GIAC Certified ISO-2700 Specialist Practice Test v6.0

Page:    1 / 31   
Exam contains 453 questions

Which of the following information security standards deals with the protection of the computer facilities?

  • A. Physical and environmental security
  • B. Compliance
  • C. Organization of information security
  • D. Risk assessment and treatment


Answer : A

Which of the following is a technical measure?

  • A. Encryption of data
  • B. Creation of a policy that defines what is and what is not permitted in the e-mail
  • C. Allocation of information to an owner
  • D. Storage of system management passwords


Answer : A

Which of the following types of social engineering attacks is a term that refers to going through someone's trash to find out useful or confidential information?

  • A. Authorization by third party
  • B. Dumpster diving
  • C. Shoulder surfing
  • D. Important user posing


Answer : B

Which of the following are the things included by sensitive system isolation?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Construction of appropriately isolated environments where technically and operationally feasible
  • B. Inclusion of all documents technically stored in a virtual directory
  • C. Explicit identification and acceptance of risks when shared facilities and/or resources must be used
  • D. Explicit identification and documentation of sensitivity by each system/application controller (owner)


Answer : A,C,D

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to assign ownership of some assets of the organization. Which of the following statements correctly describe the responsibilities of an asset owner?
Each correct answer represents a complete solution. Choose all that apply.

  • A. The owner has property rights to the asset.
  • B. The owner is allowed to delegate responsibility for maintaining the asset.
  • C. The owner should have a document describing the security controls for the asset.
  • D. The owner is allowed to delegate accountability of the asset.


Answer : B,C

You work as a Security Administrator for uCertify Inc. You need to make a documentation to provide ongoing education and awareness training of disciplinary actions of your company. What are the primary reasons to create this documentation?
Each correct answer represents a complete solution. Choose all that apply.

  • A. To ensure that employees understand information security threats
  • B. To ensure that employees have the necessary knowledge to mitigate security threats
  • C. To ensure that employees are aware of and understand their roles and responsibilities
  • D. To ensure that employees have the necessary knowledge about the company's forthcoming Projects


Answer : A,B,C

The stronger points of CRAMM assist prioritization by providing a countermeasure with high priority if some conditions are met. Which of the following are these conditions?
Each correct answer represents a complete solution. Choose all that apply.

  • A. It requires protecting a high risk system.
  • B. It does not require the installation of alternative countermeasures.
  • C. It is inexpensive to implement.
  • D. It provides protection against several threats.


Answer : A,B,D

Which of the following tasks are performed by Information Security Management?
Each correct answer represents a complete solution. Choose all that apply.

  • A. It is designed to protect information and any equipment that is used in connection with its storage, transmission, and processing.
  • B. It is designed to develop information and any equipment that is used in connection with its storage, transmission, and processing.
  • C. It is designed to recognize information and any equipment that is used in connection with its storage, transmission, and processing.
  • D. It is designed to control information and any equipment that is used in connection with its storage, transmission, and processing.


Answer : A,C,D

Which of the following standards was made in 1995 by the joint initiative of the Department of Trade and Industry in the United Kingdom and leading UK private-sector businesses?

  • A. BS7799
  • B. ISO 27001
  • C. BS2700
  • D. ISMS


Answer : A

Which of the following are the variables on which the structure of Service Level Agreement depends?
Each correct answer represents a complete solution. Choose all that apply.

  • A. It depends on the cultural aspects.
  • B. It depends on the infrastructure aspects of the organization.
  • C. It depends on the nature of the business activities, in terms of general terms and conditions, and business hours.
  • D. It depends on the physical aspects of the organization.


Answer : A,C,D

Which of the following is one of the mechanisms available for administrators to employ for replicating the databases containing the DNS data across a set of DNS servers?

  • A. DNS zone transfer
  • B. DNS cache poisoning
  • C. DNS spoofing
  • D. ARP spoofing


Answer : A

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following are information assets?
Each correct answer represents a complete solution. Choose all that apply.

  • A. User manuals
  • B. Operating systems
  • C. Training metarials
  • D. Personal data


Answer : A,C,D

Fill in the blank with the appropriate term.
___________is the built-in file encryption tool for Windows file systems. It protects encrypted files from those who have physical possession of the computer where the encrypted files are stored.



Answer : EFS

Which of the following are the major tasks of risk management?
Each correct answer represents a complete solution. Choose two.

  • A. Assuring the integrity of organizational data
  • B. Building Risk free systems
  • C. Risk identification
  • D. Risk control


Answer : C,D

You work as an Information Security Manager for uCertify Inc. You have been assigned the task to create the documentation on control A.7.2 of the ISO standard. Which of the following is the chief concern of control A.7.2?

  • A. Classification of owners
  • B. Usage of information
  • C. Identification of inventory
  • D. Classification of information


Answer : D

Page:    1 / 31   
Exam contains 453 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us