The GIAC Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the GSLC certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. These study guide for the GIAC Security Leadership will help guide you through the study process for your certification.

GSLC GIAC Security Leadership Exam Summary

● Exam Name: GIAC Security Leadership (GSLC)

● Exam Code: GSLC

● Exam Price: $1699 (USD)

● Duration: 180 mins

● Number of Questions: 115

● Passing Score: 68%

● Schedule Exam: Pearson VUE

● Sample Questions: GIAC GSLC Sample Questions

● Recommended Practice:GIAC GSLC Certification Practice Exam

Exam Syllabus: GSLC GIAC Security Leadership

1. Change Management and Incident Handling for Managers:

The candidate will understand the risks of incidents and unplanned changes, identify requirements for effective change management and incident response programs, and demonstrate an understanding of the basic legal issues in incident and evidence handling.

2. Common Attacks and Malware:

The candidate will be able to identify common network attack methods, types of malicious code, and strategies used to mitigate those threats.

3. Managing Access Control:

The candidate will demonstrate an understanding of the fundamental theory of access control, secure authentication and authorization, and threats to account credentials and system access.

4. Managing Defense in Depth and Security Policy:

The candidate will demonstrate an understanding of the terminology and concepts of Defense-in-Depth, assessing security posture, and using security policy to meet the security needs of the organization.

5. Managing Disaster Recovery and Contingency Planning:

The candidate will demonstrate familiarity with the theory and techniques of cyber warfare. The candidate will be able to lead Business Continuity and Disaster Recovery teams, and understand the risk posed by natural disasters, large scale disruptions, and cyber warfare.

6. Managing Employees and Total Cost of Ownership:

The candidate will demonstrate an understanding of effective communication and negotiation tactics, managing employee priorities, use TCO analysis for proposed solutions and projects, and applying due diligence to reduce legal liability and the risk of fraud.

7. Managing Operational Security:

The candidate will demonstrate an understanding of operational security (OPSEC) principles, as well as offensive and defensive OPSEC techniques.

8. Managing Physical Security and Facility Safety:

The candidate will demonstrate the ability to advocate for and integrate security requirements into facility, safety and procurement processes, including physical access and dealing with vendors.

9. Managing Privacy and Web Security:

The candidate will demonstrate an understanding of the privacy concerns of individuals, strategies for maintaining data privacy on private and public networks, and understand the risks posed to data by steganography, web applications, and Internet communications.

10.Managing Risk and Ethics:

The candidate will demonstrate the ability to evaluate and manage risk and will be familiar with ethical issues pertaining to IT/Information Security.

11. Managing Security Awareness and Protecting Intellectual Property:

The candidate will be able to identify and protect intellectual property and intangible assets, including an understanding of secure software development processes, honeypots and honeytokens, and managing an organizational security awareness program.

12. Managing the Network Infrastructure:

The candidate will demonstrate an understanding of common LAN and WAN technologies, including network infrastructure, virtualization, MAC and IP addressing, VoIP, DNS, and common threats to network services.

13. Managing the Quality and Growth of the Security Organization:

The candidate will demonstrate an understanding of hiring and managing a global security team and achieving sustainable growth, including the principles of cultural awareness, quality, and continuous process improvement.

14. Managing the Use of Cryptography:

The candidate will demonstrate an understanding of symmetric, asymmetric and hashing algorithms, PKI and key management, and understand the common uses of cryptography in securing network data and communications.

15. Managing Vulnerabilities:

The candidate will demonstrate an understanding of common approaches, methods, and tools used to gather information externally and internally, and how to effectively prioritize and remediate vulnerable systems and devices.

16. Managing Wireless Security:

The candidate will demonstrate an understanding of wireless networking technologies and risks, including security considerations for 802.11 and Bluetooth devices.

17. Network and Endpoint Security Technologies:

The candidate will demonstrate an understanding of security technologies and devices used to prevent and detect network and endpoint threats, including filtering, IPS/IDS, virtualization, logging, and correlation.

18. Network Protocols for Managers:

The candidate will demonstrate an understanding of the terminology and concepts of network protocols and how to assess competent network engineers.

19. Project Management and Business Situational Awareness:

The candidate will demonstrate familiarity with the terminology, concepts and phases of project management as well as identifying and modeling effective business situational awareness.

20. Selling and Managing the Mission:

The candidate will demonstrate an understanding of how to use mission statements and security frameworks to align security with the business, and how to effectively promote security within an organization.

GIAC GSLC Certification Sample Questions and Answers

To make you familiar with GIAC Security Leadership (GSLC) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for GSLC Certification to test your understanding of GIAC GSLC process with real GIAC certification exam environment.

GSLC GIAC Security Leadership Sample Questions:-

01. Which of the following options is an approach to restricting system access to authorized users?

a) MIC

b) MAC

c) RBAC

d) DAC

02. Your Web server crashes at exactly the point where it reaches 1 million total visits. You discover the cause of the server crash is malicious code. Which description best fits this code?

a) Worm

b) Logic Bomb

c) Polymorphic Virus

d) Virus

03. The Project Procurement Management knowledge area focuses on which of the following processes?

a) Contract Administration

b) Team Development

c) Staff Acquisition

d) Contract Closure

04. What does a firewall check to prevent certain ports and applications from getting the packets into an Enterprise?

a) The network layer headers and the session layer port numbers

b) The presentation layer headers and the session layer port numbers

c) The transport layer port numbers and the application layer headers

d) The application layer port numbers and the transport layer headers

05. Which of the following tools works both as an encryption-cracking tool and as a keylogger?

a) Magic Lantern

b) KeyGhost Keylogger

c) Alchemy Remote Executor

d) SocketShield

06. In which of the following attacks does an attacker create the IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing system?

a) Polymorphic shellcode attack

b) IP address spoofing

c) Cross-site request forgery

d) Rainbow attack

07. Which of the following statements are true about MS-CHAPv2?

a) It can be replaced with EAP-TLS as the authentication mechanism for PPTP.

b) It provides an authenticator-controlled password change mechanism.

c) It is subject to offline dictionary attacks.

d) It is a connectionless protocol.

08. An intruder is trying to get user passwords by pretending to be help desk staff. Which of the following types of security attacks do you think it is?

a) Hacking

b) Man-in-the-middle

c) Spoofing

d) Social Engineering

09. You are the program manager for your organization. Management has asked that you determine when resources, such as leased equipment, are no longer needed so that you may release the resources to save time, money, and utilization of resources within your program. What program management process is management asking you to perform?

a) Contract administration

b) Resource management

c) Procurement management

d) Resource control

10. Which of the following federal laws are related to hacking activities?

a) 18 U.S.C. 2510

b) 18 U.S.C. 1029

c) 18 U.S.C. 1028

d) 18 U.S.C. 1030

Answers:-

Answer 1 :- c

Answer 2 :- b

Answer 3 :- a, d

Answer 4 :- c

Answer 5 :- a

Answer 6 :- b

Answer 7 :- a, b, c

Answer 8 :- d

Answer 9 :- d

Answer 10:- a, b, d