GISF - GIAC Information Security Fundamentals
Go back to GIAC
You work as a Network Administrator for NetTech Inc. Employees in remote locations connect to the company's network using Remote Access Service (RAS). Which of the following will you use to protect the network against unauthorized access?
Which of the following authentication methods uses MD5 hash encoding while transferring credentials over a network?
Advanced Digest authentication
You work as a SharePoint Administrator for TechWorld Inc. You must protect your SharePoint server farm from viruses that are accidentally uploaded to the SharePoint libraries. You have installed antivirus software that is designed for use with Windows SharePoint server. You have logged on to the Central Administration site. How can you configure the SharePoint site so that the document libraries are protected?
Choose the Scan documents on upload option in the antivirus settings.
You work as a Network Administrator for Infosec Inc. You find that not only have security applications running on the server, including software firewalls, anti-virus programs, and anti-spyware programs been disabled, but anti-virus and anti-spyware definitions have also been deleted. You suspect that this situation has arisen due to malware infection. Which of the following types of malware is the most likely cause of the issue?
You work as a Software Developer for uCertify Inc. You have developed a Data Access Logic (DAL) component that will be part of a distributed application. You are conducting integration testing with other components of the distributed application. Which of the following types of testing methods will you need to perform to identify potential security-related issues? Each correct answer represents a part of the solution. Choose two.
Black box testing
White box testing
Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one?
Configuration Item Costing
You are the project manager for a software technology company. You and the project team have identified that the executive staff is not fully committed to the project. Which of the following best describes the risk?
Your Company is receiving false and abusive e-mails from the e-mail address of your partner company. When you complain, the partner company tells you that they have never sent any such e-mails. Which of the following types of cyber crimes involves this form of network attack?
Which of the following tools is an open source protocol analyzer that can capture traffic in real time?
Which of the following are parts of applying professional knowledge? Each correct answer represents a complete solution. Choose all that apply.
Reporting your project management appearance
Staying up-to-date with project management practices
Staying up-to-date with latest industry trends and new technology
Which of the following prevents malicious programs from attacking a system?
Which of the following methods of encryption uses a single key to encrypt and decrypt data?
Sam works as a Web Developer for McRobert Inc. He wants to control the way in which a Web browser receives information and downloads content from Web sites. Which of the following browser settings will Sam use to accomplish this?
Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?
Which of the following does an anti-virus program update regularly from its manufacturer's Web site?
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we- are-secure.com. He enters a single quote in the input field of the login page of the Weare- secure Web site and receives the following error message: Microsoft OLE DB Provider for ODBC Drivers error '0x80040E14' This error message shows that the We-are-secure Website is vulnerable to __________.
A SQL injection attack
Which of the following wireless security features provides the best wireless security mechanism?
WPA with 802.1X authentication
Which of the following devices or hardware parts employs SMART model system as a monitoring system?
Which of the following refers to a small space having two sets of interlocking doors such that the first set of doors must close before the second set opens?
Which of the following processes is responsible for low risk, frequently occurring low cost changes?
You work as a Software Developer for Mansoft Inc. You, together with a team, develop a distributed application that processes orders from multiple types of clients. The application uses SQL Server to store data for all orders. The application does not implement any custom performance counters. After the application is deployed to production, it must be monitored for performance spikes. What will you do to monitor performance spikes in the application in a deployment environment? Each correct answer represents a part of the solution. Choose all that apply.
Use SQL Profiler
Use Windows System Monitor
Use Microsoft Operations Manager
You work as the Senior Project manager in Dotcoiss Inc. Your company has started a software project using configuration management and has completed 70% of it. You need to ensure that the network infrastructure devices and networking standards used in this project are installed in accordance with the requirements of its detailed project design documentation. Which of the following procedures will you employ to accomplish the task?
Physical configuration audit
Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?
The IT Security Manager
Which of the following is the most secure place to host a server that will be accessed publicly through the Internet?
A demilitarized zone (DMZ)
Which of the following U.S.C. laws is governs the fraudulent activities associated with computers?
18 U.S.C. 1030
Rick is the project manager of a construction project. He is in a process to procure some construction equipments. There are four vendors available for supplying the equipments. Rick does not want one of them to participate in the bidding as he has some personal grudges against the owner of the vendor. This is the violation of which of the following categories of the Project Management Institute Code of Ethics and Professional Conduct?
You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries. But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be involved in resolving this process and find a solution? Each correct answer represents a part of the solution. Choose all that apply.
Which of the following statements about a brute force attack is true?
It is an attempt by an attacker to guess passwords until he succeeds.
The workstations on your network utilize Windows XP (service pack 2 or later). Many users take their laptops on the road. You are very concerned about the security and want to have a robust firewall solution for mobile users. You have decided that all your firewalls to use the Stateful Packet Inspection (SPI) method. What must you do to provide SPI to your mobile users?
You must purchase a third party firewall solution for your mobile users.
You are concerned about outside attackers penetrating your network via your company Web server. You wish to place your Web server between two firewalls One firewall between the Web server and the outside world The other between the Web server and your network What is this called?
You are hired by Techmart Inc. to upgrade its existing network. You have prepared a case study for planning the network. According to your study, how many domains are required to setup the network of Techmart Inc.? (Viewon the toolbar to see the case study.)
In a complex network, Router transfers data packets by observing some form of parameters or metrics provided in the routing table. Which of the following metrics is NOT included in the routing table?
The TCP/IP protocol suite uses ____ to identify which service a certain packet is destined for.
You are the Security Consultant and have been contacted by a client regarding their encryption and hashing algorithms. Their in-house network administrator tells you that their current hashing algorithm is an older one with known weaknesses and is not collision resistant. Which algorithm are they most likely using for hashing?
Which of the following are application layer protocols of Internet protocol (IP) suite? Each correct answer represents a complete solution. Choose two.
Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer?
Which of the following statements are true about classless routing protocols? Each correct answer represents a complete solution. Choose two.
They extend the IP addressing scheme.
They support VLSM and discontiguous networks.
You work as a Product manager for Marioiss Inc. You have been tasked to start a project for securing the network of your company. You want to employ configuration management to efficiently manage the procedures of the project. What will be the benefits of employing configuration management for completing this project? Each correct answer represents a complete solution. Choose all that apply.
It provides the versions for network devices.
It provides a live documentation of the project.
Which of the following is a remote access protocol that supports encryption?
Which of the following attacks saturates network resources and disrupts services to a specific computer?
Denial-of-Service (DoS) attack
You are the project manager of a new project to install new hardware for your organization's computer network. You have never worked with networking software or hardware before so you enroll in a class to learn more about the technology you'll be managing in your project. This is an example of which one of the following?
Enhancing your personal professional competence
Which of the following protocols is used to provide remote monitoring and administration to network management machines on the network? The management machines will use this protocol to collect information for network monitoring. At times, the protocol can also be used for remote configuration.
Which of the following objects in an Active Directory serve as security principles? Each correct answer represents a part of the solution. Choose all that apply.
The IT Director of the company is very concerned about the security of the network. Which audit policy should he implement to detect possible intrusions into the network? (Viewon the toolbar to see the case study.)
The success and failure auditing for logon events.
The Information assurance pillars provide the surety of data availability to the users of an Information system. Which of the following network infrastructure techniques accomplishes the objective of an efficient data availability management on a network? Each correct answer represents a complete solution. Choose all that apply.
Sam is creating an e-commerce site. He wants a simple security solution that does not require each customer to have an individual key. Which of the following encryption methods will he use?
You work in a company that accesses the Internet frequently. This makes the company's files susceptible to attacks from unauthorized access. You want to protect your company's network from external attacks. Which of the following options will help you in achieving your aim?
Peter is a merchant. He uses symmetric encryption to send confidential messages to different users of his Web site. Which of the following is the other name for asymmetric encryption?
Public key encryption
You are the program manager of the BHG Program. One of the projects in your program will be using new materials that are somewhat untested. You are worried that there may be delays and waste because the project team is unaware of how to accurately use these materials. You elect to send the people that will be using the new materials through training on how to complete their project work. You also allow them to purchase some of the materials to experiment on their use before the actual project work is to be done. You want to ensure that mistakes do not enter into the project. What type of action have you provided in this scenario?
This is an example of a preventive action.
Which of the following is an information gathering technique that is used to identify risks?