Cyber Monday Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GIAC G2700 - GIAC Certified ISO-2700 Specialist Practice Test

GIAC G2700 Premium Access     Download Demo    
Page: 3 / 14
Total 453 questions

Peter works as a Security Administrator for SecureEnet Inc. He observes that the database server of the company has been compromised and the data is stolen. Peter immediately wants to report this crime to the law enforcement authorities. Which of the following organizations looks after computer crime investigations in the United States?

A.

National Institute of Standards and Technology

B.

Federal Bureau of Investigation

C.

Local or National office of the US secret service

D.

Incident response team

Sam is one of the four network administrators in Blue Well Inc. They have been assigned together the task to implement PDCA on the project. Sam has to work on the Plan stage of the project. Which of the following tasks should be performed by Sam?

Each correct answer represents a complete solution. Choose all that apply.

A.

Preparing a statement of applicability

B.

Defining the scope of ISMS

C.

Defining the information security policy

D.

Managing operations and resources

Which of the following statements MOST closely depicts the difference between qualitative risk analysis and quantitative risk analysis?

A.

A quantitative RA does not use the hard costs of losses and a qualitative RA does.

B.

A quantitative RA cannot use a number of calculations.

C.

A qualitative RA uses a number of complex calculations.

D.

Lesser amount of guesswork is used in a quantitative RA.

Which of the following is NOT a common information-gathering technique while performing risk analysis?

A.

Review of existing policy documents

B.

Employment of automated risk assessment tools

C.

Distribution of questionnaire

D.

Interview of terminated employees

Which of the following is used to align and realign IT Services to changing business needs by identifying and implementing improvements to IT services?

A.

Business Impact Analysis (BIA)

B.

Continual Service Improvement (CSI)

C.

Recovery Point Objective (RPO)

D.

Business Continuity Plan (BCP)

You work as a Security Administrator for uCertify Inc. The organization has signed a legal contract with another company for maintaining network security. According to the contract, both companies can share any confidential material, knowledge, or information with one another for certain purposes, but they cannot share these with others. Which of the following terms best describes this agreement?

A.

Organizational Level

B.

Service Level

C.

Operating Level

D.

Non-disclosure

Which of the following indicates that the project team has decided not to change the project management plan to deal with a risk?

A.

Risk transference

B.

Risk acceptance

C.

Risk avoidance

D.

Risk mitigation

In which of the following mechanisms does an authority, within limitations, specify what objects can be accessed by a subject?

A.

Mandatory Access Control

B.

Task-based Access Control

C.

Discretionary Access Control

D.

Role-Based Access Control

Which of the following are security design principles required for information protection?

Each correct answer represents a complete solution. Choose all that apply.

A.

Closed design

B.

Least privilege

C.

Separation of duties

D.

Complete meditation

Which of the following activities are performed by the 'Do' cycle component of PDCA (plan-docheck- act)?

Each correct answer represents a complete solution. Choose all that apply.

A.

It performs security awareness training.

B.

It operates the selected controls.

C.

It detects and responds to incidents properly.

D.

It determines controls and their objectives.

E.

It manages resources that are required to achieve a goal.