New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > GIAC > GIAC Certification > GISF

GISF GIAC Information Security Fundamentals Question and Answers

Question # 4

You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?

A.

Risk Management Plan

B.

Communications Management Plan

C.

Stakeholder management strategy

D.

Resource Management Plan

Full Access
Question # 5

You are the project manager for a software technology company. You and the project team have identified that the executive staff is not fully committed to the project. Which of the following best describes the risk?

A.

Residual risks

B.

Trend analysis

C.

Schedule control

D.

Organizational risks

Full Access
Question # 6

You are the Network Administrator for a bank. You discover that someone has logged in with a user account access, but then used various techniques to obtain access to other user accounts. What is this called?

A.

Vertical Privilege Escalation

B.

Session Hijacking

C.

Account hijacking

D.

Horizontal Privilege Escalation

Full Access
Question # 7

Which of the following protocols is used to prevent switching loops in networks with redundant switched paths?

A.

Cisco Discovery Protocol (CDP)

B.

Spanning Tree Protocol (STP)

C.

File Transfer Protocol (FTP)

D.

VLAN Trunking Protocol (VTP)

Full Access
Question # 8

What is VeriSign?

A.

It is a data warehouse.

B.

It is an e-commerce portal.

C.

It is a search engine.

D.

It is a payment gateway.

Full Access
Question # 9

Which of the following are the types of Intrusion detection system?

A.

Server-based intrusion detection system (SIDS)

B.

Client based intrusion detection system (CIDS)

C.

Host-based intrusion detection system (HIDS)

D.

Network intrusion detection system (NIDS)

Full Access
Question # 10

The Intrusion Detection System (IDS) instructs the firewall to reject any request from a particular IP address if the network is repeatedly attacked from this address. What is this action known as?

A.

Sending deceptive e-mails

B.

Sending notifications

C.

Shunning

D.

Logging

E.

Spoofing

F.

Network Configuration Changes

Full Access
Question # 11

Which of the following Windows Security Center features is implemented to give a logical layer protection between computers in a networked environment?

A.

Firewall

B.

Automatic Updating

C.

Other Security Settings

D.

Malware Protection

Full Access
Question # 12

You work in a company that accesses the Internet frequently. This makes the company's files susceptible to attacks from unauthorized access. You want to protect your company's network from external attacks. Which of the following options will help you in achieving your aim?

A.

FTP

B.

Gopher

C.

Firewall

D.

HTTP

Full Access
Question # 13

Which of the following technologies is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet?

A.

Packet filtering

B.

Firewall

C.

Intrusion detection system (IDS)

D.

Demilitarized zone (DMZ)

Full Access
Question # 14

Fred is the project manager for the TCC Company. His company has an internal policy that states each year they will provide free services to a nonprofit organization. Therefore, the company and its employees are not allowed to charge or receive money or gifts from the nonprofit organization they choose to provide free services. This year, the TCC Company offers to provide project management services to the children's hospital for a marketing campaign to raise money. Due to the TCC Company's project management services, the nonprofit agency exceeded previous years fund raising efforts. To show appreciation the nonprofit organization offered to reimburse the project manager for his travel expenses. Which of the following best describes how the project manager should handle the situation?

A.

Say thank you and let them pay for the travel, it is the least they can do.

B.

Tell the hospital no thank you and explain it is against company policy to accept payment for services provided to their pro bono customers.

C.

Say nothing as to not hurt the feelings of the children's hospital.

D.

Ask if the hospital could pay for some of the supplies too.

Full Access
Question # 15

Which of the following logs contains events pertaining to security as defined in the Audit policy?

A.

DNS server log

B.

Application log

C.

System log

D.

Directory Service log

E.

Security log

F.

File Replication Service log

Full Access
Question # 16

You are the Network Administrator for a software development company. Your company creates various utilities and tools. You have noticed that some of the files your company creates are getting deleted from systems. When one is deleted, it seems to be deleted from all the computers on your network. Where would you first look to try and diagnose this problem?

A.

Antivirus log

B.

System log

C.

IDS log

D.

Firewall log

Full Access
Question # 17

Which of the following statements about a brute force attack is true?

A.

It is a program that allows access to a computer without using security checks.

B.

It is an attack in which someone accesses your e-mail server and sends misleading information to others.

C.

It is a virus that attacks the hard drive of a computer.

D.

It is a type of spoofing attack.

E.

It is an attempt by an attacker to guess passwords until he succeeds.

Full Access
Question # 18

Tom and Gary are in a debate over which software should be purchased as part of their project. Gary tells Tom that because he's the senior software developer and has been with the company for 12 years, he'll be making the decision on the software. What type of conflict resolution has happened in this instance?

A.

Avoiding

B.

Forcing

C.

Compromising

D.

Smoothing

Full Access
Question # 19

Which of the following is an information gathering technique that is used to identify risks?

A.

Diagramming technique

B.

Assumption analysis

C.

Checklist analysis

D.

Delphi technique

Full Access
Question # 20

In a complex network, Router transfers data packets by observing some form of parameters or metrics provided in the routing table. Which of the following metrics is NOT included in the routing table?

A.

Bandwidth

B.

Load

C.

Delay

D.

Frequency

Full Access
Question # 21

Which of the following refers to a small space having two sets of interlocking doors such that the first set of doors must close before the second set opens?

A.

Man-trap

B.

Man-in-the-middle

C.

Demilitarized zone (DMZ)

D.

Firewall

Full Access
Question # 22

You work as a Security manager for Orangesect Inc. The enterprise is using the OODA loop strategy to counter the security issues in the enterprise. Some of the IP addresses of the enterprise have been hacked. You match up the present hacking issue and condition with the past hacking experiences to find a solution. Which of the following phases of the OODA loop involves the procedure followed by you?

A.

The decide phase

B.

The orient phase

C.

The observe phase

D.

The act phase

Full Access
Question # 23

Which of the following U.S.C. laws is governs the fraudulent activities associated with computers?

A.

18 U.S.C. 2251

B.

18 U.S.C. 3771

C.

18 U.S.C. 2257

D.

18 U.S.C. 1030

Full Access
Question # 24

Which of the following statements are true about TCP/IP model?

Each correct answer represents a complete solution. Choose all that apply.

A.

It is consists of various protocols present in each layer.

B.

It describes a set of general design guidelines and implementations of specific networking protocols to enable computers to communicate over a network.

C.

It provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination.

D.

It is generally described as having five abstraction layers.

Full Access
Question # 25

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

A.

Web ripping

B.

Email spoofing

C.

Steganography

D.

Social engineering

Full Access
Question # 26

You work as a Software Developer for uCertify Inc. You have developed a Data Access Logic (DAL) component that will be part of a distributed application. You are conducting integration testing with other components of the distributed application. Which of the following types of testing methods will you need to perform to identify potential security-related issues? Each correct answer represents a part of the solution. Choose two.

A.

Unit testing

B.

Stress testing

C.

Load testing

D.

Black box testing

E.

White box testing

Full Access
Question # 27

At which OSI layer does UDP operate?

A.

Network layer

B.

Data-link layer

C.

Session layer

D.

Transport layer

E.

Presentation layer

Full Access
Question # 28

Which of the following can be used to protect a computer system from malware, viruses, spyware, and various types of keyloggers? Each correct answer represents a complete solution. Choose all that apply.

A.

KFSensor

B.

Sheep dip

C.

Enum

D.

SocketShield

Full Access
Question # 29

Which of the following types of firewalls looks deep into packets and makes granular access control decisions?

A.

Stateful

B.

Application level proxy

C.

Circuit level proxy

D.

Packet filtering

Full Access
Question # 30

Which of the following are used as primary technologies to create a layered defense for giving protection to a network?

Each correct answer represents a complete solution. Choose all that apply.

A.

Vulnerability

B.

Firewall

C.

Endpoint authentication

D.

IDS

Full Access
Question # 31

You work as a Network Administrator for Tech World Inc. The company has a TCP/IP-based router. You have configured a router on your network. You want to accomplish the following goals:

l Configure the router to require a password to move from user EXEC mode to privileged EXEC mode.

l The password must be listed as a hidden entry in the configuration file.

You run the following command: enable password

Which of the goals will this action accomplish?

A.

The password will be listed as a hidden entry in the configuration file

B.

The action will accomplish neither of the goals

C.

The action will accomplish both the goals

D.

The router will require a password to move from user EXEC mode to privileged EXEC mode

Full Access
Question # 32

Jane works as a Consumer Support Technician for McRoberts Inc. The company provides troubleshooting support to users. A user named Peter installs Windows Vista on his computer. He connects his computer on the network. He wants to protect his computer from malicious software and prevent hackers from gaining access to his computer through the network. Which of the following actions will Jane assist Peter to perform to accomplish the task?

A.

Don't stay logged on as an administrator.

B.

Use a firewall.

C.

Keep the computer up-to-date.

D.

Run antivirus software on the computer.

Full Access
Question # 33

Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made?

A.

Preparation phase

B.

Eradication phase

C.

Differential phase

D.

Identification phase

Full Access
Question # 34

Web applications play a vital role in deploying different databases with user accessibility on the Internet. Which of the following allows an attacker to get unauthorized access to the database of a Web application by sending (attacking) user-supplied data to an interpreter as part of a command or query?

A.

Cross Site Scripting

B.

Injection flaw

C.

Cross Site Request Forgery (CSRF)

D.

Malicious File Execution

Full Access
Question # 35

The ATM of a bank is robbed by breaking the ATM machine. Which of the following physical security devices can now be used for verification and historical analysis of the ATM robbery?

A.

Biometric devices

B.

Intrusion detection systems

C.

Key card

D.

CCTV Cameras

Full Access
Question # 36

Based on the information given in the case study, which two authentication methods should you use to allow customers to access their photos on the Web site?

(Click the Exhibit button on the toolbar to see the case study.)

Each correct answer represents a part of the solution. Choose two.

A.

Basic authentication without SSL

B.

Digest authentication with SSL

C.

Integrated Windows authentication

D.

Anonymous access

E.

Basic authentication with SSL

F.

Digest authentication without SSL

Full Access
Question # 37

You work as the Senior Project manager in Dotcoiss Inc. Your company has started a software project using configuration management and has completed 70% of it. You need to ensure that the network infrastructure devices and networking standards used in this project are installed in accordance with the requirements of its detailed project design documentation. Which of the following procedures will you employ to accomplish the task?

A.

Physical configuration audit

B.

Configuration control

C.

Functional configuration audit

D.

Configuration identification

Full Access
Question # 38

Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?

A.

Authentication

B.

Confidentiality

C.

Integrity

D.

Non-repudiation

Full Access
Question # 39

You have decided to implement an intrusion detection system on your network. You primarily are interested in the IDS being able to recognized known attack techniques. Which type of IDS should you choose?

A.

Signature Based

B.

Passive

C.

Active

D.

Anomaly Based

Full Access
Question # 40

Which of the following types of attacks cannot be prevented by technical measures only?

A.

Social engineering

B.

Smurf DoS

C.

Brute force

D.

Ping flood attack

Full Access
Question # 41

Which of the following does an anti-virus program update regularly from its manufacturer's Web site?

A.

Hotfixes

B.

Definition

C.

Service packs

D.

Permissions

Full Access
Question # 42

The new security policy requires you to encrypt all data transmitted from the laptop computers of sales personnel to the distribution centers. How will you implement the security requirements?

(Click the Exhibit button on the toolbar to see the case study.)

A.

Use 40-bit encryption for Routing and Remote Access Service(RRAS) Server. Use PPTP without packet filtering for VPN.

B.

Use 128-bit encryption for Routing and Remote Access Service(RRAS) Server. Use PPTP without packet filtering for VPN.

C.

Use 128-bit encryption for Routing and Remote Access Service(RRAS) Server. Use PPTP with packet filtering for VPN.

D.

Use 40-bit encryption for the Routing and Remote Access Service(RRAS) Server. Use PPTP with packet filtering for VPN.

Full Access
Question # 43

Your company is going to add wireless connectivity to the existing LAN. You have concerns about the security of the wireless access and wish to implement encryption. Which of the following would be the best choice for you to use?

A.

WAP

B.

WEP

C.

DES

D.

PKI

Full Access
Question # 44

Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?

A.

The Configuration Manager

B.

The Supplier Manager

C.

The IT Service Continuity Manager

D.

The Service Catalogue Manager

Full Access
Question # 45

Which of the following statements is not true about a digital certificate?

A.

It is used with both public key encryption and private key encryption.

B.

It is used with private key encryption.

C.

It is neither used with public key encryption nor with private key encryption.

D.

It is used with public key encryption.

Full Access
Question # 46

Fill in the blank with the appropriate layer name.

The Network layer of the OSI model corresponds to the______ layer of the TCP/IP model.

Full Access
Question # 47

You work as a Software Developer for Mansoft Inc. You have participated in the customization of a previously developed Configuration Management Application Block (CMAB) that manages an application configuration setting in multiple data stores. Based on requirements, you have extended the CMAB to read and write configuration data to and from an Oracle database. You need to create a unit test strategy. Which of the following steps would you include in a unit test of the CMAB?

Each correct answer represents a part of the solution. Choose all that apply.

A.

Perform White box testing

B.

Regression test the existing functionality

C.

Execute Use cases of the application

D.

Perform Stress testing

E.

Review the implementation

Full Access
Question # 48

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

A.

Quantitative risk analysis

B.

Risk audits

C.

Qualitative risk analysis

D.

Requested changes

Full Access
Question # 49

Under the SMART scheme, the Predictive Failure Analysis Technology is used to determine the failure or crash for which of the following parts of a computer system?

A.

Operating System

B.

Hard Disc drive

C.

Software

D.

Internet Browser

Full Access