Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GIAC G2700 - GIAC Certified ISO-2700 Specialist Practice Test

GIAC G2700 Premium Access     Download Demo    
Page: 12 / 14
Total 453 questions

Mark is hired as an Information Security Officer for BlueWell Inc. He wants to draw the attention of the management towards the significance of integrating information security in the business processes.

Which of the following tasks should he perform first to accomplish the task?

A.

He should perform a risk assessment.

B.

He should develop an information security policy.

C.

He should set up a security budget.

D.

He should obtain benchmarking information.

Which of the following types of social engineering attacks is a term that refers to going through someone's trash to find out useful or confidential information?

A.

Authorization by third party

B.

Dumpster diving

C.

Shoulder surfing

D.

Important user posing

Cigital Risk Management Method was developed by Gary McGraw of Cigital and John Viega of Stonewall Software, and it defines software security risk management process. Choose and re-order the risk management steps that are included in this method.

A.

Which of the following is expressly set up to attract and trap people who attempt to penetrate other people's computer systems?

A.

Honeypot

B.

Internet bot

C.

Crawler

D.

Spider

Which of the following are the perspectives considered to ensure the confidentiality, integrity, and availability of an organization's assets, information, data, and IT services?

Each correct answer represents a complete solution. Choose all that apply.

A.

Procedural

B.

Technical

C.

Management

D.

Organizational

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following are information assets?

Each correct answer represents a complete solution. Choose all that apply.

A.

User manuals

B.

Operating systems

C.

Training metarials

D.

Personal data

Which of the following are the two methods that are commonly used for applying mandatory access control?

Each correct answer represents a complete solution. Choose all that apply.

A.

Lattice-based access control

B.

Attribute-based access control

C.

Rule-based access control

D.

Discretionary access control

You work as an Information Security Manager for uCertify Inc. You are working on the documentation of control A.10.1.1. What is the purpose of control A.10.1.1?

A.

It is concerned with the documentation of the human resource security to make recruitments clear to the organization.

B.

It is concerned with the documentation of the supply chain management.

C.

It is concerned with the documentation of operating procedures to ensure the correct and secure use of information processing facilities.

D.

It is concerned with the documentation of the disaster recovery management to ensure proper backup technologies.

Which of the following statements is correct about the Annual Loss Expectancy?

A.

It is the size of the damage claims resulting from not having carried out risk analyses effec tively.

B.

It is the average damage calculated by insurance companies for businesses in a country.

C.

It is the minimum amount for which a company should insure itself.

D.

It is the amount of damage that can occur as a result of an incident during the year.

Which of the following information security standards deals with the protection of the computer facilities?

A.

Physical and environmental security

B.

Compliance

C.

Organization of information security

D.

Risk assessment and treatment