GIAC GISF Free Practice Questions

NEW QUESTION 1

Which of the following protocols work at the Network layer of the OSI model?

• A. Internet Group Management Protocol (IGMP)
• B. Simple Network Management Protocol (SNMP)
• C. Routing Information Protocol (RIP)
• D. File Transfer Protocol (FTP)

Answer: AC

NEW QUESTION 2

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

• A. HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
• B. HKEY_CURRENT_USERSoftwareMicrosoftWABWAB4Wab File Name = "file and pathname of the WAB file"
• C. HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
• D. HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices

Answer: B

NEW QUESTION 3

Which of the following best describes the identification, analysis, and ranking of risks?

• A. Design of experiments
• B. Fast tracking
• C. Fixed-price contracts
• D. Plan Risk management

Answer: D

NEW QUESTION 4

You are the program manager of the BHG Program. One of the projects in your program will be using new materials that are somewhat untested. You are worried that there may be delays and waste because the project team is unaware of how to accurately use these materials. You elect to send the people that will be using the new materials through training on how to complete their project work. You also allow them to purchase some of the materials to experiment on their use before the actual project work is to be done. You want to ensure that mistakes do not enter into the project. What type of action have you provided in this scenario?

• A. This is an example of team development.
• B. This is an example of a corrective action.
• C. This is an example of quality assurance.
• D. This is an example of a preventive action.

Answer: D

NEW QUESTION 5

You work as a Computer Hacking Forensic Investigator for SecureNet Inc. You want to investigate Cross-Site Scripting attack on your company's Website. Which of the following methods of investigation can you use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

• A. Use a Web proxy to view the Web server transactions in real time and investigate any communication with outside servers.
• B. Look at the Web servers logs and normal traffic logging.
• C. Use Wireshark to capture traffic going to the server and then searching for the requests going to the input page, which may give log of the malicious traffic and the IP address of the source.
• D. Review the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL to the company's site.

Answer: ABD

NEW QUESTION 6

Which of the following processes is described in the statement below?
"It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

• A. Perform Quantitative Risk Analysis
• B. Perform Qualitative Risk Analysis
• C. Monitor and Control Risks
• D. Identify Risks

Answer: C

NEW QUESTION 7

Which of the following encryption techniques does digital signatures use?

• A. MD5
• B. RSA
• C. IDEA
• D. Blowfish

Answer: C

NEW QUESTION 8

Under the SMART scheme, the Predictive Failure Analysis Technology is used to determine the failure or crash for which of the following parts of a computer system?

• A. Operating System
• B. Hard Disc drive
• C. Software
• D. Internet Browser

Answer: B

NEW QUESTION 9

You have been tasked with finding an encryption methodology for your company's network. The solution must use public key encryption which is keyed to the users email address. Which of the following should you select?

• A. AES
• B. 3DES
• C. PGP
• D. Blowfish

Answer: C

NEW QUESTION 10

You are configuring the Terminal service. What Protocols are required with Terminal services? (Click the Exhibit button on the toolbar to see the case study.) Each correct answer represents a part of the solution. Choose two.

• A. L2TP
• B. TCP/IP
• C. RDP
• D. CHAP
• E. PPTP

Answer: BC

NEW QUESTION 11

Which of the following refers to the ability to ensure that the data is not modified or tampered with?

• A. Availability
• B. Integrity
• C. Confidentiality
• D. Non-repudiation

Answer: B

NEW QUESTION 12

You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to investigate e-mail information of an employee of the company. The suspected employee is using an online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer will you review to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

• A. Cookies folder
• B. Temporary Internet Folder
• C. Download folder
• D. History folder

Answer: ABD

NEW QUESTION 13

You are responsible for virus protection for a large college campus. You are very concerned that your antivirus solution must be able to capture the latest virus threats. What sort of virus protection should you implement?

• A. Network Based
• B. Dictionary
• C. Heuristic
• D. Host based

Answer: C

NEW QUESTION 14

John works as a Network Administrator for Bordeaux Inc. He is planning to design a strategy, so that the employees can connect to a scheduling application. Which of the following strategies is best suited for the company?
(Click the Exhibit button on the toolbar to see the case study.)

• A. Deploy a VPN server on the VLAN network, and an IIS server on the corporate LAN at the headquarters.
• B. Deploy a VPN server on the VLAN network, and an IIS server on DMZ.
• C. Deploy a VPN server on the corporate LAN at the headquarters, and an IIS server on DMZ.
• D. Deploy a VPN server on DMZ, and an IIS server on the corporate LAN at the headquarters.

Answer: D

NEW QUESTION 15

Which of the following are parts of applying professional knowledge? Each correct answer represents a complete solution. Choose all that apply.

• A. Maintaining cordial relationship with project sponsors
• B. Reporting your project management appearance
• C. Staying up-to-date with project management practices
• D. Staying up-to-date with latest industry trends and new technology

Answer: BCD

NEW QUESTION 16

Which of the following are some of the parts of a project plan?
Each correct answer represents a complete solution. Choose all that apply.

• A. Risk identification
• B. Project schedule
• C. Team members list
• D. Risk analysis

Answer: ABC

NEW QUESTION 17

Computer networks and the Internet are the prime mode of Information transfer today. Which of the following is a technique used for modifying messages, providing Information and Cyber security, and reducing the risk of hacking attacks during communications and message passing over the Internet?

• A. Cryptography
• B. OODA loop
• C. Risk analysis
• D. Firewall security

Answer: A

NEW QUESTION 18
......