomplished.
SMART - ans-Specific, Measurable, Attainable, Realistic, Timely
Program Policy - ans-high level policy sets tone for org security and provides
guidance to enact other types of policies and delineates responsibility
GSEC Exam Questions And Answers 100%
Guaranteed Success 2025.
DAC - ans-(discretionary access control) model specifies that every object has an
owner, and the owner has full, explicit control of the object
MAC - ans-Mandatory Access Control model that uses labels to determine access.
NTFS uses DAC instead of MAC and is set by the system
RBAC (Role Based Access Control) - ans-model in which access is based on a user's
job function within the organization and determined by role or group assignment
RSBAC (RBAC) - ans-ruleset based access control (e.g. firewall rules)
List Based Access Control - ans-list of users and their privileges with access to
object
Token-Based Access Control - ans-Token based access control associates a list of
objects and their privileges with each user. (The opposite of list based.) Privileges
are called 'capabilities'
capabilities - ans-token based access privileges
onboarding - ans-account administration; setting up user account and access
management
, Page |2
maintenance (access) - ans-periodic review of user accounts and access | must
perform when user changes roles responsibilities
monitoring (access) - ans-authentications and authorizations must be monitored |
log access transactions, including both successful and failed login attempts
offboarding - ans-prompt revocation of access
SSO - ans-Single sign-on. Authentication method where users can access multiple
resources on a network using a single account. SSO can provide central
authentication against a federated database for different operating systems.
reversible encryption - ans-key required to decrypt
irreversible encryption - ans-one-way function (hash); hash is stored, not plain
text
password cracking - ans-offline password guessing from exfiltrated file or
database of usernames and passwords get plaintext given only encrypted
John the Ripper - ans-Cracks encrypted password files. John's Cracking Modes:
Single Crack Mode (uses variations of account name, GECOS, and more) Wordlist
Mode (Uses Dictionary and Hybrid) Incremental Mode (uses brute force guessing)
External Mode (uses an external program to generate guesses. John Autodetects
passwords in: *standard & double length DES *BSDI exetended DES *FreeBSD
Md5 *OpenBSD Blowfish * LANMAN
, Page |3
John the Ripper - single crack mode - ans-uses variations of account name,
GECOS, and more faster and used first
John the Ripper - incremental mode - ans-powerful, slow; all combinations and
lengths attempted can run indefinitely
John the Ripper - word list mode - ans-uses dictionary and hybrid can perform
substitutions and transformations
John the Ripper - external mode - ans-uses an external program (modules) to
generate guesses for algorithms not natively supported
dictionary attack - ans-fast password attack method that automates
password guessing by comparing encrypted passwords against a predetermined
list of possible password values.
hybrid attack (pwd) - ans-modifies dictionary words in guessing attempts
brute force attack - ans-the password cracker tries every possible combination of
characters will always recover password given time
precomputation attack - ans-rainbow tables calculated
Cain - ans-Powerful multipurpose tool for Windows that can sniff and crack
passwords, perform RDP, VoIP capture and RTP stream replay
, Page |4
salt - ans-random value added to plaintext password before hashing to produce
unique values, eliminate collisions
CSC - ans-Critical Security Controls (20) formerly SANS now maintained by Center
for Internet Security (CIS) generally technical and preferably automated | offense
informs defense automate control must map to attack
policy - ans-directive that defines the 'what'; reduces liability for people; supports
org mission and accomplishment of objectives; mandatory | execs $ users make
jobs easier 3 - 5 pages
procedure - ans-HOW derived from policy and used for operations and therefore
tactical operational mandatory
standards - ans-WHAT specific hardware / software technology to use -
mandatory for the whole organizations and strategic
baseline - ans-more specific implementation of a standard; specific mandatory;
e.g. hardening guide
guideline - ans-An official recommendation or advice that indicates policies,
standards, or procedures for how something should be accomplished.
SMART - ans-Specific, Measurable, Attainable, Realistic, Timely
Program Policy - ans-high level policy sets tone for org security and provides
guidance to enact other types of policies and delineates responsibility
