Labour Day Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

GISF PDF

$38.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

GISF PDF + Testing Engine

$61.6

$175.99

3 Months Free Update

  • Exam Name: GIAC Information Security Fundamentals
  • Last Update: Apr 23, 2024
  • Questions and Answers: 333
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

GISF Engine

$46.2

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

GISF Practice Exam Questions with Answers GIAC Information Security Fundamentals Certification

Question # 6

You have been assigned the task of selecting a hash algorithm. The algorithm will be specifically used to ensure the integrity of certain sensitive files. It must use a 128 bit hash value. Which of the following should you use?

A.

SHA

B.

AES

C.

MD5

D.

DES

Full Access
Question # 7

You are the project manager of a new project in your organization. You and the project team have identified the project risks, completed risk analysis, and are planning the most appropriate risk responses. Which of the following tools is most effective to choose the most appropriate risk response?

A.

Project network diagrams

B.

Delphi Technique

C.

Decision tree analysis

D.

Cause-and-effect diagrams

Full Access
Question # 8

You are a Consumer Support Technician. You are helping a user troubleshoot computer-related issues. While troubleshooting the user's computer, you find a malicious program similar to a virus or worm. The program negatively affects the privacy and security of the computer and is capable of damaging the computer. Which of the following alert levels of Windows Defender is set for this program?

A.

Low

B.

High

C.

Severe

D.

Medium

Full Access
Question # 9

Computer networks and the Internet are the prime mode of Information transfer today. Which of the following is a technique used for modifying messages, providing Information and Cyber security, and reducing the risk of hacking attacks during communications and message passing over the Internet?

A.

Cryptography

B.

OODA loop

C.

Risk analysis

D.

Firewall security

Full Access
Question # 10

Adam, a novice Web user is getting large amount of unsolicited commercial emails on his email address. He suspects that the emails he is receiving are the Spam. Which of the following steps will he take to stop the Spam?

Each correct answer represents a complete solution. Choose all that apply.

A.

Forward a copy of the spam to the ISP to make the ISP conscious of the spam.

B.

Send an email to the domain administrator responsible for the initiating IP address.

C.

Report the incident to the FTC (The U.S. Federal Trade Commission) by sending a copy of the spam message.

D.

Close existing email account and open new email account.

Full Access
Question # 11

You are the security manager of Microliss Inc. Your enterprise uses a wireless network infrastructure with access points ranging 150-350 feet. The employees using the network complain that their passwords and important official information have been traced. You discover the following clues:

The information has proved beneficial to another company.

The other company is located about 340 feet away from your office.

The other company is also using wireless network.

The bandwidth of your network has degraded to a great extent.

Which of the following methods of attack has been used?

A.

A piggybacking attack has been performed.

B.

The information is traced using Bluebugging.

C.

A DOS attack has been performed.

D.

A worm has exported the information.

Full Access
Question # 12

What does Wireless Transport Layer Security (WTLS) provide for wireless devices?

Each correct answer represents a complete solution. Choose all that apply.

A.

Data integrity

B.

Authentication

C.

Encryption

D.

Bandwidth

Full Access
Question # 13

Which of the following protocols are used by Network Attached Storage (NAS)?

Each correct answer represents a complete solution. Choose all that apply.

A.

Apple Filing Protocol (AFP)

B.

Server Message Block (SMB)

C.

Network File System (NFS)

D.

Distributed file system (Dfs)

Full Access
Question # 14

You have an antivirus program for your network. It is dependent upon using lists of known viruses. What is this type of scan called?

A.

Heuristic

B.

Fixed List

C.

Dictionary

D.

Host Based

Full Access
Question # 15

Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer?

A.

IPLog

B.

Snort

C.

Timbersee

D.

Swatch

Full Access
Question # 16

You work as a Security manager for Qualoxizz Inc. Your company has number of network switches in the site network infrastructure. Which of the following actions will you perform to ensure the security of the switches in your company?

A.

Set long session timeouts.

B.

Open up all the unused management ports.

C.

Set similar passwords for each management port.

D.

Ignore usage of the default account settings.

Full Access
Question # 17

Which of the following processes is described in the statement below?

"It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

A.

Perform Quantitative Risk Analysis

B.

Perform Qualitative Risk Analysis

C.

Monitor and Control Risks

D.

Identify Risks

Full Access
Question # 18

Which of the following methods of encryption uses a single key to encrypt and decrypt data?

A.

S/MIME

B.

Asymmetric

C.

PGP

D.

Symmetric

Full Access
Question # 19

Which of the following types of firewall functions by creating two different communications, one between the client and the firewall, and the other between the firewall and the end server?

A.

Packet filter firewall

B.

Proxy-based firewall

C.

Stateful firewall

D.

Endian firew

Full Access
Question # 20

Firekiller 2000 is an example of a __________.

A.

DoS attack Trojan

B.

Data sending Trojan

C.

Remote access Trojan

D.

Security software disabler Trojan

Full Access
Question # 21

This type of virus infects programs that can execute and load into memory to perform predefined steps for infecting systems. It infects files with the extensions .EXE, .COM, .BIN, and .SYS. As it can replicate or destroy these types of files, the operating system becomes corrupted and needs reinstallation. This type of virus is known as __________.

A.

Multipartite virus

B.

Boot sector virus

C.

File virus

D.

Stealth virus

E.

Polymorphic virus

Full Access
Question # 22

Which of the following types of cipher encrypts alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword?

A.

Block cipher

B.

Transposition cipher

C.

Vigen re cipher

D.

Stream cipher

Full Access
Question # 23

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

A.

Web ripping

B.

Email spoofing

C.

Steganography

D.

Social engineering

Full Access
Question # 24

Which of the following is NOT a phase of the OODA Loop strategy?

A.

Observe

B.

Define

C.

Orient

D.

Act

Full Access
Question # 25

Adam works as a Professional Penetration Tester for Umbrella Inc. A project has been assigned to him to carry out a Black Box penetration testing as a regular evaluation of the system security and integrity of the company's network. Which of the following statements are true about the Black Box penetration testing?

Each correct answer represents a complete solution. Choose all that apply.

A.

Black box testing provides the testers with complete knowledge of the infrastructure to be tested.

B.

Black box testing simulates an attack from someone who is unfamiliar with the system.

C.

Black box testing simulates an attack from someone who is familiar with the system.

D.

Black box testing assumes no prior knowledge of the infrastructure to be tested.

Full Access
Question # 26

Which of the following attacks saturates network resources and disrupts services to a specific computer?

A.

Teardrop attack

B.

Replay attack

C.

Denial-of-Service (DoS) attack

D.

Polymorphic shell code attack

Full Access
Question # 27

Jane works as a Consumer Support Technician for McRoberts Inc. The company provides troubleshooting support to users. A user named Peter installs Windows Vista on his computer. He connects his computer on the network. He wants to protect his computer from malicious software and prevent hackers from gaining access to his computer through the network. Which of the following actions will Jane assist Peter to perform to accomplish the task?

A.

Don't stay logged on as an administrator.

B.

Use a firewall.

C.

Keep the computer up-to-date.

D.

Run antivirus software on the computer.

Full Access
Question # 28

Which of the following categories of the network management model is used to detect and log network problems or device failures?

A.

Fault Management

B.

Configuration Management

C.

Security Management

D.

Performance Management

Full Access
Question # 29

Mark works as a Network Administrator for NetTech Inc. The company has a Windows Server 2008 domain-based network. The network contains four Windows 2008 member servers and 250 Windows Vista client computers. One of the member servers works as a Web server that hosts an intranet Web site. According to the company security policy, Mark needs to fulfill the following requirements:

1. Encryption should be used for authentication of all traffic to the Web site.

2. SSL should not be used on the Web server for performance reasons.

3. Users should be authenticated using their Active Directory credentials.

In order to fulfill the requirements, Mark has disabled the Anonymous Authentication setting on the server. What else does he have to do?

A.

Enable the Anonymous Authentication setting on the server.

B.

Enable the Encrypting File System (EFS) on the server.

C.

Enable the Digest Authentication setting on the server.

D.

Enable the Windows Authentication setting on the server.

Full Access
Question # 30

Which of the following refers to the ability to ensure that the data is not modified or tampered with?

A.

Availability

B.

Integrity

C.

Confidentiality

D.

Non-repudiation

Full Access
Question # 31

Which of the following refers to the process of verifying the identity of a person, network host, or system process?

A.

Hacking

B.

Authentication

C.

Packet filtering

D.

Auditing

Full Access
Question # 32

Which of the following techniques can be used by an administrator while working with the symmetric encryption cryptography? Each correct answer represents a complete solution. Choose all that apply.

A.

Transposition cipher

B.

Message Authentication Code

C.

Stream cipher

D.

Block cipher

Full Access
Question # 33

Which of the following is an examination of the controls within an Information technology (IT) infrastructure?

A.

Risk analysis

B.

ITIL

C.

ADP audit

D.

SMART

Full Access
Question # 34

Your corporate network uses a Proxy Server for Internet access. The Manufacturing group has access permission for WWW protocol in the Web Proxy service, and access permission for POP3 protocol, in the WinSock Proxy service. The Supervisors group has access permission for WWW and FTP Read protocols in the Web Proxy service, and access permission for the SMTP protocol in the WinSock Proxy service. The Quality Control group has access permission only for WWW protocol in the Web Proxy service. The Interns group has no permissions granted in any of the Proxy Server services. Kate is a member of all four groups. In the Proxy Server services, which protocols does Kate have permission to use?

A.

WWW only

B.

FTP Read and SMTP only

C.

WWW, FTP Read, POP3, and SMTP

D.

WWW and POP3 only

Full Access
Question # 35

Which of the following types of attack can guess a hashed password?

A.

Teardrop attack

B.

Evasion attack

C.

Denial of Service attack

D.

Brute force attack

Full Access
Question # 36

The IT Director of the company is very concerned about the security of the network. Which audit policy should he implement to detect possible intrusions into the network? (Click the Exhibit button on the toolbar to see the case study.)

A.

The success and failure auditing for policy change.

B.

The success and failure auditing for process tracking.

C.

The success and failure auditing for logon events.

D.

The success and failure auditing for privilege use.

Full Access
Question # 37

Which of the following wireless security features provides the best wireless security mechanism?

A.

WPA with 802.1X authentication

B.

WPA with Pre Shared Key

C.

WPA

D.

WEP

Full Access
Question # 38

You work in a company that accesses the Internet frequently. This makes the company's files susceptible to attacks from unauthorized access. You want to protect your company's network from external attacks. Which of the following options will help you in achieving your aim?

A.

FTP

B.

Gopher

C.

Firewall

D.

HTTP

Full Access
Question # 39

Which of the following devices or hardware parts employs SMART model system as a monitoring system?

A.

Modem

B.

RAM

C.

Hard disk

D.

IDS

Full Access
Question # 40

Which of the following Windows Security Center features is implemented to give a logical layer protection between computers in a networked environment?

A.

Firewall

B.

Automatic Updating

C.

Other Security Settings

D.

Malware Protection

Full Access
Question # 41

You are the Network Administrator for a bank. You discover that someone has logged in with a user account access, but then used various techniques to obtain access to other user accounts. What is this called?

A.

Vertical Privilege Escalation

B.

Session Hijacking

C.

Account hijacking

D.

Horizontal Privilege Escalation

Full Access
Question # 42

Rick works as a Network Administrator for Fimbry Hardware Inc. Based on the case study, which network routing strategy will he implement for the company? (Click the Exhibit button on the toolbar to see the case study.)

A.

He will implement OSPF on all the router interfaces.

B.

He will implement RIP v1 on all the router interfaces.

C.

He will implement the IGMP on all the router interface.

D.

He will implement RIP v2 on all the router interfaces.

E.

He will implement static routes for the routers.

Full Access
Question # 43

The Intrusion Detection System (IDS) instructs the firewall to reject any request from a particular IP address if the network is repeatedly attacked from this address. What is this action known as?

A.

Sending deceptive e-mails

B.

Sending notifications

C.

Shunning

D.

Logging

E.

Spoofing

F.

Network Configuration Changes

Full Access
Question # 44

You work as an Application Developer for uCertify Inc. The company uses Visual Studio .NET Framework 3.5 as its application development platform. You are working on a WCF service. You have decided to implement transport level security. Which of the following security protocols will you use?

A.

Kerberos

B.

HTTPS

C.

RSA

D.

IPSEC

Full Access
Question # 45

Which of the following are the benefits of information classification for an organization?

A.

It helps identify which information is the most sensitive or vital to an organization.

B.

It ensures that modifications are not made to data by unauthorized personnel or processes

C.

It helps identify which protections apply to which information.

D.

It helps reduce the Total Cost of Ownership (TCO).

Full Access
Question # 46

You are the Network Administrator for a software development company. Your company creates various utilities and tools. You have noticed that some of the files your company creates are getting deleted from systems. When one is deleted, it seems to be deleted from all the computers on your network. Where would you first look to try and diagnose this problem?

A.

Antivirus log

B.

System log

C.

IDS log

D.

Firewall log

Full Access
Question # 47

Which of the following are parts of applying professional knowledge? Each correct answer represents a complete solution. Choose all that apply.

A.

Maintaining cordial relationship with project sponsors

B.

Reporting your project management appearance

C.

Staying up-to-date with project management practices

D.

Staying up-to-date with latest industry trends and new technology

Full Access
Question # 48

You have purchased a wireless router for your home network. What will you do first to enhance the security?

A.

Change the default password and administrator's username on the router

B.

Disable the network interface card on the computer

C.

Configure DMZ on the router

D.

Assign a static IP address to the computers

Full Access
Question # 49

You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?

A.

Risk Management Plan

B.

Communications Management Plan

C.

Stakeholder management strategy

D.

Resource Management Plan

Full Access