Mark works as a Network Security Administrator for uCertify Inc. He has installed IDS for matching incoming packets against known attacks. Which of the following types of intrusion detection techniques is being used?
Rick works as a Computer Forensic Investigator for BlueWells Inc. He has been informed that some confidential information is being leaked out by an employee of the company. Rick suspects that someone is sending the information through email. He checks the emails sent by some employees to other networks. Rick finds out that Sam, an employee of the Sales department, is continuously sending text files that contain special symbols, graphics, and signs. Rick suspects that Sam is using the Steganography technique to send data in a disguised form. Which of the following techniques is Sam using?
Each correct answer represents a part of the solution. Choose all that apply.
You work as a Network Security Administrator for uCertify Inc. Your organization has set up a new Internet connection in place of the previous one. It is your responsibility to ensure that employees use the Internet only for official purposes. While reviewing Internet usages, you find that a few people have traversed and downloaded some inappropriate and illegal information. You want to make a policy to stop all these activities in the future. Which of the following policies will you implement to accomplish the task?
Which of the following are elements of an information security policy document?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following are computer clusters that are implemented primarily for the purpose of providing high availability of services which the cluster provides?
Which of the following are the primary rules defined for RBAC?
Each correct answer represents a complete solution. Choose all that apply.
A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?
What is the name given to the system that guarantees the coherence of information security in the organization?
You work as a Security Administrator for uCertify Inc. You need to install a honeypot inside network firewalls to monitor and track hackers. What should you install on the system before deploying the honeypot?
Each correct answer represents a complete solution. Choose all that apply.
You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project, what is
likely to increase?
You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?
In which of the following social engineering attacks does an attacker first damage any part of the target's equipment and then advertise himself as an authorized person who can help fix the problem.
Which of the following laws or acts enforces the prohibition against cyber stalking?
You work as a Security Administrator for uCertify Inc. You have been assigned the task to verify the identity of the employees recruited in your organization. Which of the following components of security deals with an employee's verification in the organization?
An Active Attack is a type of steganography attack in which the attacker changes the carrier during the communication process. Which of the following techniques is used for smoothing the transition and controlling contrast on the hard edges, where there is significant color transition?
Which of the following surveys found that the smaller organizations had had a better understanding of their information assets?
You are the project manager for a construction project. The project involves casting of a column in a very narrow space. Because of the lack of space, casting is highly dangerous. High technical skill will be required for casting that column. You decide to hire a local expert team for casting that column. Which of the following types of risk response are you following?
You work as an Information Security Manager for uCertify Inc. The company is releasing the documentation about a software product. You have been assigned the task to include information about the company in a legal disclaimer before releasing the documentation. What is the purpose of using the legal disclaimer?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to assign ownership of some assets of the organization. Which of the following statements correctly describe the responsibilities of an asset owner?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP-based Windows NT network. You are configuring a computer that will be used as a file server on the network. You have to decide the disk configuration for the computer to obtain better performance.
A fault tolerant disk configuration is not a requirement. Which of the following RAID levels will you choose to fulfil the requirement?
Which of the following are the major tasks of risk management?
Each correct answer represents a complete solution. Choose two.
Which of the following is a list of specific actions being taken to deal with specific risks associated with the threats?
You work as a Security Administrator for uCertify Inc. You have been assigned a task to implement information classification levels. You want to put the highly sensitive documents that should only be accessed by few people of the organization. In which of the following information classification levels should you put those documents?
Victor wants to send an encrypted message to his friend. He is using a steganography technique to accomplish his task. He takes a cover object and changes it accordingly to hide information.
This secret information is recovered only when the algorithm compares the changed cover with the original cover. Which of the following steganography methods is Victor using to accomplish his task?
Sam uses Monte Carlo simulation to quantitatively assess cost and schedule risks of his project during planning processes. During risk monitoring and control, Sam repeats the technique, but it leads to different results. Which of the following cannot be the reason for the difference in results?
Mark is hired as an Information Security Officer for BlueWell Inc. He wants to draw the attention of the management towards the significance of integrating information security in the business processes.
Which of the following tasks should he perform first to accomplish the task?
Which of the following plans provides measures and capabilities for recovering a major application or general support system?
Which of the following are the things included by sensitive system isolation?
Each correct answer represents a complete solution. Choose all that apply.
Single Loss Expectancy (SLE) represents an organization's loss from a single threat. Which of the following formulas best describes the Single Loss Expectancy (SLE)?
Which of the following tasks are performed by Information Security Management?
Each correct answer represents a complete solution. Choose all that apply.
In which of the following mechanisms does an authority, within limitations, specify what objects can be accessed by a subject?
Which of the following states that a user should never be given more privileges than are required to carry out a task?
You work as an Information Security Officer for uCertify Inc. You need to create an asset management plan differentiating fixed assets from inventory items. How will you differentiate assets from inventory items?
Qualitative risk analysis includes judgment, intuition, and experience. Which of the following methods are used to perform qualitative risk analysis?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is used for secure financial transactions over the Internet?
Cigital Risk Management Method was developed by Gary McGraw of Cigital and John Viega of Stonewall Software, and it defines software security risk management process. Choose and re-order the risk management steps that are included in this method.
Which of the following is a Restrict Anonymous registry value that allows users with explicit anonymous permissions?
Which of the following identifies a company's exposure to threats and provides effective prevention and recovery for the company?
Mark works as a Webmaster for Infonet Inc. He sets up an e-commerce site. He wants to accept online payments through credit cards on this site. He wants the credit card numbers to be encrypted. What will Mark do to accomplish the task?
In which of the following sections of the Computer Misuse Act 1990 are amendments made by Part 5 of the Police and Justice Act 2006?
Each correct answer represents a complete solution. Choose all that apply.
In which of the following Person-to-Person social engineering attacks does an attacker pretend to be an outside contractor, delivery person, etc., in order to gain physical access to the organization?
Sam works as the Network Administrator for uCertify Inc. The information of a sensitive nature is processed. The highest-level security measures are to be implemented by management. What is this kind of risk strategy called?
Mark works as a Network Security Administrator for uCertify Inc. He wants to implement a firewall technique over the network to inspect each packet passing through the network and to accept or reject it, based on user-defined rules. Which of the following types of firewall techniques is implemented by Mark to accomplish the task?
You work as the Network Security Administrator for uCertify Inc. The organization is using an intranet to distribute information to its employees. A database residing on the network contains employees' information, such as employee name, designation, department, phone extension, date of birth, date of joining, etc. You are concerned about the security because the database has all information about employees, which can help an unauthorized person to recognize an individual. Which Personally Identifiable Information should be removed from the database so that the unauthorized person cannot identify an individual?
Andrew works as one of the four network administrators for Doliver Inc. They have been assigned together the task to implement PDCA on the project. Andrew has to work on the Check stage of the project. Which of the following tasks should be performed by Andrew?
Each correct answer represents a complete solution. Choose all that apply.
Mark works as a Security Administrator for uCertify Inc. He is responsible to update Standard Operating Procedures (SOPs) in his organization. In this process, Mark needs to update many programs and modify some registry files in the operating system. He wants to make a document of each step taken by him, so that he can come back and restore the system to its actual state if any problem occurred in the update. Which type of document should Mark create to accomplish the task?
You work as an Information Security Manager for uCertify Inc. The company is releasing the documentation about a software product. Which of the following documents is required by the company to protect it against a libel action if information is corrupted, lost, and destroyed?
Which of the following best describes the identification, analysis, and ranking of risks?
Which of the following is a technique for a threat, which creates changes to the project management plan?
Which of the following are the variables on which the structure of Service Level Agreement depends?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Security Administrator for uCertify Inc. You have been assigned a task to provide a solution that has a striped set with distributed parity or interleave parity. Which of the following will help you to meet the organizational requirements?
You work as a Network Administrator for Net Soft Inc. You are designing a data backup plan for your company's network. The backup policy of the company requires high security and easy recovery of data. Which of the following options will you choose to accomplish this?
Disaster recovery plan consists of various tiers for identifying the methods of recovering mission-critical computer systems that are necessary to support business continuity. All these tiers provide a simple method to define current service levels and associated risks. Choose and re-order the tiers of disaster recovery plan.
Which of the following are the goals of cryptography?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is established during the Business Impact Analysis by the owner of a process in accepted business continuity planning methodology?
John works as a Security Administrator for uCertify Inc. As per his past experience, he wants to make a policy stating that any hardware devices containing information about the organization should be destroyed properly before they are thrown. After applying this policy, John will be able to ensure that the information on the devices will not fall into the hands of unauthorized persons after properly discarding the devices. Which of the following types of policies is John going to create?
GIAC Certification | G2700 Questions Answers | G2700 Test Prep | GIAC Certified ISO-2700 Specialist Practice Test Questions PDF | G2700 Online Exam | G2700 Practice Test | G2700 PDF | G2700 Test Questions | G2700 Study Material | G2700 Exam Preparation | G2700 Valid Dumps | G2700 Real Questions | GIAC Certification G2700 Exam Questions
TESTED 24 Nov 2024
