GISF GIAC Information Security Fundamentals Question and Answers

You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?

You are the project manager for a software technology company. You and the project team have identified that the executive staff is not fully committed to the project. Which of the following best describes the risk?

You are the Network Administrator for a bank. You discover that someone has logged in with a user account access, but then used various techniques to obtain access to other user accounts. What is this called?

Which of the following protocols is used to prevent switching loops in networks with redundant switched paths?

What is VeriSign?

Which of the following are the types of Intrusion detection system?

The Intrusion Detection System (IDS) instructs the firewall to reject any request from a particular IP address if the network is repeatedly attacked from this address. What is this action known as?

Which of the following Windows Security Center features is implemented to give a logical layer protection between computers in a networked environment?

You work in a company that accesses the Internet frequently. This makes the company's files susceptible to attacks from unauthorized access. You want to protect your company's network from external attacks. Which of the following options will help you in achieving your aim?

Which of the following technologies is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet?

Fred is the project manager for the TCC Company. His company has an internal policy that states each year they will provide free services to a nonprofit organization. Therefore, the company and its employees are not allowed to charge or receive money or gifts from the nonprofit organization they choose to provide free services. This year, the TCC Company offers to provide project management services to the children's hospital for a marketing campaign to raise money. Due to the TCC Company's project management services, the nonprofit agency exceeded previous years fund raising efforts. To show appreciation the nonprofit organization offered to reimburse the project manager for his travel expenses. Which of the following best describes how the project manager should handle the situation?

Which of the following logs contains events pertaining to security as defined in the Audit policy?

You are the Network Administrator for a software development company. Your company creates various utilities and tools. You have noticed that some of the files your company creates are getting deleted from systems. When one is deleted, it seems to be deleted from all the computers on your network. Where would you first look to try and diagnose this problem?

Which of the following statements about a brute force attack is true?

Tom and Gary are in a debate over which software should be purchased as part of their project. Gary tells Tom that because he's the senior software developer and has been with the company for 12 years, he'll be making the decision on the software. What type of conflict resolution has happened in this instance?

Which of the following is an information gathering technique that is used to identify risks?

In a complex network, Router transfers data packets by observing some form of parameters or metrics provided in the routing table. Which of the following metrics is NOT included in the routing table?

Which of the following refers to a small space having two sets of interlocking doors such that the first set of doors must close before the second set opens?

You work as a Security manager for Orangesect Inc. The enterprise is using the OODA loop strategy to counter the security issues in the enterprise. Some of the IP addresses of the enterprise have been hacked. You match up the present hacking issue and condition with the past hacking experiences to find a solution. Which of the following phases of the OODA loop involves the procedure followed by you?

Which of the following U.S.C. laws is governs the fraudulent activities associated with computers?

Which of the following statements are true about TCP/IP model?

Each correct answer represents a complete solution. Choose all that apply.

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

You work as a Software Developer for uCertify Inc. You have developed a Data Access Logic (DAL) component that will be part of a distributed application. You are conducting integration testing with other components of the distributed application. Which of the following types of testing methods will you need to perform to identify potential security-related issues? Each correct answer represents a part of the solution. Choose two.

At which OSI layer does UDP operate?

Which of the following can be used to protect a computer system from malware, viruses, spyware, and various types of keyloggers? Each correct answer represents a complete solution. Choose all that apply.

Which of the following types of firewalls looks deep into packets and makes granular access control decisions?

Which of the following are used as primary technologies to create a layered defense for giving protection to a network?

Each correct answer represents a complete solution. Choose all that apply.

You work as a Network Administrator for Tech World Inc. The company has a TCP/IP-based router. You have configured a router on your network. You want to accomplish the following goals:

l Configure the router to require a password to move from user EXEC mode to privileged EXEC mode.

l The password must be listed as a hidden entry in the configuration file.

You run the following command: enable password

Which of the goals will this action accomplish?

Jane works as a Consumer Support Technician for McRoberts Inc. The company provides troubleshooting support to users. A user named Peter installs Windows Vista on his computer. He connects his computer on the network. He wants to protect his computer from malicious software and prevent hackers from gaining access to his computer through the network. Which of the following actions will Jane assist Peter to perform to accomplish the task?

Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made?

Web applications play a vital role in deploying different databases with user accessibility on the Internet. Which of the following allows an attacker to get unauthorized access to the database of a Web application by sending (attacking) user-supplied data to an interpreter as part of a command or query?

The ATM of a bank is robbed by breaking the ATM machine. Which of the following physical security devices can now be used for verification and historical analysis of the ATM robbery?

Based on the information given in the case study, which two authentication methods should you use to allow customers to access their photos on the Web site?

(Click the Exhibit button on the toolbar to see the case study.)

Each correct answer represents a part of the solution. Choose two.

You work as the Senior Project manager in Dotcoiss Inc. Your company has started a software project using configuration management and has completed 70% of it. You need to ensure that the network infrastructure devices and networking standards used in this project are installed in accordance with the requirements of its detailed project design documentation. Which of the following procedures will you employ to accomplish the task?

Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?

You have decided to implement an intrusion detection system on your network. You primarily are interested in the IDS being able to recognized known attack techniques. Which type of IDS should you choose?

Which of the following types of attacks cannot be prevented by technical measures only?

Which of the following does an anti-virus program update regularly from its manufacturer's Web site?

The new security policy requires you to encrypt all data transmitted from the laptop computers of sales personnel to the distribution centers. How will you implement the security requirements?

(Click the Exhibit button on the toolbar to see the case study.)

Your company is going to add wireless connectivity to the existing LAN. You have concerns about the security of the wireless access and wish to implement encryption. Which of the following would be the best choice for you to use?

Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?

Which of the following statements is not true about a digital certificate?

Fill in the blank with the appropriate layer name.

The Network layer of the OSI model corresponds to the______ layer of the TCP/IP model.

You work as a Software Developer for Mansoft Inc. You have participated in the customization of a previously developed Configuration Management Application Block (CMAB) that manages an application configuration setting in multiple data stores. Based on requirements, you have extended the CMAB to read and write configuration data to and from an Oracle database. You need to create a unit test strategy. Which of the following steps would you include in a unit test of the CMAB?

Each correct answer represents a part of the solution. Choose all that apply.

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

Under the SMART scheme, the Predictive Failure Analysis Technology is used to determine the failure or crash for which of the following parts of a computer system?