Weekend Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. GIAC
  3. GIAC Certification
  4. GISF
  5. GISF - GIAC Information Security Fundamentals

GIAC GISF GIAC Information Security Fundamentals Exam Practice Test

Page: 1 / 33
Total 333 questions
Get GISF Full Access Download GISF PDF

GIAC Information Security Fundamentals Questions and Answers

Question 1

You work in a company that accesses the Internet frequently. This makes the company's files susceptible to attacks from unauthorized access. You want to protect your company's network from external attacks. Which of the following options will help you in achieving your aim?

Options:

A.

FTP

B.

Gopher

C.

Firewall

D.

HTTP

Question 2

Which of the following devices or hardware parts employs SMART model system as a monitoring system?

Options:

A.

Modem

B.

RAM

C.

Hard disk

D.

IDS

Question 3

Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?

Options:

A.

Technical representative

B.

Legal representative

C.

Lead investigator

D.

Information security representative

Question 4

Which of the following statements are true about Public-key cryptography? Each correct answer represents a complete solution. Choose two.

Options:

A.

Data encrypted with the secret key can only be decrypted by another secret key.

B.

The secret key can encrypt a message, and anyone with the public key can decrypt it.

C.

Data encrypted by the public key can only be decrypted by the secret key.

D.

The distinguishing technique used in public key-private key cryptography is the use of symmetric key algorithms.

Question 5

Which of the following statements about a brute force attack is true?

Options:

A.

It is a program that allows access to a computer without using security checks.

B.

It is an attack in which someone accesses your e-mail server and sends misleading information to others.

C.

It is a virus that attacks the hard drive of a computer.

D.

It is a type of spoofing attack.

E.

It is an attempt by an attacker to guess passwords until he succeeds.

Question 6

Rick works as a Network Administrator for Fimbry Hardware Inc. Based on the case study, which network routing strategy will he implement for the company? (Click the Exhibit button on the toolbar to see the case study.)

Options:

A.

He will implement OSPF on all the router interfaces.

B.

He will implement RIP v1 on all the router interfaces.

C.

He will implement the IGMP on all the router interface.

D.

He will implement RIP v2 on all the router interfaces.

E.

He will implement static routes for the routers.

Question 7

You work as a Software Developer for uCertify Inc. The company has several branches worldwide. The company uses Visual Studio.NET 2005 as its application development platform. You have recently finished the development of an application using .NET Framework 2.0. The application can be used only for cryptography. Therefore, you have implemented the application on a computer. What will you call the computer that implemented cryptography?

Options:

A.

Cryptographer

B.

Cryptographic toolkit

C.

Cryptosystem

D.

Cryptanalyst

Question 8

The Intrusion Detection System (IDS) instructs the firewall to reject any request from a particular IP address if the network is repeatedly attacked from this address. What is this action known as?

Options:

A.

Sending deceptive e-mails

B.

Sending notifications

C.

Shunning

D.

Logging

E.

Spoofing

F.

Network Configuration Changes

Question 9

You are the project manager for a software technology company. You and the project team have identified that the executive staff is not fully committed to the project. Which of the following best describes the risk?

Options:

A.

Residual risks

B.

Trend analysis

C.

Schedule control

D.

Organizational risks

Question 10

Which of the following are parts of applying professional knowledge? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Maintaining cordial relationship with project sponsors

B.

Reporting your project management appearance

C.

Staying up-to-date with project management practices

D.

Staying up-to-date with latest industry trends and new technology

Question 11

Which of the following logs contains events pertaining to security as defined in the Audit policy?

Options:

A.

DNS server log

B.

Application log

C.

System log

D.

Directory Service log

E.

Security log

F.

File Replication Service log

Question 12

You are the project manager for BlueWell Inc. You are reviewing the risk register for your project. The risk register provides much information to you, the project manager and to the project team during the risk response planning. All of the following are included in the risk register except for which item?

Options:

A.

Trends in qualitative risk analysis results

B.

Symptoms and warning signs of risks

C.

List of potential risk responses

D.

Network diagram analysis of critical path activities

Question 13

Which of the following are the types of Intrusion detection system?

Options:

A.

Server-based intrusion detection system (SIDS)

B.

Client based intrusion detection system (CIDS)

C.

Host-based intrusion detection system (HIDS)

D.

Network intrusion detection system (NIDS)

Question 14

You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries. But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be involved in resolving this process and find a solution? Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Recovery

B.

Contamination

C.

Identification

D.

Eradication

E.

Preparation

Question 15

You are responsible for virus protection for a large college campus. You are very concerned that your antivirus solution must be able to capture the latest virus threats. What sort of virus protection should you implement?

Options:

A.

Network Based

B.

Dictionary

C.

Heuristic

D.

Host based

Question 16

Which of the following Windows Security Center features is implemented to give a logical layer protection between computers in a networked environment?

Options:

A.

Firewall

B.

Automatic Updating

C.

Other Security Settings

D.

Malware Protection

Question 17

You are the project manager for TTX project. You have to procure some electronics gadgets for the project. A relative of yours is in the retail business of those gadgets. He approaches you for your favor to get the order. This is the situation of ____.

Options:

A.

Bribery

B.

Irresponsible practice

C.

Illegal practice

D.

Conflict of interest

Question 18

Which of the following processes is responsible for low risk, frequently occurring low cost changes?

Options:

A.

Incident Management

B.

IT Facilities Management

C.

Request Fulfillment

D.

Release Management

Question 19

You work as a Network Administrator for Tech World Inc. The company has a TCP/IP-based router. You have configured a router on your network. You want to accomplish the following goals:

l Configure the router to require a password to move from user EXEC mode to privileged EXEC mode.

l The password must be listed as a hidden entry in the configuration file.

You run the following command: enable password

Which of the goals will this action accomplish?

Options:

A.

The password will be listed as a hidden entry in the configuration file

B.

The action will accomplish neither of the goals

C.

The action will accomplish both the goals

D.

The router will require a password to move from user EXEC mode to privileged EXEC mode

Question 20

Which of the following is the best approach to conflict resolution?

Options:

A.

Hard work and understanding

B.

Mutual respect and cooperation

C.

Flexibility

D.

Sincerity and hard work

Question 21

Which of the following protocols provides connectionless integrity and data origin authentication of IP packets?

Options:

A.

ESP

B.

IKE

C.

ISAKMP

D.

AH

Question 22

Which of the following statements about Public Key Infrastructure (PKI) is true?

Options:

A.

It uses symmetric key pairs.

B.

It uses public key encryption.

C.

It is a digital representation of information that identifies users.

D.

It provides security using data encryption and digital signature.

Question 23

You work as a Consumer Support Technician for ABC Inc. The company provides troubleshooting support to users. You are troubleshooting a computer of a user who is working on Windows Vista.

He reports that his sensitive data is being accessed by someone because of security vulnerability in the component of Windows Vista. Which of the following features of Windows Security Center will you configure to save the user's data?

Options:

A.

Malware protection

B.

Automatic updating

C.

Firewall

D.

Other security settings

Question 24

You work as a Computer Hacking Forensic Investigator for SecureNet Inc. You want to investigate Cross-Site Scripting attack on your company's Website. Which of the following methods of investigation can you use to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Use a Web proxy to view the Web server transactions in real time and investigate any communication with outside servers.

B.

Look at the Web servers logs and normal traffic logging.

C.

Use Wireshark to capture traffic going to the server and then searching for the requests going to the input page, which may give log of the malicious traffic and the IP address of the source.

D.

Review the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL to the company's site.

Question 25

Which of the following statements about Public Key Infrastructure (PKI) are true?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It is a digital representation of information that identifies users.

B.

It uses asymmetric key pairs.

C.

It provides security using data encryption and digital signature.

D.

It uses symmetric key pairs.

Question 26

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. John wants to redirect all TCP port 80 traffic to UDP port 40, so that he can bypass the firewall of the We-are-secure server. Which of the following tools will John use to accomplish his task?

Options:

A.

PsList

B.

Fpipe

C.

Cain

D.

PsExec

Question 27

The Incident handling process implemented in an enterprise is responsible to deal with all the incidents regarding the enterprise. Which of the following procedures will be involved by the preparation phase of the Incident handling process?

Options:

A.

Organizing a solution to remove an incident

B.

Building up an incident response kit

C.

Working with QA to validate security of the enterprise

D.

Setting up the initial position after an incident

Question 28

Which of the following security applications is used to secure a database from unauthorized accesses in a network infrastructure?

Options:

A.

Antivirus

B.

Anti-Malware

C.

Anti-Spoofing

D.

Firewall

Question 29

You work as a Product manager for Marioiss Inc. You have been tasked to start a project for securing the network of your company. You want to employ configuration management to efficiently manage the procedures of the project. What will be the benefits of employing configuration management for completing this project?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It provides the risk analysis of project configurations.

B.

It provides object, orient, decide and act strategy.

C.

It provides the versions for network devices.

D.

It provides a live documentation of the project.

Question 30

Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use Steganographic file system method to encrypt and hide some secret information. Which of the following disk spaces will he use to store this secret information?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Slack space

B.

Unused Sectors

C.

Dumb space

D.

Hidden partition

Question 31

Which of the following statements are true about routers?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Routers do not limit physical broadcast traffic.

B.

Routers act as protocol translators and bind dissimilar networks.

C.

Routers organize addresses into classes, which are used to determine how to move packets from one network to another.

D.

Routers are responsible for making decisions about which of several paths network (or Internet) traffic will follow.

Question 32

John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Dictionary attack

B.

Rule based attack

C.

Brute Force attack

D.

Hybrid attack

Question 33

The IT administrator wants to implement a stronger security policy. What are the four most important security priorities for uCertify Software Systems Pvt. Ltd.?

(Click the Exhibit button on the toolbar to see the case study.)

Options:

A.

Providing secure communications between Washington and the headquarters office.

B.

Implementing Certificate services on Texas office.

C.

Preventing denial-of-service attacks.

D.

Ensuring secure authentication.

E.

Preventing unauthorized network access.

F.

Providing two-factor authentication.

G.

Protecting employee data on portable computers.

Question 34

You work as a Network Administrator for ABC Inc. The company uses a secure wireless network.

John complains to you that his computer is not working properly. What type of security audit do you need to conduct to resolve the problem?

Options:

A.

Operational audit

B.

Non-operational audit

C.

Independent audit

D.

Dependent audit

Question 35

You are the project manager of SST project. You are in the process of collecting and distributing performance information including status report, progress measurements, and forecasts. Which of the following process are you performing?

Options:

A.

Perform Quality Control

B.

Verify Scope

C.

Report Performance

D.

Control Scope

Question 36

Which of the following terms is used for a router that filters traffic before it is passed to the firewall?

Options:

A.

Screened host

B.

Demilitarized zone (DMZ)

C.

Honey pot

D.

Bastion host

Question 37

Which of the following is used to authenticate asymmetric keys?

Options:

A.

Digital signature

B.

MAC Address

C.

Password

D.

Demilitarized zone (DMZ)

Question 38

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

Options:

A.

Corrective controls

B.

Detective controls

C.

Safeguards

D.

Preventive controls

Question 39

You are a Product manager of Marioxiss Inc. Your company management is having a conflict with another company Texasoftg Inc. over an issue of security policies. Your legal advisor has prepared a document that includes the negotiation of views for both the companies. This solution is supposed to be the key for conflict resolution. Which of the following are the forms of conflict resolution that have been employed by the legal advisor?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Orientation

B.

Mediation

C.

Negotiation

D.

Arbitration

Question 40

You are the project manager of the HHH Project. The stakeholders for this project are scattered across the world and you need a method to promote interaction. You determine that a Web conferencing software would be the most cost effective solution. The stakeholders can watch a slide show while you walk them through the project details. The stakeholders can hear you, ask questions via a chat software, and post concerns. What is the danger in this presentation?

Options:

A.

55 percent of all communication is nonverbal and this approach does not provide non-verbal communications.

B.

The technology is not proven as reliable.

C.

The stakeholders won't really see you.

D.

The stakeholders are not required to attend the entire session.

Question 41

What does Wireless Transport Layer Security (WTLS) provide for wireless devices?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Data integrity

B.

Authentication

C.

Encryption

D.

Bandwidth

Question 42

The new security policy requires you to encrypt all data transmitted from the laptop computers of sales personnel to the distribution centers. How will you implement the security requirements?

(Click the Exhibit button on the toolbar to see the case study.)

Options:

A.

Use 40-bit encryption for Routing and Remote Access Service(RRAS) Server. Use PPTP without packet filtering for VPN.

B.

Use 128-bit encryption for Routing and Remote Access Service(RRAS) Server. Use PPTP without packet filtering for VPN.

C.

Use 128-bit encryption for Routing and Remote Access Service(RRAS) Server. Use PPTP with packet filtering for VPN.

D.

Use 40-bit encryption for the Routing and Remote Access Service(RRAS) Server. Use PPTP with packet filtering for VPN.

Question 43

You work as an Exchange Administrator for TechWorld Inc. The company has a Windows 2008 Active Directory-based network. The network contains an Exchange Server 2010 organization. The messaging organization contains one Hub Transport server, one Client Access server, and two Mailbox servers.

You are planning to deploy an Edge Transport server in your messaging organization to minimize the attack surface. At which of the following locations will you deploy the Edge Transport server?

Options:

A.

Active Directory site

B.

Intranet

C.

Behind the inner firewall of an organization

D.

Perimeter network

Question 44

Sam is creating an e-commerce site. He wants a simple security solution that does not require each customer to have an individual key. Which of the following encryption methods will he use?

Options:

A.

S/MIME

B.

PGP

C.

Asymmetric encryption

D.

Symmetric encryption

Question 45

Which of the following provides a credential that can be used by all Kerberos-enabled servers and applications?

Options:

A.

Remote Authentication Dial In User Service (RADIUS)

B.

Internet service provider (ISP)

C.

Network Access Point (NAP)

D.

Key Distribution Center (KDC)

Question 46

Key Distribution Center is used in which authentication method?

Options:

A.

Multi-factor

B.

Smart cards

C.

Biometrics

D.

Security tokens

E.

Kerberos

F.

Challenge Handshake Authentication Protocol

Question 47

You work as an executive manager for Mariotx.Inc. You entered into a business contract with a firm called Helfixnet.Inc. You passed on the contract details to Helfixnet.Inc and also got an acceptance approval. You later find that Helfixnet.Inc is violating the rules of the contract and they claim that they had never entered into any contract with Mariotx.Inc when asked. Which of the following directives of Information Assurance can you apply to ensure prevention from such issues?

Options:

A.

Confidentiality

B.

Non-repudiation

C.

Data integrity

D.

Data availability

Question 48

Which of the following protocols is used to provide remote monitoring and administration to network management machines on the network? The management machines will use this protocol to collect information for network monitoring. At times, the protocol can also be used for remote configuration.

Options:

A.

NNTP

B.

Telnet

C.

SSH

D.

SNMP

Question 49

Which of the following monitors program activities and modifies malicious activities on a system?

Options:

A.

Back door

B.

HIDS

C.

RADIUS

D.

NIDS

Load More GISF Questions 
Page: 1 / 33
Total 333 questions
Get GISF Full Access Download GISF PDF