GISF Practice Exam Questions with Answers GIAC Information Security Fundamentals Certification

You have been assigned the task of selecting a hash algorithm. The algorithm will be specifically used to ensure the integrity of certain sensitive files. It must use a 128 bit hash value. Which of the following should you use?

You are the project manager of a new project in your organization. You and the project team have identified the project risks, completed risk analysis, and are planning the most appropriate risk responses. Which of the following tools is most effective to choose the most appropriate risk response?

You are a Consumer Support Technician. You are helping a user troubleshoot computer-related issues. While troubleshooting the user's computer, you find a malicious program similar to a virus or worm. The program negatively affects the privacy and security of the computer and is capable of damaging the computer. Which of the following alert levels of Windows Defender is set for this program?

Computer networks and the Internet are the prime mode of Information transfer today. Which of the following is a technique used for modifying messages, providing Information and Cyber security, and reducing the risk of hacking attacks during communications and message passing over the Internet?

Adam, a novice Web user is getting large amount of unsolicited commercial emails on his email address. He suspects that the emails he is receiving are the Spam. Which of the following steps will he take to stop the Spam?

Each correct answer represents a complete solution. Choose all that apply.

You are the security manager of Microliss Inc. Your enterprise uses a wireless network infrastructure with access points ranging 150-350 feet. The employees using the network complain that their passwords and important official information have been traced. You discover the following clues:

The information has proved beneficial to another company.

The other company is located about 340 feet away from your office.

The other company is also using wireless network.

The bandwidth of your network has degraded to a great extent.

Which of the following methods of attack has been used?

What does Wireless Transport Layer Security (WTLS) provide for wireless devices?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following protocols are used by Network Attached Storage (NAS)?

Each correct answer represents a complete solution. Choose all that apply.

You have an antivirus program for your network. It is dependent upon using lists of known viruses. What is this type of scan called?

Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer?

You work as a Security manager for Qualoxizz Inc. Your company has number of network switches in the site network infrastructure. Which of the following actions will you perform to ensure the security of the switches in your company?

Which of the following processes is described in the statement below?

"It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

Which of the following methods of encryption uses a single key to encrypt and decrypt data?

Which of the following types of firewall functions by creating two different communications, one between the client and the firewall, and the other between the firewall and the end server?

Firekiller 2000 is an example of a __________.

This type of virus infects programs that can execute and load into memory to perform predefined steps for infecting systems. It infects files with the extensions .EXE, .COM, .BIN, and .SYS. As it can replicate or destroy these types of files, the operating system becomes corrupted and needs reinstallation. This type of virus is known as __________.

Which of the following types of cipher encrypts alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword?

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

Which of the following is NOT a phase of the OODA Loop strategy?

Adam works as a Professional Penetration Tester for Umbrella Inc. A project has been assigned to him to carry out a Black Box penetration testing as a regular evaluation of the system security and integrity of the company's network. Which of the following statements are true about the Black Box penetration testing?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following attacks saturates network resources and disrupts services to a specific computer?

Jane works as a Consumer Support Technician for McRoberts Inc. The company provides troubleshooting support to users. A user named Peter installs Windows Vista on his computer. He connects his computer on the network. He wants to protect his computer from malicious software and prevent hackers from gaining access to his computer through the network. Which of the following actions will Jane assist Peter to perform to accomplish the task?

Which of the following categories of the network management model is used to detect and log network problems or device failures?

Mark works as a Network Administrator for NetTech Inc. The company has a Windows Server 2008 domain-based network. The network contains four Windows 2008 member servers and 250 Windows Vista client computers. One of the member servers works as a Web server that hosts an intranet Web site. According to the company security policy, Mark needs to fulfill the following requirements:

1. Encryption should be used for authentication of all traffic to the Web site.

2. SSL should not be used on the Web server for performance reasons.

3. Users should be authenticated using their Active Directory credentials.

In order to fulfill the requirements, Mark has disabled the Anonymous Authentication setting on the server. What else does he have to do?

Which of the following refers to the ability to ensure that the data is not modified or tampered with?

Which of the following refers to the process of verifying the identity of a person, network host, or system process?

Which of the following techniques can be used by an administrator while working with the symmetric encryption cryptography? Each correct answer represents a complete solution. Choose all that apply.

Which of the following is an examination of the controls within an Information technology (IT) infrastructure?

Your corporate network uses a Proxy Server for Internet access. The Manufacturing group has access permission for WWW protocol in the Web Proxy service, and access permission for POP3 protocol, in the WinSock Proxy service. The Supervisors group has access permission for WWW and FTP Read protocols in the Web Proxy service, and access permission for the SMTP protocol in the WinSock Proxy service. The Quality Control group has access permission only for WWW protocol in the Web Proxy service. The Interns group has no permissions granted in any of the Proxy Server services. Kate is a member of all four groups. In the Proxy Server services, which protocols does Kate have permission to use?

Which of the following types of attack can guess a hashed password?

The IT Director of the company is very concerned about the security of the network. Which audit policy should he implement to detect possible intrusions into the network? (Click the Exhibit button on the toolbar to see the case study.)

Which of the following wireless security features provides the best wireless security mechanism?

You work in a company that accesses the Internet frequently. This makes the company's files susceptible to attacks from unauthorized access. You want to protect your company's network from external attacks. Which of the following options will help you in achieving your aim?

Which of the following devices or hardware parts employs SMART model system as a monitoring system?

Which of the following Windows Security Center features is implemented to give a logical layer protection between computers in a networked environment?

You are the Network Administrator for a bank. You discover that someone has logged in with a user account access, but then used various techniques to obtain access to other user accounts. What is this called?

Rick works as a Network Administrator for Fimbry Hardware Inc. Based on the case study, which network routing strategy will he implement for the company? (Click the Exhibit button on the toolbar to see the case study.)

The Intrusion Detection System (IDS) instructs the firewall to reject any request from a particular IP address if the network is repeatedly attacked from this address. What is this action known as?

You work as an Application Developer for uCertify Inc. The company uses Visual Studio .NET Framework 3.5 as its application development platform. You are working on a WCF service. You have decided to implement transport level security. Which of the following security protocols will you use?

Which of the following are the benefits of information classification for an organization?

You are the Network Administrator for a software development company. Your company creates various utilities and tools. You have noticed that some of the files your company creates are getting deleted from systems. When one is deleted, it seems to be deleted from all the computers on your network. Where would you first look to try and diagnose this problem?

Which of the following are parts of applying professional knowledge? Each correct answer represents a complete solution. Choose all that apply.

You have purchased a wireless router for your home network. What will you do first to enhance the security?

You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?