GIAC Information Security Fundamentals v6.1

Page:    1 / 23   
Exam contains 333 questions

Which of the following tools can be used to perform tasks such as Windows password cracking Windows enumeration, and VoIP session sniffing?

  • A. John the Ripper
  • B. Obiwan
  • C. Cain
  • D. L0phtcrack


Answer : C

Which of the following tools combines two programs, and also encrypts the resulting package in an attempt to foil antivirus programs?

  • A. NetBus
  • B. EliteWrap
  • C. Trojan Man
  • D. Tiny


Answer : C

What does a firewall check to prevent certain ports and applications from getting the packets into an Enterprise?

  • A. The application layer port numbers and the transport layer headers
  • B. The presentation layer headers and the session layer port numbers
  • C. The network layer headers and the session layer port numbers
  • D. The transport layer port numbers and the application layer headers


Answer : D

You are the Network Administrator for a large corporate network. You want to monitor all network traffic on your local network for suspicious activities and receive a notification when a possible attack is in process. Which of the following actions will you take for this?

  • A. Install a DMZ firewall
  • B. Enable verbose logging on the firewall
  • C. Install a host-based IDS
  • D. Install a network-based IDS


Answer : D

The SALES folder has a file named XFILE.DOC that contains critical information about your company. This folder resides on an NTFS volume. The company's Senior Sales
Manager asks you to provide security for that file. You make a backup of that file and keep it in a locked cupboard, and then you deny access on the file for the Sales group. John, a member of the Sales group, accidentally deletes that file. You have verified that John is not a member of any other group.
Although you restore the file from backup, you are confused how John was able to delete the file despite having no access to that file.
What is the most likely cause?

  • A. The Sales group has the Full Control permission on the SALES folder.
  • B. The Deny Access permission does not work on files.
  • C. The Deny Access permission does not restrict the deletion of files.
  • D. John is a member of another group having the Full Control permission on that file.


Answer : A

NIST Special Publication 800-50 is a security awareness program. It is designed for those people who are currently working in the information technology field and want to the information security policies.
Which of the following are its significant steps?
Each correct answer represents a complete solution. Choose two.

  • A. Awareness and Training Material Effectiveness
  • B. Awareness and Training Material Development
  • C. Awareness and Training Material Implementation
  • D. Awareness and Training Program Design


Answer : B,D

You are the project manager of the HHH Project. The stakeholders for this project are scattered across the world and you need a method to promote interaction. You determine that a Web conferencing software would be the most cost effective solution. The stakeholders can watch a slide show while you walk them through the project details. The stakeholders can hear you, ask questions via a chat software, and post concerns. What is the danger in this presentation?

  • A. 55 percent of all communication is nonverbal and this approach does not provide non- verbal communications.
  • B. The technology is not proven as reliable.
  • C. The stakeholders won't really see you.
  • D. The stakeholders are not required to attend the entire session.


Answer : A

A Cisco Unified Wireless Network has an AP that does not rely on the central control device of the network. Which type of AP has this characteristic?

  • A. Lightweight AP
  • B. Rogue AP
  • C. LWAPP
  • D. Autonomous AP


Answer : D

Which of the following monitors program activities and modifies malicious activities on a system?

  • A. Back door
  • B. HIDS
  • C. RADIUS
  • D. NIDS


Answer : B

Which of the following statements is not true about a digital certificate?

  • A. It is used with both public key encryption and private key encryption.
  • B. It is used with private key encryption.
  • C. It is neither used with public key encryption nor with private key encryption.
  • D. It is used with public key encryption.


Answer : D

Which of the following Web attacks is performed by manipulating codes of programming languages such as SQL, Perl, Java present in the Web pages?

  • A. Cross-Site Request Forgery
  • B. Code injection attack
  • C. Cross-Site Scripting attack
  • D. Command injection attack


Answer : B

Which of the following Acts enacted in United States allows the FBI to issue National
Security Letters (NSLs) to Internet service providers (ISPs) ordering them to disclose records about their customers?

  • A. Electronic Communications Privacy Act of 1986
  • B. Economic Espionage Act of 1996
  • C. Computer Fraud and Abuse Act
  • D. Wiretap Act


Answer : A

Which of the following does an anti-virus program update regularly from its manufacturer's
Web site?

  • A. Hotfixes
  • B. Definition
  • C. Service packs
  • D. Permissions


Answer : B

You work as a Network Administrator for Infonet Inc. The company has a Windows Server
2008 domainbased network. The network has three Windows Server 2008 member servers and 150 Windows Vista client computers. According to the company's security policy, you apply Windows firewall setting to the computers on the network. Now, you are troubleshooting a connectivity problem that might be caused by Windows firewall. What will you do to identify connections that Windows firewall allows or blocks?

  • A. Configure Network address translation (NAT).
  • B. Disable Windows firewall logging.
  • C. Configure Internet Protocol Security (IPSec).
  • D. Enable Windows firewall logging.


Answer : D

Hardening a system is one of the practical methods of securing a computer system. Which of the following techniques is used for hardening a computer system?

  • A. Disabling all user accounts
  • B. Applying egress filtering
  • C. Applying Access Control List (ACL)
  • D. Applying a patch to the OS kernel


Answer : D

Page:    1 / 23   
Exam contains 333 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.