GISF Exam - GIAC Information Security Fundamentals

NEW QUESTION 1

Tom works as the project manager for BlueWell Inc. He is working with his project to ensure timely and appropriate generation, retrieval, distribution, collection, storage, and ultimate disposition of project information. What is the process in which Tom is working?

• A. Stakeholder expectation management
• B. Stakeholder analysis
• C. Work performance measurement
• D. Project communication management

Answer: D

NEW QUESTION 2

Peter is a merchant. He uses symmetric encryption to send confidential messages to different users of his Web site. Which of the following is the other name for asymmetric encryption?

• A. Session key encryption
• B. Public key encryption
• C. Secret key encryption
• D. Shared key encryption

Answer: B

NEW QUESTION 3

Which of the following protocols implements VPN using IPSec?

• A. SLIP
• B. PPTP
• C. PPP
• D. L2TP

Answer: D

NEW QUESTION 4

You are hired by Techmart Inc. to upgrade its existing network. You have prepared a case study for planning the network.
According to your study, how many domains are required to setup the network of Techmart Inc.?
(Click the Exhibit button on the toolbar to see the case study.)

• A. Two
• B. Four
• C. Three
• D. One

Answer: D

NEW QUESTION 5

Which of the following protocols can help you get notified in case a router on a network fails?

• A. SMTP
• B. SNMP
• C. TCP
• D. ARP

Answer: B

NEW QUESTION 6

Which U.S. government agency is responsible for establishing standards concerning cryptography for nonmilitary use?

• A. American Bankers Association
• B. Central Security Service (CSS)
• C. National Institute of Standards and Technology (NIST)
• D. International Telecommunications Union
• E. Request for Comments (RFC)
• F. National Security Agency (NSA)

Answer: C

NEW QUESTION 7

Which of the following attacks saturates network resources and disrupts services to a
specific computer?

• A. Teardrop attack
• B. Replay attack
• C. Denial-of-Service (DoS) attack
• D. Polymorphic shell code attack

Answer: C

NEW QUESTION 8

You are the project manager for BlueWell Inc. You are reviewing the risk register for your project. The risk register provides much information to you, the project manager and to the project team during the risk response planning. All of the following are included in the risk register except for which item?

• A. Trends in qualitative risk analysis results
• B. Symptoms and warning signs of risks
• C. List of potential risk responses
• D. Network diagram analysis of critical path activities

Answer: D

NEW QUESTION 9

The ATM of a bank is robbed by breaking the ATM machine. Which of the following physical security devices can now be used for verification and historical analysis of the ATM robbery?

• A. Biometric devices
• B. Intrusion detection systems
• C. Key card
• D. CCTV Cameras

Answer: D

NEW QUESTION 10

Which project management risk event would you be using if you changed the sequence of activities to reduce the probability of the project being delayed?

• A. Enhancing
• B. Withdrawal
• C. Exploiting
• D. Avoidance

Answer: D

NEW QUESTION 11

Which of the following statements about testing are true?
Each correct answer represents a complete solution. Choose all that apply.

• A. A stub is a program that simulates a calling unit, and a driver is a program that simulates a called unit.
• B. In unit testing, each independent unit of an application is tested separately.
• C. In integration testing, a developer combines two units that have already been tested into a component.
• D. The bottom-up approach to integration testing helps minimize the need for stubs.

Answer: BCD

NEW QUESTION 12

You are the project manager for a software technology company. You and the project team have identified that the executive staff is not fully committed to the project. Which of the following best describes the risk?

• A. Residual risks
• B. Trend analysis
• C. Schedule control
• D. Organizational risks

Answer: D

NEW QUESTION 13

You work as a Software Developer for Mansoft Inc. You create an application. You want to use the application to encrypt data. You use the HashAlgorithmType enumeration to specify the algorithm used for generating Message Authentication Code (MAC) in Secure Sockets Layer (SSL) communications.
Which of the following are valid values for HashAlgorithmType enumeration? Each correct answer represents a part of the solution. Choose all that apply.

• A. MD5
• B. None
• C. DES
• D. RSA
• E. SHA1
• F. 3DES

Answer: ABE

NEW QUESTION 14

Which of the following tools are used to determine the hop counts of an IP packet? Each correct answer represents a complete solution. Choose two.

• A. Netstat
• B. Ping
• C. TRACERT
• D. IPCONFIG

Answer: BC

NEW QUESTION 15

Which of the following statements about a brute force attack is true?

• A. It is a program that allows access to a computer without using security checks.
• B. It is an attack in which someone accesses your e-mail server and sends misleading information to others.
• C. It is a virus that attacks the hard drive of a computer.
• D. It is a type of spoofing attack.
• E. It is an attempt by an attacker to guess passwords until he succeeds.

Answer: E

NEW QUESTION 16

Which of the following refers to the ability to ensure that the data is not modified or tampered with?

• A. Availability
• B. Integrity
• C. Confidentiality
• D. Non-repudiation

Answer: B

NEW QUESTION 17

Which of the following is the maximum variable key length for the Blowfish encryption algorithm?

• A. 448 bit
• B. 256 bit
• C. 64 bit
• D. 16 bit

Answer: A

NEW QUESTION 18

Which of the following security applications is used to secure a database from unauthorized accesses in a network infrastructure?

• A. Antivirus
• B. Anti-Malware
• C. Anti-Spoofing
• D. Firewall

Answer: D

NEW QUESTION 19
......