G2700 GIAC Certified ISO-2700 Specialist Practice Test Question and Answers

Which of the following laws or acts enforces the prohibition against cyber stalking?

As an attacker, you are sending very small sized packets with durations of 15 minutes per packet to the IIS Web server. Since an IIS session remains alive for a long time, the IDS may be tricked into accepting them as regular packet transformations. Which of the following types of attacking methods are you using?

Which of the following needs to be documented to preserve evidences for presentation in court?

Sam is the CEO of Gentech Inc. The company is located in New York. He has to start a new project in order to increase the overall revenue of the company. Sam has to develop an ISMS policy. In which of the following phases of the PDCA cycle will Sam accomplish the task?

Which of the following are the steps of the Do stage of the project?

Each correct answer represents a part of the solution. Choose all that apply.

Which of the following is a list of specific actions being taken to deal with specific risks associated with the threats?

You work as a Security Administrator for uCertify Inc. You need to install a honeypot inside network firewalls to monitor and track hackers. What should you install on the system before deploying the honeypot?

Each correct answer represents a complete solution. Choose all that apply.

Sam works as a Project Manager for Blue Well Inc. He is working on a new project. He wants to access high level risks for the project. Which of the following steps should Sam take in order to accomplish the task?

Which of the following indicates that the project team has decided not to change the project management plan to deal with a risk?

You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project, what is

likely to increase?

Which of the following are features of protocol and spectrum analyzers?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following types of cyberstalking damages the reputation of their victim and turns other people against them by setting up their own Websites, blogs, or user pages for this purpose?

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following is an intangible asset?

You work as a Network Security Administrator for uCertify Inc. You feel that someone has accessed your computer and used your e-mail account. To check whether there is any virus installed into your computer, you scan your computer but do not find any illegal software. Which of the following types of security attacks generally runs behind the scenes on your computer?

Which of the following policies is a set of rules applied by the owner/manager of a network, Website or large computer system that restrict the ways in which the network site or system may be used?

Which of the following statements is true about annualized rate of occurrence?

The Information Security Officer (ISO) of Blue Well Inc. wants to have a list of security measures put together. What should be done before security measures are selected by the Information Security Officer?

You work as the Human Resource Manager for uCertify Inc. You need to recruit some candidates for the marketing department of the organization. Which of the following should be defined to the new employees of the organization before they have joined?

Each correct answer represents a complete solution. Choose all that apply.

A project plan includes the Work Breakdown Structure (WBS) and cost estimates. Which of the following are the parts of a project plan?

Each correct answer represents a complete solution. Choose all that apply.

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to assign ownership of some assets of the organization. Which of the following statements correctly describe the responsibilities of an asset owner?

Each correct answer represents a complete solution. Choose all that apply.

Fill in the blank with the appropriate term.

___________is the built-in file encryption tool for Windows file systems. It protects encrypted files from those who have physical possession of the computer where the encrypted files are stored.

Which of the following is also known as the 'Code for Information Security'?

Which of the following are the perspectives considered to ensure the confidentiality, integrity, and availability of an organization's assets, information, data, and IT services?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following states that a user should never be given more privileges than are required to carry out a task?

Sam is the CEO of Gentech Inc. The company is located in New York. He has to start a new project in order to increase the overall revenue of the company. Sam has to develop an ISMS policy. In which of the following phases of the PDCA cycle will Sam accomplish the task?

Which of the following are the things included by sensitive system isolation?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following is the element used in the technology of encrypting and decrypting the text in cryptography?

Which of the following are the two methods that are commonly used for applying mandatory access control?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following are the various types of risk analysis?

Each correct answer represents a complete solution. Choose all that apply.

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to make a document on the usage of information assets. Which of the following controls of the ISO standard deals with the documentation and implementation of rules for the acceptable use of information assets?

Which of the following documents is developed along the risk management processes to monitor and control risks?

Which of the following is used to govern the disclosure of financial and accounting information?

You work as a Security Administrator for uCertify Inc. You have been assigned the task to improve the security of the organization. For accomplishing the task, you need to improve the layers of physical security. Which of the following are the layers of physical security?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following defines the amount of data loss a business can endure?

You work as an Information Security Manager for uCertify Inc. You are working on an asset management plan. Which of the following controls of the ISO 27000 standard deals with asset management?

You work as an Information Security Manager for uCertify Inc. You need to create the documentation on information security management system (ISMS). Which of the following is the governing principle behind ISMS?

Which of the following phases of the PDCA model is the controlling and maintaining phase of the Information Security Management System (ISMS)?

Mark works as a Data Center Manager for TechNet Inc. A few days ago, he published a blog about himself during his working hours. However, as per the organization's policy, any member of the organization cannot use any resources of the organization for his personal use. Since Mark has violated the policy, he should go to an internal committee and be informed of his rights in the matter. Which of the following practices is being implemented?

An Active Attack is a type of steganography attack in which the attacker changes the carrier during the communication process. Which of the following techniques is used for smoothing the transition and controlling contrast on the hard edges, where there is significant color transition?

Which of the following statements MOST closely depicts the difference between qualitative risk analysis and quantitative risk analysis?

Single Loss Expectancy (SLE) represents an organization's loss from a single threat. Which of the following formulas best describes the Single Loss Expectancy (SLE)?

Which of the following are the valid reasons for the occurrence of Drive-by download?

Each correct answer represents a complete solution. Choose all that apply.

You work as an Information Security Manager for uCertify Inc. You need to make the documentation on change management. What are the advantages of change management?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following policies defines the goals and elements of an organization's computer systems?

Which of the following indicates that the project team has decided not to change the project management plan to deal with a risk?

Which of the following can be protected by the RAID implementation?

Mark works as a Network Security Administrator for uCertify Inc. He wants to implement a firewall technique over the network to inspect each packet passing through the network and to accept or reject it, based on user-defined rules. Which of the following types of firewall techniques is implemented by Mark to accomplish the task?

Which of the following is a legal system that gives great precedential weight to common law, on the principle that it is unfair to treat similar facts differently on different occasions?

Which of the following security design principles supports comprehensive and simple design and implementation of protection mechanisms, so that an unintended access path does not exist or can be readily identified and eliminated?

You work as a Network Administrator for uCertify Inc. You are responsible for selecting the access control method that will be used for kiosk system software. Your manager wants to have full access to all information about all categories, but the visitors can access only general information about the organization. Which of the following types of access controls is suitable to accomplish this task?

You work as a Network Administrator for Net Soft Inc. You are designing a data backup plan for your company's network. The backup policy of the company requires high security and easy recovery of data. Which of the following options will you choose to accomplish this?

You work as a Security Administrator for uCertify Inc. You are working on a project related to various security policies. Which of the following information security standards ensures conformance with information security policies, standards, laws, and regulations?

Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?

Service Level Agreement (SLA) provides one service for all customers of that service. Which of the following are the contents included by SLAs?

Each correct answer represents a complete solution. Choose all that apply.

Mark works as a security manager for SoftTech Inc. He is performing a security awareness program. To be successful in performing the awareness program, he should take into account the needs and current levels of training and understanding of the employees and audience. There are five key ways, which Mark should keep in mind while performing this activity:

l Current level of computer usage

l What the audience really wants to learn

l How receptive the audience is to the security program

l How to gain acceptance

l Who might be a possible ally

Which of the following activities is performed in this security awareness process?

You work as a Network Security Administrator for uCertify Inc. You feel that someone has accessed your computer and used your e-mail account. To check whether there is any virus installed into your computer, you scan your computer but do not find any illegal software. Which of the following types of security attacks generally runs behind the scenes on your computer?

Gary is the project manager for his organization. He is working with the project stakeholders on the project requirements and how risks may affect their project. One of the stakeholders is confused about what constitutes risks in the project. Which of the following is the most accurate definition of a project risk?

Which of the following best describes the identification, analysis, and ranking of risks?

Which of the following are the variables on which the structure of Service Level Agreement depends?

Each correct answer represents a complete solution. Choose all that apply.

For which of the following can risk analysis be used?

David works as the Network Administrator for Blue Well Inc. One of his tasks is to develop and maintain risk management plan. Which of the following are the objectives of risk management plan?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following are the negative points of CRAMM?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following honeypots is a low-interaction honeypot and is used by companies or corporations for capturing limited information about malicious hackers?

Which of the following paragraphs of the Turnbull Guidance stated that the board of directors is responsible for the company's system of internal control?