GISF Exam - GIAC Information Security Fundamentals

NEW QUESTION 1

You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?

• A. Risk Management Plan
• B. Communications Management Plan
• C. Stakeholder management strategy
• D. Resource Management Plan

Answer: B

NEW QUESTION 2

You have an antivirus program for your network. It is dependent upon using lists of known viruses. What is this type of scan called?

• A. Heuristic
• B. Fixed List
• C. Dictionary
• D. Host Based

Answer: C

NEW QUESTION 3

Which of the following statements are true about UDP?
Each correct answer represents a complete solution. Choose all that apply.

• A. UDP is an unreliable protocol.
• B. FTP uses a UDP port for communication.
• C. UDP is a connectionless protocol.
• D. TFTP uses a UDP port for communication.
• E. UDP works at the data-link layer of the OSI model.

Answer: ACD

NEW QUESTION 4

Victor works as a network administrator for DataSecu Inc. He uses a dual firewall Demilitarized Zone (DMZ) to insulate the rest of the network from the portions, which is available to the Internet. Which of the following security threats may occur if DMZ protocol attacks are performed?
Each correct answer represents a complete solution. Choose all that apply.

• A. Attacker can exploit any protocol used to go into the internal network or intranet of the com pany.
• B. Attacker managing to break the first firewall defense can access the internal network without breaking the second firewall if it is different.
• C. Attacker can gain access to the Web server in a DMZ and exploit the database.
• D. Attacker can perform Zero Day attack by delivering a malicious payload that is not a part of the intrusion detection/prevention systems guarding the network.

Answer: ACD

NEW QUESTION 5

You are configuring the Terminal service. What Protocols are required with Terminal services? (Click the Exhibit button on the toolbar to see the case study.) Each correct answer represents a part of the solution. Choose two.

• A. L2TP
• B. TCP/IP
• C. RDP
• D. CHAP
• E. PPTP

Answer: BC

NEW QUESTION 6

Which of the following protocols are used by Network Attached Storage (NAS)?
Each correct answer represents a complete solution. Choose all that apply.

• A. Apple Filing Protocol (AFP)
• B. Server Message Block (SMB)
• C. Network File System (NFS)
• D. Distributed file system (Dfs)

Answer: ABC

NEW QUESTION 7

John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks? Each correct answer represents a complete solution. Choose all that apply.

• A. Dictionary attack
• B. Rule based attack
• C. Brute Force attack
• D. Hybrid attack

Answer: ACD

NEW QUESTION 8

You work as a Network Administrator for ABC Inc. The company has a secure wireless network.
However, in the last few days, an attack has been taking place over and over again. This attack is taking advantage of ICMP directed broadcast. To stop this attack, you need to disable ICMP directed broadcasts. Which of the following attacks is taking place?

• A. Smurf attack
• B. Sniffer attack
• C. Cryptographic attack
• D. FMS attack

Answer: A

NEW QUESTION 9

Which of the following types of firewalls looks deep into packets and makes granular access control decisions?

• A. Stateful
• B. Application level proxy
• C. Circuit level proxy
• D. Packet filtering

Answer: B

NEW QUESTION 10

You work as a Software Developer for Mansoft Inc. You, together with a team, develop a distributed application that processes orders from multiple types of clients. The application uses SQL Server to store data for all orders. The application does not implement any custom performance counters. After the application is deployed to production, it must be monitored for performance spikes. What will you do to monitor performance spikes in the application in a deployment environment?
Each correct answer represents a part of the solution. Choose all that apply.

• A. Use SQL Profiler
• B. Use CLR Profiler
• C. Use Windows System Monitor
• D. Use Microsoft Operations Manager

Answer: ACD

NEW QUESTION 11

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

• A. Risk acceptance
• B. Risk transfer
• C. Risk avoidance
• D. Risk mitigation

Answer: B

NEW QUESTION 12

You want to install a server that can be accessed by external users. You also want to ensure that these users cannot access the rest of the network. Where will you place the server?

• A. Intranet
• B. Local Area Network
• C. Internet
• D. Demilitarized Zone
• E. Extranet
• F. Wide Area Network

Answer: D

NEW QUESTION 13

Cryptography is the science of?

• A. Encrypting and decrypting plain text messages.
• B. Decrypting encrypted text messages.
• C. Encrypting plain text messages.
• D. Hacking secure information.

Answer: A

NEW QUESTION 14

You are the project manager of SST project. You are in the process of collecting and distributing performance information including status report, progress measurements, and forecasts. Which of the following process are you performing?

• A. Perform Quality Control
• B. Verify Scope
• C. Report Performance
• D. Control Scope

Answer: C

NEW QUESTION 15

You work as a Network Administrator for McRoberts Inc. You are required to upgrade a client computer on the company's network to Windows Vista Ultimate. During installation, the computer stops responding, and the screen does not change. What is the most likely cause?

• A. Antivirus software is running on the computer.
• B. You have provided an improper product key.
• C. The computer is running a driver that is incompatible with Vista.
• D. The computer has a hardware device that is incompatible with Vista.

Answer: A

NEW QUESTION 16

Which of the following are used as primary technologies to create a layered defense for giving protection to a network?
Each correct answer represents a complete solution. Choose all that apply.

• A. Vulnerability
• B. Firewall
• C. Endpoint authentication
• D. IDS

Answer: BCD

NEW QUESTION 17

Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?

• A. Technical representative
• B. Legal representative
• C. Lead investigator
• D. Information security representative

Answer: A

NEW QUESTION 18

What are the benefits of using a proxy server on a network?
Each correct answer represents a complete solution. Choose all that apply.

• A. It enhances network security.
• B. It uses a single registered IP address for multiple connections to the Internet.
• C. It cuts down dial-up charges.
• D. It is used for automated assignment of IP addresses to a TCP/IP client in the domain.

Answer: AB

NEW QUESTION 19
......