All About Verified GISF Real Exam

Exam Code: GISF (Practice Exam Latest Test Questions VCE PDF)
Exam Name: GIAC Information Security Fundamentals
Certification Provider: GIAC
Free Today! Guaranteed Training- Pass GISF Exam.

Free GISF Demo Online For GIAC Certifitcation:


Which of the following are parts of applying professional knowledge? Each correct answer represents a complete solution. Choose all that apply.

  • A. Maintaining cordial relationship with project sponsors
  • B. Reporting your project management appearance
  • C. Staying up-to-date with project management practices
  • D. Staying up-to-date with latest industry trends and new technology

Answer: BCD


The SALES folder has a file named XFILE.DOC that contains critical information about your company. This folder resides on an NTFS volume. The company's Senior Sales Manager asks you to provide security for that file. You make a backup of that file and keep it in a locked cupboard, and then you deny access on the file for the Sales group. John, a member of the Sales group, accidentally deletes that file. You have verified that John is not a member of any other group.
Although you restore the file from backup, you are confused how John was able to delete the file despite having no access to that file.
What is the most likely cause?

  • A. The Sales group has the Full Control permission on the SALES folder.
  • B. The Deny Access permission does not work on files.
  • C. The Deny Access permission does not restrict the deletion of files.
  • D. John is a member of another group having the Full Control permission on that file.

Answer: A


What is VeriSign?

  • A. It is a data warehouse.
  • B. It is an e-commerce portal.
  • C. It is a search engine.
  • D. It is a payment gateway.

Answer: D


Which of the following cryptographic algorithms uses a single key to encrypt and decrypt data?

  • A. Asymmetric
  • B. Symmetric
  • C. Numeric
  • D. Hashing

Answer: B


Which of the following types of attacks cannot be prevented by technical measures only?

  • A. Social engineering
  • B. Smurf DoS
  • C. Brute force
  • D. Ping flood attack

Answer: A


How should you configure the Regional Centers' e-mail, so that it is secure and encrypted? (Click the Exhibit button on the toolbar to see the case study.)

  • A. Use EFS.
  • B. Use IPSec.
  • C. Use S/MIME.
  • D. Use TLS.

Answer: C


John works as a professional Ethical Hacker. He has been assigned a project to test the security of On the We-are-secure login page, he enters ='or''=' as a username and successfully logs in to the user page of the Web site. The We-are-secure login page is vulnerable to a _____.

  • A. Social engineering
  • B. Smurf DoS
  • C. Brute force
  • D. Ping flood attack

Answer: A


You are the program manager of the BHG Program. One of the projects in your program will be using new materials that are somewhat untested. You are worried that there may be delays and waste because the project team is unaware of how to accurately use these materials. You elect to send the people that will be using the new materials through training on how to complete their project work. You also allow them to purchase some of the materials to experiment on their use before the actual project work is to be done. You want to ensure that mistakes do not enter into the project. What type of action have you provided in this scenario?

  • A. This is an example of team development.
  • B. This is an example of a corrective action.
  • C. This is an example of quality assurance.
  • D. This is an example of a preventive action.

Answer: D


Which of the following types of viruses can prevent itself from being detected by an antivirus application?

  • A. File virus
  • B. Boot sector virus
  • C. Multipartite virus
  • D. Stealth virus

Answer: D


Under the SMART scheme, the Predictive Failure Analysis Technology is used to determine the failure or crash for which of the following parts of a computer system?

  • A. Operating System
  • B. Hard Disc drive
  • C. Software
  • D. Internet Browser

Answer: B


You are the Network Administrator for a bank. You discover that someone has logged in with a user account access, but then used various techniques to obtain access to other user accounts. What is this called?

  • A. Vertical Privilege Escalation
  • B. Session Hijacking
  • C. Account hijacking
  • D. Horizontal Privilege Escalation

Answer: D


Fred is the project manager for the TCC Company. His company has an internal policy that states each year they will provide free services to a nonprofit organization. Therefore, the company and its employees are not allowed to charge or receive money or gifts from the nonprofit organization they choose to provide free services. This year, the TCC Company offers to provide project management services to the children's hospital for a marketing campaign to raise money. Due to the TCC Company's project management services, the nonprofit agency exceeded previous years fund raising efforts. To show appreciation the nonprofit organization offered to reimburse the project manager for his travel expenses. Which of the following best describes how the project manager should handle the situation?

  • A. Say thank you and let them pay for the travel, it is the least they can do.
  • B. Tell the hospital no thank you and explain it is against company policy to accept payment for services provided to their pro bono customers.
  • C. Say nothing as to not hurt the feelings of the children's hospital.
  • D. Ask if the hospital could pay for some of the supplies too.

Answer: B


Mark is implementing security on his e-commerce site. He wants to ensure that a customer sending a message is really the one he claims to be. Which of the following techniques will he use to ensure this?

  • A. Packet filtering
  • B. Authentication
  • C. Firewall
  • D. Digital signature

Answer: D


John works as a professional Ethical Hacker. He has been assigned a project to test the
security of John wants to redirect all TCP port 80 traffic to UDP port 40, so that he can bypass the firewall of the We-are-secure server. Which of the following tools will John use to accomplish his task?

  • A. PsList
  • B. Fpipe
  • C. Cain
  • D. PsExec

Answer: B


You work as a Product manager for Marioiss Inc. You have been tasked to start a project for securing the network of your company. You want to employ configuration management to efficiently manage the procedures of the project. What will be the benefits of employing configuration management for completing this project?
Each correct answer represents a complete solution. Choose all that apply.

  • A. It provides the risk analysis of project configurations.
  • B. It provides object, orient, decide and act strategy.
  • C. It provides the versions for network devices.
  • D. It provides a live documentation of the project.

Answer: CD


You discover that someone has been logging onto your network after office hours. After investigating this you find the login belongs to someone who left the company 12 months ago. What would have been the best method to prevent this?

  • A. A policy with time of day restrictions.
  • B. An IDS system.
  • C. A policy with account expiration.
  • D. A DMZ firewall.

Answer: C


Victor works as a network administrator for DataSecu Inc. He uses a dual firewall Demilitarized Zone (DMZ) to insulate the rest of the network from the portions, which is available to the Internet. Which of the following security threats may occur if DMZ protocol attacks are performed?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Attacker can exploit any protocol used to go into the internal network or intranet of the com pany.
  • B. Attacker managing to break the first firewall defense can access the internal network without breaking the second firewall if it is different.
  • C. Attacker can gain access to the Web server in a DMZ and exploit the database.
  • D. Attacker can perform Zero Day attack by delivering a malicious payload that is not a part of the intrusion detection/prevention systems guarding the network.

Answer: ACD


Which of the following is a pillar of Information Assurance CIA triad?

  • A. Integrity
  • B. Affiliation
  • C. Accessibility
  • D. Isolation

Answer: A


Which of the following statements are true about Public-key cryptography? Each correct answer represents a complete solution. Choose two.

  • A. Data encrypted with the secret key can only be decrypted by another secret key.
  • B. The secret key can encrypt a message, and anyone with the public key can decrypt it.
  • C. Data encrypted by the public key can only be decrypted by the secret key.
  • D. The distinguishing technique used in public key-private key cryptography is the use of symmetric key algorithms.

Answer: BC


The Intrusion Detection System (IDS) instructs the firewall to reject any request from a particular IP address if the network is repeatedly attacked from this address. What is this action known as?

  • A. Sending deceptive e-mails
  • B. Sending notifications
  • C. Shunning
  • D. Logging
  • E. Spoofing
  • F. Network Configuration Changes

Answer: F


100% Valid and Newest Version GISF Questions & Answers shared by Certleader, Get Full Dumps HERE: (New 333 Q&As)