New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium GIAC GISF Dumps Questions Answers

Page: 1 / 12
Total 333 questions

GIAC Information Security Fundamentals Questions and Answers

Question 1

You are the project manager of a new project to install new hardware for your organization's computer network. You have never worked with networking software or hardware before so you enroll in a class to learn more about the technology you'll be managing in your project. This is an example of which one of the following?

Options:

A.

Cost of nonconformance to quality

B.

Enhancing your personal professional competence

C.

Team development

D.

A waste for the project as the project manager does not need to know much about the project's application

Buy Now
Question 2

Which of the following policies define how Identification and Authorization occur and determine access control, audits, and network connectivity?

Options:

A.

Information policies

B.

Usage policies

C.

Security policies

D.

Administrative policies

E.

Disaster Recovery Plans

F.

Design Requirements

Question 3

Your corporate network uses a Proxy Server for Internet access. The Manufacturing group has access permission for WWW protocol in the Web Proxy service, and access permission for POP3 protocol, in the WinSock Proxy service. The Supervisors group has access permission for WWW and FTP Read protocols in the Web Proxy service, and access permission for the SMTP protocol in the WinSock Proxy service. The Quality Control group has access permission only for WWW protocol in the Web Proxy service. The Interns group has no permissions granted in any of the Proxy Server services. Kate is a member of all four groups. In the Proxy Server services, which protocols does Kate have permission to use?

Options:

A.

WWW only

B.

FTP Read and SMTP only

C.

WWW, FTP Read, POP3, and SMTP

D.

WWW and POP3 only

Question 4

The method used to encrypt messages by transposing or scrambling the characters in a certain manner is known as ______.

Options:

A.

Quantum cipher

B.

Transposition cipher

C.

Hybrid systems

D.

Mathematical cipher

E.

Substitution cipher

F.

Steganography

Question 5

Firekiller 2000 is an example of a __________.

Options:

A.

DoS attack Trojan

B.

Data sending Trojan

C.

Remote access Trojan

D.

Security software disabler Trojan

Question 6

John works as a professional Ethical Hacker. He has been assigned a project to test the security of He copies the whole structure of the We-are-secure Web site to the local disk and obtains all the files on the Web site. Which of the following techniques is he using to accomplish his task?

Options:

A.

TCP FTP proxy scanning

B.

Eavesdropping

C.

Fingerprinting

D.

Web ripping

Question 7

You work as a Network Administrator for ABC Inc. The company uses a secure wireless network.

John complains to you that his computer is not working properly. What type of security audit do you need to conduct to resolve the problem?

Options:

A.

Operational audit

B.

Non-operational audit

C.

Independent audit

D.

Dependent audit

Question 8

Joseph works as a Software Developer for WebTech Inc. He wants to protect the algorithms and the techniques of programming that he uses in developing an application. Which of the following laws are used to protect a part of software?

Options:

A.

Trademark laws

B.

Patent laws

C.

Copyright laws

D.

Code Security law

Question 9

You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 Active Directory domain-based network. The network has three Windows Server 2008 member servers and 150 Windows Vista client computers. According to the company's security policy, you want to apply Windows firewall setting to all the computers in the domain to improve security.

Which of the following is the fastest and the most effective way to accomplish the task?

Options:

A.

Apply firewall settings manually.

B.

Apply firewall settings on the domain controller of the domain.

C.

Use group policy to apply firewall settings.

D.

Use a batch file to apply firewall setting.

Question 10

You want to install a server that can be accessed by external users. You also want to ensure that these users cannot access the rest of the network. Where will you place the server?

Options:

A.

Intranet

B.

Local Area Network

C.

Internet

D.

Demilitarized Zone

E.

Extranet

F.

Wide Area Network

Question 11

Which of the following is NOT a phase of the OODA Loop strategy?

Options:

A.

Observe

B.

Define

C.

Orient

D.

Act

Question 12

Donna is the project manager for her organization. She is preparing a plan to manage changes to the project should changes be requested. Her change management plan defines the process for documenting, tracking, and determining if the changes should be approved or declined. What system is considered the parent of the change control system documented in Donna's plan?

Options:

A.

Project Management Information System

B.

Integrated Change Control System

C.

Change Control System

D.

Quality Management System

Question 13

Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one?

Options:

A.

Configuration Status Accounting

B.

Configuration Item Costing

C.

Configuration Identification

D.

Configuration Verification and Auditing

Question 14

Peter is a merchant. He uses symmetric encryption to send confidential messages to different users of his Web site. Which of the following is the other name for asymmetric encryption?

Options:

A.

Session key encryption

B.

Public key encryption

C.

Secret key encryption

D.

Shared key encryption

Question 15

Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT Service Management (ITSM) process. Configuration Management is used for which of the following?

1. To account for all IT assets

2. To provide precise information support to other ITIL disciplines

3. To provide a solid base only for Incident and Problem Management

4. To verify configuration records and correct any exceptions

Options:

A.

2 and 4 only

B.

1, 3, and 4 only

C.

1, 2, and 4 only

D.

2, 3, and 4 only

Question 16

Your computer continues to operate even if its disk drive has failed. This ability is known as _____.

Options:

A.

Recovery

B.

Fault Tolerance

C.

Backups

D.

Disaster Recovery

E.

Hashing

F.

Independent Disks

Question 17

Web applications play a vital role in deploying different databases with user accessibility on the Internet. Which of the following allows an attacker to get unauthorized access to the database of a Web application by sending (attacking) user-supplied data to an interpreter as part of a command or query?

Options:

A.

Cross Site Scripting

B.

Injection flaw

C.

Cross Site Request Forgery (CSRF)

D.

Malicious File Execution

Question 18

You work as a Network Administrator for ABC Inc. The company has a secure wireless network.

However, in the last few days, an attack has been taking place over and over again. This attack is taking advantage of ICMP directed broadcast. To stop this attack, you need to disable ICMP directed broadcasts. Which of the following attacks is taking place?

Options:

A.

Smurf attack

B.

Sniffer attack

C.

Cryptographic attack

D.

FMS attack

Question 19

You are the security manager of Microliss Inc. Your enterprise uses a wireless network infrastructure with access points ranging 150-350 feet. The employees using the network complain that their passwords and important official information have been traced. You discover the following clues:

The information has proved beneficial to another company.

The other company is located about 340 feet away from your office.

The other company is also using wireless network.

The bandwidth of your network has degraded to a great extent.

Which of the following methods of attack has been used?

Options:

A.

A piggybacking attack has been performed.

B.

The information is traced using Bluebugging.

C.

A DOS attack has been performed.

D.

A worm has exported the information.

Question 20

Which of the following statements about digital signature is true?

Options:

A.

Digital signature is required for an e-mail message to get through a firewall.

B.

Digital signature verifies the identity of the person who applies it to a document.

C.

Digital signature decrypts the contents of documents.

D.

Digital signature compresses the message to which it is applied.

Question 21

Which of the following provides a credential that can be used by all Kerberos-enabled servers and applications?

Options:

A.

Remote Authentication Dial In User Service (RADIUS)

B.

Internet service provider (ISP)

C.

Network Access Point (NAP)

D.

Key Distribution Center (KDC)

Question 22

Which of the following is not needed for effective procurement planning?

Options:

A.

Activity resource management

B.

Project schedule

C.

Cost baseline

D.

Quality risk analysis

Question 23

Which of the following is a remote access protocol that supports encryption?

Options:

A.

PPP

B.

SLIP

C.

UDP

D.

SNMP

Question 24

Which of the following statements are true about Dsniff?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It is a virus.

B.

It contains Trojans.

C.

It is antivirus.

D.

It is a collection of various hacking tools.

Question 25

Adam, a novice Web user is getting large amount of unsolicited commercial emails on his email address. He suspects that the emails he is receiving are the Spam. Which of the following steps will he take to stop the Spam?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Forward a copy of the spam to the ISP to make the ISP conscious of the spam.

B.

Send an email to the domain administrator responsible for the initiating IP address.

C.

Report the incident to the FTC (The U.S. Federal Trade Commission) by sending a copy of the spam message.

D.

Close existing email account and open new email account.

Question 26

Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?

Options:

A.

Authentication

B.

Confidentiality

C.

Integrity

D.

Non-repudiation

Question 27

Which of the following cryptographic algorithms uses a single key to encrypt and decrypt data?

Options:

A.

Asymmetric

B.

Symmetric

C.

Numeric

D.

Hashing

Question 28

What does Wireless Transport Layer Security (WTLS) provide for wireless devices?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Data integrity

B.

Authentication

C.

Encryption

D.

Bandwidth

Question 29

Which of the following objects in an Active Directory serve as security principles?

Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

User accounts

B.

Organizational units (OUs)

C.

Computer accounts

D.

Groups

Question 30

Which of the following Web attacks is performed by manipulating codes of programming languages such as SQL, Perl, Java present in the Web pages?

Options:

A.

Cross-Site Request Forgery

B.

Code injection attack

C.

Cross-Site Scripting attack

D.

Command injection attack

Question 31

Which of the following tools are used to determine the hop counts of an IP packet?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Netstat

B.

Ping

C.

TRACERT

D.

IPCONFIG

Question 32

Victor works as a network administrator for DataSecu Inc. He uses a dual firewall Demilitarized Zone (DMZ) to insulate the rest of the network from the portions, which is available to the Internet. Which of the following security threats may occur if DMZ protocol attacks are performed?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Attacker can exploit any protocol used to go into the internal network or intranet of the com pany.

B.

Attacker managing to break the first firewall defense can access the internal network without breaking the second firewall if it is different.

C.

Attacker can gain access to the Web server in a DMZ and exploit the database.

D.

Attacker can perform Zero Day attack by delivering a malicious payload that is not a part of the intrusion detection/prevention systems guarding the network.

Question 33

Which of the following Acts enacted in United States allows the FBI to issue National Security Letters (NSLs) to Internet service providers (ISPs) ordering them to disclose records about their customers?

Options:

A.

Electronic Communications Privacy Act of 1986

B.

Economic Espionage Act of 1996

C.

Computer Fraud and Abuse Act

D.

Wiretap Act

Question 34

You work as a Security manager for Qualoxizz Inc. Your company has number of network switches in the site network infrastructure. Which of the following actions will you perform to ensure the security of the switches in your company?

Options:

A.

Set long session timeouts.

B.

Open up all the unused management ports.

C.

Set similar passwords for each management port.

D.

Ignore usage of the default account settings.

Question 35

John is a merchant. He has set up a LAN in his office. Some important files are deleted as a result of virus attack. John wants to ensure that it does not happen again. What will he use to protect his data from virus?

Options:

A.

Antivirus

B.

Backup

C.

Symmetric encryption

D.

Firewall

Question 36

Which of the following protocols is used to prevent switching loops in networks with redundant switched paths?

Options:

A.

Cisco Discovery Protocol (CDP)

B.

Spanning Tree Protocol (STP)

C.

File Transfer Protocol (FTP)

D.

VLAN Trunking Protocol (VTP)

Question 37

Rick works as a Network Administrator for Fimbry Hardware Inc. Based on the case study, which network routing strategy will he implement for the company? (Click the Exhibit button on the toolbar to see the case study.)

Options:

A.

He will implement OSPF on all the router interfaces.

B.

He will implement RIP v1 on all the router interfaces.

C.

He will implement the IGMP on all the router interface.

D.

He will implement RIP v2 on all the router interfaces.

E.

He will implement static routes for the routers.

Question 38

You have purchased a wireless router for your home network. What will you do first to enhance the security?

Options:

A.

Change the default password and administrator's username on the router

B.

Disable the network interface card on the computer

C.

Configure DMZ on the router

D.

Assign a static IP address to the computers

Question 39

You are responsible for virus protection for a large college campus. You are very concerned that your antivirus solution must be able to capture the latest virus threats. What sort of virus protection should you implement?

Options:

A.

Network Based

B.

Dictionary

C.

Heuristic

D.

Host based

Question 40

Which of the following logs contains events pertaining to security as defined in the Audit policy?

Options:

A.

DNS server log

B.

Application log

C.

System log

D.

Directory Service log

E.

Security log

F.

File Replication Service log

Question 41

Which of the following are the benefits of information classification for an organization?

Options:

A.

It helps identify which information is the most sensitive or vital to an organization.

B.

It ensures that modifications are not made to data by unauthorized personnel or processes

C.

It helps identify which protections apply to which information.

D.

It helps reduce the Total Cost of Ownership (TCO).

Question 42

You are the project manager for TTX project. You have to procure some electronics gadgets for the project. A relative of yours is in the retail business of those gadgets. He approaches you for your favor to get the order. This is the situation of ____.

Options:

A.

Bribery

B.

Irresponsible practice

C.

Illegal practice

D.

Conflict of interest

Question 43

You are the project manager for BlueWell Inc. You are reviewing the risk register for your project. The risk register provides much information to you, the project manager and to the project team during the risk response planning. All of the following are included in the risk register except for which item?

Options:

A.

Trends in qualitative risk analysis results

B.

Symptoms and warning signs of risks

C.

List of potential risk responses

D.

Network diagram analysis of critical path activities

Question 44

Which of the following statements are true about Public-key cryptography? Each correct answer represents a complete solution. Choose two.

Options:

A.

Data encrypted with the secret key can only be decrypted by another secret key.

B.

The secret key can encrypt a message, and anyone with the public key can decrypt it.

C.

Data encrypted by the public key can only be decrypted by the secret key.

D.

The distinguishing technique used in public key-private key cryptography is the use of symmetric key algorithms.

Question 45

Fred is the project manager for the TCC Company. His company has an internal policy that states each year they will provide free services to a nonprofit organization. Therefore, the company and its employees are not allowed to charge or receive money or gifts from the nonprofit organization they choose to provide free services. This year, the TCC Company offers to provide project management services to the children's hospital for a marketing campaign to raise money. Due to the TCC Company's project management services, the nonprofit agency exceeded previous years fund raising efforts. To show appreciation the nonprofit organization offered to reimburse the project manager for his travel expenses. Which of the following best describes how the project manager should handle the situation?

Options:

A.

Say thank you and let them pay for the travel, it is the least they can do.

B.

Tell the hospital no thank you and explain it is against company policy to accept payment for services provided to their pro bono customers.

C.

Say nothing as to not hurt the feelings of the children's hospital.

D.

Ask if the hospital could pay for some of the supplies too.

Question 46

You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries. But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be involved in resolving this process and find a solution? Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Recovery

B.

Contamination

C.

Identification

D.

Eradication

E.

Preparation

Question 47

Which of the following are parts of applying professional knowledge? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Maintaining cordial relationship with project sponsors

B.

Reporting your project management appearance

C.

Staying up-to-date with project management practices

D.

Staying up-to-date with latest industry trends and new technology

Question 48

Which of the following Windows Security Center features is implemented to give a logical layer protection between computers in a networked environment?

Options:

A.

Firewall

B.

Automatic Updating

C.

Other Security Settings

D.

Malware Protection

Question 49

Which of the following types of attack can guess a hashed password?

Options:

A.

Teardrop attack

B.

Evasion attack

C.

Denial of Service attack

D.

Brute force attack

Page: 1 / 12
Total 333 questions