New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

G2700 GIAC Certified ISO-2700 Specialist Practice Test Questions and Answers

Questions 4

Mark works as a Network Security Administrator for uCertify Inc. He has installed IDS for matching incoming packets against known attacks. Which of the following types of intrusion detection techniques is being used?

Options:

A.

Host-based IDS

B.

Signature-based IDS

C.

Pattern Matching IDS

D.

Network-based IDS

Buy Now
Questions 5

Rick works as a Computer Forensic Investigator for BlueWells Inc. He has been informed that some confidential information is being leaked out by an employee of the company. Rick suspects that someone is sending the information through email. He checks the emails sent by some employees to other networks. Rick finds out that Sam, an employee of the Sales department, is continuously sending text files that contain special symbols, graphics, and signs. Rick suspects that Sam is using the Steganography technique to send data in a disguised form. Which of the following techniques is Sam using?

Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Linguistic steganography

B.

Technical steganography

C.

Perceptual masking

D.

Text Semagrams

Buy Now
Questions 6

You work as a Network Security Administrator for uCertify Inc. Your organization has set up a new Internet connection in place of the previous one. It is your responsibility to ensure that employees use the Internet only for official purposes. While reviewing Internet usages, you find that a few people have traversed and downloaded some inappropriate and illegal information. You want to make a policy to stop all these activities in the future. Which of the following policies will you implement to accomplish the task?

Options:

A.

Security policy

B.

Privacy policy

C.

Acceptable use policy

D.

Due care policy

Buy Now
Questions 7

Which of the following are elements of an information security policy document?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Policy Text

B.

Policy scope

C.

Scope

D.

Sanctions

Buy Now
Questions 8

Which of the following are computer clusters that are implemented primarily for the purpose of providing high availability of services which the cluster provides?

Options:

A.

Load balancing clusters

B.

Globular clusters

C.

Tightly-coupled compute clusters

D.

High-availability clusters

Buy Now
Questions 9

Which of the following are the primary rules defined for RBAC?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Transaction authorization

B.

Role authorization

C.

Role assignment

D.

Transaction assignment

Buy Now
Questions 10

A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?

Options:

A.

Privacy law

B.

Copyright law

C.

Security law

D.

Trademark law

Buy Now
Questions 11

What is the name given to the system that guarantees the coherence of information security in the organization?

Options:

A.

Information Security Management System

B.

Rootkit

C.

Stemkit

D.

Security regulations for special information for the government

Buy Now
Questions 12

You work as a Security Administrator for uCertify Inc. You need to install a honeypot inside network firewalls to monitor and track hackers. What should you install on the system before deploying the honeypot?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Install the IAS server on the system to verify Internet related activities.

B.

Install the RADIUS server to check the authentication of the invader.

C.

Install the application that is designed to record the activities of the invader.

D.

Install the operating system without patches installed and use typical defaults and options.

Buy Now
Questions 13

An audit trail is an example of which of the following types of control?

Options:

A.

Detective control

B.

Application control

C.

Preventive control

D.

Deterrent control

Buy Now
Questions 14

You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project, what is

likely to increase?

Options:

A.

Human resource needs

B.

Risks

C.

Costs

D.

Quality control concerns

Buy Now
Questions 15

You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?

Options:

A.

RAID-10

B.

RAID-1

C.

RAID-5

D.

RAID-0

Buy Now
Questions 16

In which of the following social engineering attacks does an attacker first damage any part of the target's equipment and then advertise himself as an authorized person who can help fix the problem.

Options:

A.

Impersonation attack

B.

Reverse social engineering attack

C.

Important user posing attack

D.

In person attack

Buy Now
Questions 17

Which of the following laws or acts enforces the prohibition against cyber stalking?

Options:

A.

Malicious Communications Act (1998)

B.

Anti-Cyber-Stalking law (1999)

C.

Stalking Amendment Act (1999)

D.

Stalking by Electronic Communications Act (2001)

Buy Now
Questions 18

You work as a Security Administrator for uCertify Inc. You have been assigned the task to verify the identity of the employees recruited in your organization. Which of the following components of security deals with an employee's verification in the organization?

Options:

A.

Access security

B.

Human resource security

C.

Physical security

D.

Network Security

Buy Now
Questions 19

An Active Attack is a type of steganography attack in which the attacker changes the carrier during the communication process. Which of the following techniques is used for smoothing the transition and controlling contrast on the hard edges, where there is significant color transition?

Options:

A.

Sharpen

B.

Rotate

C.

Blur

D.

Soften

Buy Now
Questions 20

What does CRAMM stand for?

Options:

A.

CCTA Risk Analyzer and Manager Methodology

B.

Continuous Risk Analysis and Management Method

C.

CCTA Risk Analysis and Management Method

D.

Continuous Risk Analyzer and Manager Methodology

Buy Now
Questions 21

Which of the following surveys found that the smaller organizations had had a better understanding of their information assets?

Options:

A.

DTI Survey

B.

CBI Cyber Crime Survey

C.

Information Security Breaches Survey (ISBS) 2006

D.

KPMG's Information Security Survey 2000

Buy Now
Questions 22

You are the project manager for a construction project. The project involves casting of a column in a very narrow space. Because of the lack of space, casting is highly dangerous. High technical skill will be required for casting that column. You decide to hire a local expert team for casting that column. Which of the following types of risk response are you following?

Options:

A.

Avoidance

B.

Transference

C.

Mitigation

D.

Acceptance

Buy Now
Questions 23

You work as an Information Security Manager for uCertify Inc. The company is releasing the documentation about a software product. You have been assigned the task to include information about the company in a legal disclaimer before releasing the documentation. What is the purpose of using the legal disclaimer?

Options:

A.

To advertise the product

B.

To identify the usage of the documentation

C.

To protect organizations against libel actions

D.

To ensure the security of the documentation

Buy Now
Questions 24

Which of the following is NOT a module of FaultTree+?

Options:

A.

Kerchief Analysis

B.

Fault Tree Analysis

C.

Event Tree Analysis

D.

Markov Analysis

Buy Now
Questions 25

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to assign ownership of some assets of the organization. Which of the following statements correctly describe the responsibilities of an asset owner?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

The owner has property rights to the asset.

B.

The owner is allowed to delegate responsibility for maintaining the asset.

C.

The owner should have a document describing the security controls for the asset.

D.

The owner is allowed to delegate accountability of the asset.

Buy Now
Questions 26

You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP-based Windows NT network. You are configuring a computer that will be used as a file server on the network. You have to decide the disk configuration for the computer to obtain better performance.

A fault tolerant disk configuration is not a requirement. Which of the following RAID levels will you choose to fulfil the requirement?

Options:

A.

RAID-1

B.

RAID-5

C.

RAID-4

D.

RAID-3

E.

RAID-0

Buy Now
Questions 27

Which of the following are the major tasks of risk management?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Assuring the integrity of organizational data

B.

Building Risk free systems

C.

Risk identification

D.

Risk control

Buy Now
Questions 28

Which of the following is a list of specific actions being taken to deal with specific risks associated with the threats?

Options:

A.

Risk transference

B.

Risk avoidance

C.

Risk acceptance

D.

Risk mitigation

Buy Now
Questions 29

You work as a Security Administrator for uCertify Inc. You have been assigned a task to implement information classification levels. You want to put the highly sensitive documents that should only be accessed by few people of the organization. In which of the following information classification levels should you put those documents?

Options:

A.

Department specific

B.

High security levels

C.

Not to be copied

D.

Classified

Buy Now
Questions 30

Victor wants to send an encrypted message to his friend. He is using a steganography technique to accomplish his task. He takes a cover object and changes it accordingly to hide information.

This secret information is recovered only when the algorithm compares the changed cover with the original cover. Which of the following steganography methods is Victor using to accomplish his task?

Options:

A.

The distortion technique

B.

The substitution technique

C.

The cover generation technique

D.

The spread spectrum technique

Buy Now
Questions 31

Sam uses Monte Carlo simulation to quantitatively assess cost and schedule risks of his project during planning processes. During risk monitoring and control, Sam repeats the technique, but it leads to different results. Which of the following cannot be the reason for the difference in results?

Options:

Buy Now
Questions 32

Mark is hired as an Information Security Officer for BlueWell Inc. He wants to draw the attention of the management towards the significance of integrating information security in the business processes.

Which of the following tasks should he perform first to accomplish the task?

Options:

A.

He should perform a risk assessment.

B.

He should develop an information security policy.

C.

He should set up a security budget.

D.

He should obtain benchmarking information.

Buy Now
Questions 33

Which of the following plans provides measures and capabilities for recovering a major application or general support system?

Options:

A.

Disaster recovery plan

B.

Crisis communication plan

C.

Contingency plan

D.

Business continuity plan

Buy Now
Questions 34

Which of the following are the things included by sensitive system isolation?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Construction of appropriately isolated environments where technically and operationally feasible

B.

Inclusion of all documents technically stored in a virtual directory

C.

Explicit identification and acceptance of risks when shared facilities and/or resources must be used

D.

Explicit identification and documentation of sensitivity by each system/application controller (owner)

Buy Now
Questions 35

Single Loss Expectancy (SLE) represents an organization's loss from a single threat. Which of the following formulas best describes the Single Loss Expectancy (SLE)?

Options:

A.

SLE = Asset Value (AV) * Exposure Factor (EF)

B.

SLE = Annualized Loss Expectancy (ALE) * Exposure Factor (EF)

C.

SLE = Annualized Loss Expectancy (ALE) * Annualized Rate of Occurrence (ARO)

D.

SLE = Asset Value (AV) * Annualized Rate of Occurrence (ARO)

Buy Now
Questions 36

Which of the following tasks are performed by Information Security Management?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It is designed to protect information and any equipment that is used in connection with its storage, transmission, and processing.

B.

It is designed to develop information and any equipment that is used in connection with its storage, transmission, and processing.

C.

It is designed to recognize information and any equipment that is used in connection with its storage, transmission, and processing.

D.

It is designed to control information and any equipment that is used in connection with its storage, transmission, and processing.

Buy Now
Questions 37

In which of the following mechanisms does an authority, within limitations, specify what objects can be accessed by a subject?

Options:

A.

Mandatory Access Control

B.

Task-based Access Control

C.

Discretionary Access Control

D.

Role-Based Access Control

Buy Now
Questions 38

Which of the following states that a user should never be given more privileges than are required to carry out a task?

Options:

A.

Principle of least privilege

B.

Segregation of duties

C.

Security through obscurity

D.

Role-based security

Buy Now
Questions 39

You work as an Information Security Officer for uCertify Inc. You need to create an asset management plan differentiating fixed assets from inventory items. How will you differentiate assets from inventory items?

Options:

A.

Inventory items are sold.

B.

Assets are temporary usually.

C.

Inventory items are permanent.

D.

Assets cannot be used.

Buy Now
Questions 40

Qualitative risk analysis includes judgment, intuition, and experience. Which of the following methods are used to perform qualitative risk analysis?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Egress filtering

B.

Checklists

C.

Delphi technique

D.

Brainstorming

Buy Now
Questions 41

Which of the following controls are administrative in nature?

Options:

A.

Directive controls

B.

Recovery controls

C.

Preventive controls

D.

Detective controls

Buy Now
Questions 42

Which of the following is used for secure financial transactions over the Internet?

Options:

A.

ATM

B.

VPN

C.

SSL

D.

SET

Buy Now
Questions 43

Cigital Risk Management Method was developed by Gary McGraw of Cigital and John Viega of Stonewall Software, and it defines software security risk management process. Choose and re-order the risk management steps that are included in this method.

Options:

A.

Buy Now
Questions 44

Which of the following is a Restrict Anonymous registry value that allows users with explicit anonymous permissions?

Options:

A.

2

B.

3

C.

1

D.

0

Buy Now
Questions 45

Which of the following identifies a company's exposure to threats and provides effective prevention and recovery for the company?

Options:

A.

Business Delegate

B.

Business impact assessment

C.

Business continuity planning

D.

Business intelligence

Buy Now
Questions 46

Mark works as a Webmaster for Infonet Inc. He sets up an e-commerce site. He wants to accept online payments through credit cards on this site. He wants the credit card numbers to be encrypted. What will Mark do to accomplish the task?

Options:

A.

Use PGP.

B.

Use SET.

C.

Use HTTP.

D.

Use MIME.

Buy Now
Questions 47

In which of the following sections of the Computer Misuse Act 1990 are amendments made by Part 5 of the Police and Justice Act 2006?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Section 39

B.

Section 38

C.

Section 36

D.

Section 35

Buy Now
Questions 48

In which of the following Person-to-Person social engineering attacks does an attacker pretend to be an outside contractor, delivery person, etc., in order to gain physical access to the organization?

Options:

A.

Impersonation attack

B.

Third-party authorization attack

C.

Important user posing attack

D.

In person attack

Buy Now
Questions 49

Sam works as the Network Administrator for uCertify Inc. The information of a sensitive nature is processed. The highest-level security measures are to be implemented by management. What is this kind of risk strategy called?

Options:

A.

Risk compensating

B.

Risk avoiding

C.

Risk bearing

D.

Risk neutral

Buy Now
Questions 50

Which of the following defines the amount of data loss a business can endure?

Options:

A.

RTA

B.

RTO

C.

RPO

D.

BCP

Buy Now
Questions 51

Which of the following statements is related to residual risks?

Options:

A.

It can be considered as an indicator of threats coupled with vulnerability.

B.

It is the probabilistic risk before implementing all security measures.

C.

It is a weakness or lack of safeguard that can be exploited by a threat.

D.

It is the probabilistic risk after implementing all security measures.

Buy Now
Questions 52

Mark works as a Network Security Administrator for uCertify Inc. He wants to implement a firewall technique over the network to inspect each packet passing through the network and to accept or reject it, based on user-defined rules. Which of the following types of firewall techniques is implemented by Mark to accomplish the task?

Options:

A.

Application gateway

B.

Proxy server

C.

Circuit-level gateway

D.

Packet filter

Buy Now
Questions 53

You work as the Network Security Administrator for uCertify Inc. The organization is using an intranet to distribute information to its employees. A database residing on the network contains employees' information, such as employee name, designation, department, phone extension, date of birth, date of joining, etc. You are concerned about the security because the database has all information about employees, which can help an unauthorized person to recognize an individual. Which Personally Identifiable Information should be removed from the database so that the unauthorized person cannot identify an individual?

Options:

A.

Date of birth

B.

Employee name

C.

Employee code

D.

Date of joining

Buy Now
Questions 54

Andrew works as one of the four network administrators for Doliver Inc. They have been assigned together the task to implement PDCA on the project. Andrew has to work on the Check stage of the project. Which of the following tasks should be performed by Andrew?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Monitor

B.

Audit

C.

Review

D.

Documentation

Buy Now
Questions 55

Mark works as a Security Administrator for uCertify Inc. He is responsible to update Standard Operating Procedures (SOPs) in his organization. In this process, Mark needs to update many programs and modify some registry files in the operating system. He wants to make a document of each step taken by him, so that he can come back and restore the system to its actual state if any problem occurred in the update. Which type of document should Mark create to accomplish the task?

Options:

A.

Technical documentation

B.

Change control documentation

C.

Compliance documentation

D.

Legal documentation

Buy Now
Questions 56

You work as an Information Security Manager for uCertify Inc. The company is releasing the documentation about a software product. Which of the following documents is required by the company to protect it against a libel action if information is corrupted, lost, and destroyed?

Options:

A.

Non disclosure agreement

B.

Copyright

C.

Acknowledgement

D.

Legal disclaimer

Buy Now
Questions 57

Which of the following best describes the identification, analysis, and ranking of risks?

Options:

A.

Plan Risk management

B.

Design of experiments

C.

Fast tracking

D.

Fixed-price contract

Buy Now
Questions 58

Which of the following is a technique for a threat, which creates changes to the project management plan?

Options:

A.

Risk transference

B.

Risk avoidance

C.

Risk mitigation

D.

Risk acceptance

Buy Now
Questions 59

Which of the following are the variables on which the structure of Service Level Agreement depends?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It depends on the physical aspects of the organization.

B.

It depends on the nature of the business activities, in terms of general terms and conditions, and business hours.

C.

It depends on the cultural aspects.

D.

It depends on the infrastructure aspects of the organization.

Buy Now
Questions 60

You work as a Security Administrator for uCertify Inc. You have been assigned a task to provide a solution that has a striped set with distributed parity or interleave parity. Which of the following will help you to meet the organizational requirements?

Options:

A.

RAID 5

B.

RAID 0

C.

RAID 10

D.

RAID 3/4

Buy Now
Questions 61

You work as a Network Administrator for Net Soft Inc. You are designing a data backup plan for your company's network. The backup policy of the company requires high security and easy recovery of data. Which of the following options will you choose to accomplish this?

Options:

A.

Take a full backup daily with the previous night's tape taken offsite.

B.

Take a full backup on alternate days and keep rotating the tapes.

C.

Take a full backup on Monday and a differential backup on each of the following weekdays. Keep Monday's backup offsite.

D.

Take a full backup daily and use six-tape rotation.

E.

Take a full backup on Monday and an incremental backup on each of the following weekdays. Keep Monday's backup offsite.

F.

Take a full backup daily with one tape taken offsite weekly.

Buy Now
Questions 62

Which of the following statements is true about exposure factor?

Options:

A.

It is defined as the cost related to a single realized risk against a particular asset.

B.

It is defined as the yearly cost of all instances of a particular threat against a particular ass et.

C.

It is defined as the expected frequency of occurrence of a particular threat or risk in a singl e year.

D.

It is defined as the percentage of loss experienced by an organization when a particular asset is violated by a realized risk.

Buy Now
Questions 63

Disaster recovery plan consists of various tiers for identifying the methods of recovering mission-critical computer systems that are necessary to support business continuity. All these tiers provide a simple method to define current service levels and associated risks. Choose and re-order the tiers of disaster recovery plan.

Options:

A.

Buy Now
Questions 64

Which of the following are the goals of cryptography?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Authentication

B.

Authorization

C.

Data integrity

D.

Confidentiality

Buy Now
Questions 65

Which of the following tools can be used to detect steganography?

Options:

A.

Blindside

B.

Snow

C.

Dskprobe

Buy Now
Questions 66

Which of the following is established during the Business Impact Analysis by the owner of a process in accepted business continuity planning methodology?

Options:

A.

Recovery Consistency Objective

B.

Recovery Time Actual

C.

Recovery Time Objective

D.

Recovery Point Objective

Buy Now
Questions 67

John works as a Security Administrator for uCertify Inc. As per his past experience, he wants to make a policy stating that any hardware devices containing information about the organization should be destroyed properly before they are thrown. After applying this policy, John will be able to ensure that the information on the devices will not fall into the hands of unauthorized persons after properly discarding the devices. Which of the following types of policies is John going to create?

Options:

A.

Due Care

B.

Disposal and destruction

C.

Privacy

D.

Security

Buy Now
Exam Code: G2700
Exam Name: GIAC Certified ISO-2700 Specialist Practice Test
Last Update: Dec 27, 2024
Questions: 453
G2700 pdf

G2700 PDF

$25.5  $84.99
G2700 Engine

G2700 Testing Engine

$30  $99.99
G2700 PDF + Engine

G2700 PDF + Testing Engine

$40.5  $134.99