Weekend Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. GIAC
  3. GIAC Certification
  4. G2700
  5. G2700 - GIAC Certified ISO-2700 Specialist Practice Test

GIAC G2700 GIAC Certified ISO-2700 Specialist Practice Test Exam Practice Test

Page: 1 / 45
Total 453 questions
Get G2700 Full Access Download G2700 PDF

GIAC Certified ISO-2700 Specialist Practice Test Questions and Answers

Question 1

You work as an Information Security Manager for uCertify Inc. The company has made a contract with a third party software company to make a software program for personal use. You have been assigned the task to share the organization's personal requirements regarding the tool to the third party. Which of the following documents should be first signed by the third party?

Options:

A.

Non disclosure agreement (NDA)

B.

Acknowledgement papers

C.

Copyright papers

D.

Legal disclaimer

Question 2

Which of the following plans provides measures and capabilities for recovering a major application or general support system?

Options:

A.

Disaster recovery plan

B.

Crisis communication plan

C.

Contingency plan

D.

Business continuity plan

Question 3

Which of the following is the designing phase of the ISMS?

Options:

A.

Check

B.

Plan

C.

Act

D.

Do

Question 4

Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?

Options:

A.

Mail bombing

B.

Cross site scripting attack

C.

Social engineering attack

D.

Password guessing attack

Question 5

You work as an Information Security Manager for uCertify Inc. You have been assigned the task to create the documentation on control A.7.2 of the ISO standard. Which of the following is the chief concern of control A.7.2?

Options:

A.

Classification of owners

B.

Usage of information

C.

Identification of inventory

D.

Classification of information

Question 6

Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?

Options:

A.

Data owner

B.

Data custodian

C.

Auditor

D.

User

Question 7

Which of the following are the uses of cryptography as defined in a policy document?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Backup

B.

Control of keys

C.

Applications supporting cryptography

D.

Recovery

Question 8

You work as a Security Administrator for uCertify Inc. You need to make a documentation to provide ongoing education and awareness training of disciplinary actions of your company. What are the primary reasons to create this documentation?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

To ensure that employees understand information security threats

B.

To ensure that employees have the necessary knowledge to mitigate security threats

C.

To ensure that employees are aware of and understand their roles and responsibilities

D.

To ensure that employees have the necessary knowledge about the company's forthcoming Projects

Question 9

John works as an IT Technician for uCertify Inc. One morning, John receives an e-mail from the company's Manager asking him to provide his logon ID and password, but the company policy restricts users from disclosing their logon IDs and passwords. Which type of possible attack is this?

Options:

A.

DoS

B.

Trojan horse

C.

Social engineering

D.

Replay attack

Question 10

Which of the following are the factors that determine the degree to which the Return on Investment overstates the economic value?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Capitalization policy

B.

Growth rate of new investment

C.

Growth rate of old investment

D.

Length of project life

Question 11

You work as the Network Security Administrator for uCertify Inc. You are responsible for protecting your network from unauthorized access from both inside and outside the organization. For outside attacks, you have installed a number of security tools that protect your network. For internal security, employees are using passwords more than 8 characters; however, a few of them having the same designation often exchange their passwords, making it possible for others to access their accounts.

There is already a policy to stop this practice, but still employees are doing so. Now, you want to stop this and ensure that this never happens again. Which of the following will be the best step to stop this practice?

Options:

A.

Create a policy that forces users to create a password combined with special characters.

B.

Create a new policy that forces users to change their passwords once every 15 days.

C.

Create a policy to enter their employee code while logged in to the system.

D.

Create a policy to enter their personal email id while logged in to the system.

Question 12

Which of the following is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients?

Options:

A.

BGP

B.

SMTP

C.

CHAP

D.

DHCP

Question 13

Which of the following tasks are performed by Information Security Management?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It is designed to protect information and any equipment that is used in connection with its storage, transmission, and processing.

B.

It is designed to develop information and any equipment that is used in connection with its storage, transmission, and processing.

C.

It is designed to recognize information and any equipment that is used in connection with its storage, transmission, and processing.

D.

It is designed to control information and any equipment that is used in connection with its storage, transmission, and processing.

Question 14

Single Loss Expectancy (SLE) represents an organization's loss from a single threat. Which of the following formulas best describes the Single Loss Expectancy (SLE)?

Options:

A.

SLE = Asset Value (AV) * Exposure Factor (EF)

B.

SLE = Annualized Loss Expectancy (ALE) * Exposure Factor (EF)

C.

SLE = Annualized Loss Expectancy (ALE) * Annualized Rate of Occurrence (ARO)

D.

SLE = Asset Value (AV) * Annualized Rate of Occurrence (ARO)

Question 15

You work as an Information Security Manager for uCertify Inc. You are working on communication and organization management. You need to create the documentation on change management.

Which of the following are the main objectives of change management?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Minimal disruption of services

B.

Reduction of inventory in accordance with revenue

C.

Economic utilization of resources involved in the change

D.

Reduction in back-out activities

Question 16

Which of the following international information security standards is concerned with anticipating and responding to information security breaches?

Options:

A.

Organization of information security

B.

Information security incident management

C.

Physical and environmental security

D.

Risk assessment and treatment

Question 17

Which of the following are the two methods that are commonly used for applying mandatory access control?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Lattice-based access control

B.

Attribute-based access control

C.

Rule-based access control

D.

Discretionary access control

Question 18

Which of the following individuals calculates the recovery time and cost estimates while performing a business impact analysis (BIA)?

Options:

A.

Business process owner

B.

Business continuity coordinator

C.

Risk Executive

D.

Information security manager

Question 19

Which of the following activities are performed by the 'Do' cycle component of PDCA (plan-docheck- act)?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It manages resources that are required to achieve a goal.

B.

It determines controls and their objectives.

C.

It performs security awareness training.

D.

It detects and responds to incidents properly.

E.

It operates the selected controls.

Question 20

David works as the Manager for Tech Mart Inc. An incident had occurred ten months ago due to which the company suffered too much losses. David has been assigned the task to submit a report on the losses incurred by the company in a year. Which of the following should David calculate in order to

submit the report containing annualized loss expectancy?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Asset Value

B.

Single Loss Expectancy

C.

Annualized Rate of Occurrence

D.

Number of employees in the company

Question 21

Which of the following statements are true about Regulation of Investigatory Powers Act 2000?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It enables certain public bodies to demand ISPs fit equipment to facilitate surveillance.

B.

It enables mass surveillance of communications in transit.

C.

It enables certain private bodies to demand that someone hand over keys to protected information.

D.

It allows certain public bodies to monitor people's Internet activities.

Question 22

Which of the following paragraphs of the Turnbull Report stated that a company's internal control system encompasses the policies, processes, tasks, behaviors, and other aspects of the company?

Options:

A.

Paragraph 20

B.

Paragraph 21

C.

Paragraph 28

D.

Paragraph 22

Question 23

Mark works as a Network Security Administrator for uCertify Inc. He has installed IDS for matching incoming packets against known attacks. Which of the following types of intrusion detection techniques is being used?

Options:

A.

Host-based IDS

B.

Signature-based IDS

C.

Pattern Matching IDS

D.

Network-based IDS

Question 24

Which of the following types of cyberstalking damages the reputation of their victim and turns other people against them by setting up their own Websites, blogs, or user pages for this purpose?

Options:

A.

False accusation

B.

False victimization

C.

Encouraging others to harass the victim

D.

Attempts to gather information about the victim

Question 25

Which of the following is a list of specific actions being taken to deal with specific risks associated with the threats?

Options:

A.

Risk mitigation

B.

Risk acceptance

C.

Risk avoidance

D.

Risk transference

Question 26

Which of the following creates policies, plans, and procedures to minimize the impact of risks to the organizational processes?

Options:

A.

Configuration Management

B.

Business Continuity Planning

C.

Social engineering

D.

Change Management

Question 27

You work as the Network Administrator for a defense contractor. Your company works with sensitive materials and all IT personnel have at least a secret level clearance. You are still concerned that one individual could perhaps compromise the network (intentionally or unintentionally) by setting up improper or unauthorized remote access. What is the best way to avoid this problem?

Options:

A.

Implement least privileges.

B.

Implement RBAC.

C.

Implement three way authentication.

D.

Implement separation of duties.

Question 28

Sam works as the Chief Information Security Officer for Blue Well Inc. There are a number of teams for the security purposes. Which of the following are the types of teams of which Sam can be a part of?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Computer Emergency Response Team

B.

Computer Data Development Team

C.

Computer Security Incident Response Team

D.

Computer Information Development Team

Question 29

Which of the following policies defines the acceptable methods of remotely connecting a system to the internal network?

Options:

A.

Remote access policy

B.

Computer security policy

C.

Network security policy

D.

User Account Policy

Question 30

David works as the Chief Information Security Officer for uCertify Inc. Which of the following are the responsibilities that should be handled by David?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Information development

B.

Information risk management

C.

Information privacy

D.

Information security

Question 31

Mark works as a Software Developer for TechNet Inc. He has recently been fired, as he was caught doing some illegal work in the organization. Before leaving the organization, he decided to retaliate against the organization. He deleted some of the system files and made some changes in the registry files created by him. Which of the following types of attacks has Mark performed?

Options:

A.

DDoS

B.

Logic bomb

C.

Sabotage

D.

Smurf

Question 32

You work as an Information Security Manager for uCertify Inc. You are working on a software asset management plan to provide backup for Active Directory. Which of the following data is required to be backed up for this purpose?

Options:

A.

System state data

B.

Users manual

C.

DNS record

D.

Cache memory

Question 33

Which of the following policies is a set of rules applied by the owner/manager of a network, Website or large computer system that restrict the ways in which the network site or system may be used?

Options:

A.

Default policy

B.

Certificate policy

C.

Informative policy

D.

Acceptable use policy

Question 34

Mark works as a System Administrator for uCertify Inc. He is responsible for securing the network of the organization. He is configuring some of the advanced features of the Windows firewall so that he can block the client machine from responding to pings. Which of the following advanced setting types should Mark change for accomplishing the task?

Options:

A.

UDP

B.

SMTP

C.

ICMP

D.

SNMP

Question 35

You work as an Information Security Officer. You are working on an asset management plan. You need to assign ownership of some assets to an employee. You are making a documentation to explain the responsibilities of an owner of the business asset. Which of the following areas should you include in your documentation?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Revenue tracking

B.

Management

C.

Development

D.

Production

E.

Security

Question 36

You work as a Network Administrator for uCertify Inc. You are responsible for selecting the access control method that will be used for kiosk system software. Your manager wants to have full access to all information about all categories, but the visitors can access only general information about the organization. Which of the following types of access controls is suitable to accomplish this task?

Options:

A.

Attribute-based access control

B.

Mandatory access control

C.

Discretionary access control

D.

Rule-based access control

Question 37

You work as an Information Security Manager for uCertify Inc. The company is releasing the documentation about a software product. Which of the following documents is required by the company to protect it against a libel action if information is corrupted, lost, and destroyed?

Options:

A.

Non disclosure agreement

B.

Copyright

C.

Acknowledgement

D.

Legal disclaimer

Question 38

David works as the Network Administrator for Blue Well Inc. He has been asked to perform risk analysis. He decides to perform it by using CRAMM. The CEO of the company wants to know the stronger points of CRAMM that is going to be used by David. Which of the following points will David tell the CEO of the organization?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It requires protecting a high risk system.

B.

It is effective to meet the objectives of its sub-group.

C.

It does not provide protection against any threat.

D.

It is expensive to implement.

Question 39

You work as a Security Administrator for uCertify Inc. You need to define security controls regarding the network of the organization. Which of the following information security standards deals with the management of technical security controls in systems and networks?

Options:

A.

Asset management

B.

Organization of information security

C.

Information security incident management

D.

Communications and operations management

Question 40

Which of the following Acts, enacted in the United States, amends Civil Rights Act of 1964, providing technical changes affecting the length of time allowed to challenge unlawful seniority provisions, to sue the federal government for discrimination and to bring age discrimination claims?

Options:

A.

The USA Patriot Act of 2001

B.

Civil Rights Act of 1991

C.

Sexual Predators Act

D.

PROTECT Act

Question 41

You work as an Information Security Manager for uCertify Inc. You need to make the documentation on change management. What are the advantages of using change management?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Improved estimates of the costs of proposed changes

B.

Reduced adverse impact of changes on the quality of IT services

C.

Maintenance of user passwords in a secure location

D.

Encryption of personal data when changing locations

Question 42

Which of the following methods can be helpful to eliminate social engineering threat?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Password policies

B.

Vulnerability assessments

C.

Data classification

D.

Data encryption

Question 43

For which of the following can risk analysis be used?

Options:

A.

Reducing risks to an acceptable level in conjunction with security measures

B.

Expressing the value of information for an organization in terms of money

C.

Ensuring that security measures are deployed in a cost-effective fashion

D.

Clarifying management about their responsibilities

Question 44

Which of the following is the correct formula of annualized loss expectancy?

Options:

A.

ALE=single loss expectancy*annualized rate of occurrence

B.

ALE= asset value*exposure factor

C.

ALE=single loss expectancy*exposure factor

D.

ALE=asset value*annualized rate of occurrence

Question 45

Which of the following paragraphs of the Turnbull Report stated that a company's internal control system encompasses the policies, processes, tasks, behaviors, and other aspects of the company?

Options:

A.

Paragraph 28

B.

Paragraph 20

C.

Paragraph 22

D.

Paragraph 21

Question 46

You work as a Security Administrator for uCertify Inc. You have been assigned the task to provide a solution based on high reliability combined with high performance. Which of the following will you use to accomplish the task?

Options:

A.

RAID 10

B.

RAID 5

C.

RAID 0

D.

RAID 1

Question 47

A business impact analysis should be reviewed at a minimum annually but there are a few events in which it should be reviewed more frequently. Which of the following are these events?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Significant changes in the internal business process, location, or technology

B.

A part of a service contract where the level of service is formally defined

C.

A particularly aggressive pace of business change

D.

Significant changes in the external business environment

Question 48

You work as a Network Auditor for Net Perfect Inc. The company has a Windows-based network. You need to audit the network of the company. You need to plan the audit process to minimize the audit risk.

What steps will you take to minimize the possibility of audit risk?

Question # 48

Options:

A.

Question 49

Mark works as a Webmaster for Infonet Inc. He sets up an e-commerce site. He wants to accept online payments through credit cards on this site. He wants the credit card numbers to be encrypted. What will Mark do to accomplish the task?

Options:

A.

Use MIME.

B.

Use HTTP.

C.

Use SET.

D.

Use PGP.

Question 50

You work as an Information Security Manager for uCertify Inc. You have been assigned the task to create the documentation on control A.7.1.3. Which of the following is the chief concern of control A.7.1.3?

Options:

A.

Classification of information

B.

Identification of assets

C.

Identification of inventory

D.

Acceptable use of information assets

Question 51

Peter works as a Security Administrator for SecureEnet Inc. He observes that the database server of the company has been compromised and the data is stolen. Peter immediately wants to report this crime to the law enforcement authorities. Which of the following organizations looks after computer crime investigations in the United States?

Options:

A.

Local or National office of the US secret service

B.

National Institute of Standards and Technology

C.

Federal Bureau of Investigation

D.

Incident response team

Question 52

You are consulting with a small budget conscious accounting firm. Each accountant keeps individual records on their PC and checks them in and out of a server. They are concerned about losing data should the server hard drive crash. Which of the following RAID levels would you recommend?

Options:

A.

RAID 1

B.

RAID 6

C.

RAID 5

D.

RAID 0

Question 53

Which of the following is NOT a module of FaultTree+?

Options:

A.

Kerchief Analysis

B.

Fault Tree Analysis

C.

Event Tree Analysis

D.

Markov Analysis

Question 54

What does CRAMM stand for?

Options:

A.

Continuous Risk Analysis and Management Method

B.

CCTA Risk Analysis and Management Method

C.

Continuous Risk Analyzer and Manager Methodology

D.

CCTA Risk Analyzer and Manager Methodology

Question 55

You have just taken control over network administration services for a sales and marketing firm. The sales staff (consisting of 10 people) rely heavily on both phone and internet connections for business. You notice that the sales staff has a single T1 line handling their phone and internet connections. Which of the following would be the best suggestion for improving this situation?

Options:

A.

Move to fiber optic.

B.

Move them to a T3 line.

C.

Nothing, the system is fine as is.

D.

Add an additional T1 line for redundancy.

Question 56

Which of the following are the limitations of Redundant Array of Inexpensive Disks (RAID)?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It is difficult to move RAID to a new system.

B.

It cannot simplify disaster recovery.

C.

It cannot provide a performance boost in all applications.

D.

It cannot protect the data on the array.

Question 57

Which of the following is used to shift the impact of a threat to a third party, together with the ownership of the response?

Options:

A.

Risk avoidance

B.

Risk transference

C.

Risk mitigation

D.

Risk acceptance

Question 58

Which of the following is NOT a type of FMEA?

Options:

A.

BFMEA

B.

CFMEA

C.

DFMEA

D.

PFMEA

Question 59

Which of the following activities are performed by the 'Do' cycle component of PDCA (plan-docheck- act)?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It performs security awareness training.

B.

It operates the selected controls.

C.

It detects and responds to incidents properly.

D.

It determines controls and their objectives.

E.

It manages resources that are required to achieve a goal.

Question 60

Single Loss Expectancy (SLE) represents an organization's loss from a single threat. Which of the following formulas best describes the Single Loss Expectancy (SLE)?

Options:

A.

SLE = Asset Value (AV) * Annualized Rate of Occurrence (ARO)

B.

SLE = Annualized Loss Expectancy (ALE) * Exposure Factor (EF)

C.

SLE = Asset Value (AV) * Exposure Factor (EF)

D.

SLE = Annualized Loss Expectancy (ALE) * Annualized Rate of Occurrence

Question 61

Which of the following states that a user should never be given more privileges than are required to carry out a task?

Options:

A.

Principle of least privilege

B.

Segregation of duties

C.

Security through obscurity

D.

Role-based security

Question 62

Which of the following are process elements for remote diagnostics?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

After detected performance degradation, predict the failure moment by extrapolation.

B.

Remotely monitor selected vital system parameters.

C.

Compare with known or expected behavior data.

D.

Perform analysis of data to detect trends.

Question 63

Which of the following are the purposes of security awareness, training, and education?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Make computer system users aware of their security responsibilities and teaching them correct practices, which helps users change their behavior.

B.

Enhance the skills and knowledge so that the computer users can perform their jobs more securely.

C.

Improve awareness of the need to protect system resources.

D.

Construct in-depth knowledge, as needed, to design, implement, or operate security programs for organizations and systems.

Question 64

You work as an Information Security Manager for uCertify Inc. You need to create the documentation on information security management system (ISMS). Which of the following is the governing principle behind ISMS?

Options:

A.

An organization should implement and maintain IDS to manage risks to the network.

B.

An organization should design, implement, and maintain a coherent set of policies, processes, and systems to manage risks to its information assets.

C.

An organization should design, implement, and maintain a coherent set of policies to ensure proper marketing of products.

D.

An organization should apply encryption to its information assets.

Question 65

You work as a Security Administrator for uCertify Inc. You have installed ten separate applications for your employees to work. All the applications require users to log in before working on them; however, this takes a lot of time. Therefore, you decide to use SSO to resolve this issue. Which of the following are the other benefits of Single Sign-On (SSO)?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Centralized reporting for compliance adherence

B.

Reducing IT costs due to lower number of IT help desk calls about passwords

C.

Reduces phishing success, because users are not trained to enter password everywhere without thinking

D.

Reduces the user experience

Question 66

The usage of pre-numbered forms for initiating a transaction is an example of which of the following types of control?

Options:

A.

Deterrent control

B.

Detective control

C.

Preventive control

D.

Application control

Question 67

Which of the following protects original works of authorship including literary, dramatic, musical, artistic, and other intellectual works?

Options:

A.

Criminal law

B.

Civil law

C.

Copyright law

D.

Administrative law

Load More G2700 Questions 
Page: 1 / 45
Total 453 questions
Get G2700 Full Access Download G2700 PDF