GSEC Practice Exam: Windows Security Domain
Test your GSEC knowledge with 10 practice questions from the Windows Security domain. Includes detailed explanations and answers.
GSEC Practice Questions
Master the Windows Security Domain
Test your knowledge in the Windows Security domain with these 10 practice questions. Each question is designed to help you prepare for the GSEC certification exam with detailed explanations to reinforce your learning.
Question 1
You are a system administrator tasked with securing a Windows Server 2019 environment. Which of the following actions would best protect against unauthorized access to sensitive system files?
Show Answer & Explanation
Correct Answer: A
Explanation: Disabling the Guest account and renaming the Administrator account are effective measures to prevent unauthorized access, as it reduces the risk of brute-force attacks on default accounts. BitLocker encryption (B) protects data at rest but does not directly prevent unauthorized access to system files. Preventing access to the Command Prompt (C) limits user actions but does not directly secure sensitive files. Setting NTFS permissions for the Everyone group (D) weakens security by allowing broad access.
Question 2
A company wants to ensure that all sensitive data on its Windows laptops is protected in case of theft. What is the most effective method to achieve this?
Show Answer & Explanation
Correct Answer: A
Explanation: BitLocker encrypts the entire drive, ensuring that all data is protected and inaccessible without proper authentication, even if the physical device is stolen. Option B is incorrect because file-level encryption may leave some data unprotected. Option C is incorrect because strong passwords, while important, do not protect data if the drive is physically accessed. Option D is incorrect because tracking software does not protect the data itself from unauthorized access.
Question 3
A security administrator needs to ensure that all Windows workstations in the organization are protected from malware. Which of the following strategies would be the most effective in achieving this goal?
Show Answer & Explanation
Correct Answer: D
Explanation: A cloud-based endpoint protection solution offers real-time protection and can be managed centrally, providing a comprehensive approach to malware protection. Option A is incorrect because while antivirus software is important, it may not provide real-time protection and relies on scheduled scans. Option B is incorrect because Windows Defender, while useful, may not be sufficient alone for enterprise-level protection. Option C is incorrect because restricting software installations does not directly protect against malware that may already be present or enter through other vectors.
Question 4
An organization's security team is analyzing Windows Event Logs to investigate a potential security incident. They notice several '4625' event IDs. What does this event ID indicate?
Show Answer & Explanation
Correct Answer: B
Explanation: B is correct because Event ID 4625 indicates a failed logon attempt, which is useful for identifying unauthorized access attempts. A is incorrect because a successful logon is recorded with Event ID 4624. C and D are incorrect because user account creation and deletion are logged with different event IDs, such as 4720 and 4726, respectively.
Question 5
A security administrator is tasked with ensuring that all Windows workstations are protected against known vulnerabilities. Which of the following tools would be most effective for identifying missing security patches?
Show Answer & Explanation
Correct Answer: D
Explanation: D is correct because Microsoft Baseline Security Analyzer (MBSA) is a tool specifically designed to assess missing security updates and vulnerabilities on Windows systems. A is incorrect because Windows Defender is an antivirus program, not a patch management tool. B is incorrect because Event Viewer is used for viewing log files, not for identifying missing patches. C is incorrect because Windows Update installs patches but does not provide a comprehensive report of all missing security updates.
Question 6
A company has implemented a Group Policy to enforce a minimum password length of 12 characters for all users in the domain. During a security audit, it was found that some users still have passwords shorter than 12 characters. What is the most likely reason for this issue?
Show Answer & Explanation
Correct Answer: C
Explanation: Group Policy settings for password length apply only to new passwords, not existing ones, which is why some users may still have shorter passwords. Option A is incorrect because linking issues would prevent any settings from applying. Option B is incorrect because password policies apply even if users haven't logged off. Option D is unrelated to password length enforcement.
Question 7
Your organization uses Windows Active Directory for managing user access. A recent audit revealed that several user accounts have not been used for over a year. What is the most secure way to handle these accounts?
Show Answer & Explanation
Correct Answer: B
Explanation: Disabling the inactive accounts and monitoring for access attempts is the most secure approach as it prevents unauthorized access while allowing for potential reactivation if needed. Deleting the accounts immediately could result in loss of historical data or access issues if the accounts are needed later. Resetting passwords to a default value is insecure and could lead to unauthorized access. Moving accounts to a separate OU does not prevent unauthorized access.
Question 8
You are responsible for securing a Windows network environment. Recently, there have been several unsuccessful login attempts on a critical server. Which Windows feature would you use to automatically block IP addresses that repeatedly attempt to log in unsuccessfully?
Show Answer & Explanation
Correct Answer: B
Explanation: The 'Account Lockout Policy' can be configured to automatically lock accounts after a specific number of failed login attempts, which indirectly helps to block IP addresses through account lockout. Option A, 'Windows Defender Firewall', and Option C, 'Windows Firewall with Advanced Security', are used for managing network traffic but do not automatically block IPs based on login attempts. Option D, 'Security Log Monitoring', involves reviewing logs for suspicious activity but does not provide automated blocking.
Question 9
A Windows server is experiencing repeated failed login attempts from an external IP address. Which of the following actions should be taken first to mitigate this security threat?
Show Answer & Explanation
Correct Answer: A
Explanation: Option A is correct because blocking the IP address at the firewall immediately stops the attack from the external source. Option B is a good long-term strategy but does not address the immediate threat. Option C helps prevent account compromise but does not stop the ongoing attempts. Option D is irrelevant to the specific issue of login attempts.
Question 10
A Windows server in your network is suspected of being compromised. You want to quickly check for any unauthorized user accounts that might have been created. Which Windows command would you use to list all user accounts on the server?
Show Answer & Explanation
Correct Answer: A
Explanation: The 'net user' command is used to list all user accounts on a Windows machine, making it useful for identifying unauthorized accounts. Option B, 'ipconfig /all', displays network configuration details. Option C, 'tasklist', shows running processes. Option D, 'netstat -a', displays active network connections, not user accounts.
Ready to Accelerate Your GSEC Preparation?
Join thousands of professionals who are advancing their careers through expert certification preparation with FlashGenius.
- ✅ Unlimited practice questions across all GSEC domains
- ✅ Full-length exam simulations with real-time scoring
- ✅ AI-powered performance tracking and weak area identification
- ✅ Personalized study plans with adaptive learning
- ✅ Mobile-friendly platform for studying anywhere, anytime
- ✅ Expert explanations and study resources
Already have an account? Sign in here
About GSEC Certification
The GSEC certification validates your expertise in windows security and other critical domains. Our comprehensive practice questions are carefully crafted to mirror the actual exam experience and help you identify knowledge gaps before test day.
More GSEC Practice Exams & Domain Drills
Sharpen your GIAC Security Essentials skills with domain-focused question sets. Practice, review explanations, and track your weak areas.
Hardening, auditing (Event Viewer), Group Policy, PowerShell basics, and common misconfigurations.
Start Windows Practice →Users & groups, file permissions, SSH, sudoers, log review, and PAM/password policy essentials.
Start Linux Practice →Hashing vs. encryption, HMAC, TLS/PGP, key management, and integrity/authentication scenarios.
Start Crypto Practice →Layered controls, monitoring, segmentation, DLP, and practical risk reduction strategies.
Start DiD Practice →RBAC/least privilege, password policy enforcement, MFA, account lockout, and audit basics.
Start Access Control Practice →Want full exam prep? Try FlashGenius Exam Simulation, Domain Practice, and Smart Review to fix weak areas faster.
Prep with FlashGenius →GIAC GSEC Certification: Ultimate 2025 Guide
Master essential cybersecurity skills and validate your knowledge with the GIAC Security Essentials (GSEC) certification. This guide covers exam format, domains, study plan, and preparation tips to help you succeed on your first attempt.
Read the Ultimate Guide