A Review Of High quality GISF item pool

Exam Code: GISF (Practice Exam Latest Test Questions VCE PDF)
Exam Name: GIAC Information Security Fundamentals
Certification Provider: GIAC
Free Today! Guaranteed Training- Pass GISF Exam.

Q51. Which of the following Web attacks is performed by manipulating codes of programming languages such as SQL, Perl, Java present in the Web pages? 

A. Cross-Site Request Forgery 

B. Code injection attack 

C. Cross-Site Scripting attack 

D. Command injection attack 


Q52. You have successfully installed an IRM server into your environment. This IRM server will be utilized to protect the company's videos, which are available to all employees but contain sensitive data. You log on to the WSS 3.0 server with administrator permissions and navigate to the Operations section. What option should you now choose so that you can input the RMS server name for the WSS 3.0 server to use? 

A. Self-service site management 

B. Content databases 

C. Information Rights Management 

D. Define managed paths 


Q53. Which of the following refers to encrypted text? 

A. Plaintext 

B. Cookies 

C. Ciphertext 

D. Hypertext 


Q54. Mark work as a Network Administrator for Roadways Travel Inc. The conmpany wants to implement a strategy for its external employees so that they can connect to Web based applications. What will Mark do to achieve this? 

(Click the Exhibit button on the toolbar to see the case study.) 

A. He will install a VPN server in the VLAN, Roadways, and an IIS server in the corporate LAN at the headquarters. 

B. He will install a VPN server in the corporate LAN at the headquarters and an IIS server in the DMZ. 

C. He will install a VPN server in the DMZ and an IIS server in the corporate LAN at the headquarters. 

D. He will install a VPN server in the VLAN, Roadways, and an IIS server in the DMZ. 


Q55. The Incident handling process implemented in an enterprise is responsible to deal with all the incidents regarding the enterprise. Which of the following procedures will be involved by the preparation phase of the Incident handling process? 

A. Organizing a solution to remove an incident 

B. Building up an incident response kit 

C. Working with QA to validate security of the enterprise 

D. Setting up the initial position after an incident 


Q56. Which of the following protocols are used by Network Attached Storage (NAS)? 

Each correct answer represents a complete solution. Choose all that apply. 

A. Apple Filing Protocol (AFP) 

B. Server Message Block (SMB) 

C. Network File System (NFS) 

D. Distributed file system (Dfs) 

Answer: A,B,C 

Q57. TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port will drop the packet. Which of the following operating systems can be easily identified with the help of TCP FIN scanning? 

A. Windows 

B. Red Hat 

C. Solaris 

D. Knoppix 


Q58. You are concerned about rootkits on your network communicating with attackers outside your network. Without using an IDS how can you detect this sort of activity? 

A. By examining your firewall logs. 

B. By examining your domain controller server logs. 

C. By setting up a DMZ. 

D. You cannot, you need an IDS. 


Q59. John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. On the We-are-secure login page, he enters ='or''=' as a username 

A. Social engineering 

B. Smurf DoS 

C. Brute force 

D. Ping flood attack 


Q60. Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using? 

A. Risk acceptance 

B. Risk transfer 

C. Risk avoidance 

D. Risk mitigation