Weekend Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GIAC G2700 - GIAC Certified ISO-2700 Specialist Practice Test

GIAC G2700 Premium Access     Download Demo    
Page: 7 / 14
Total 453 questions

Which of the following is used to hide the existence of a message from a third party?

A.

Steganography

B.

SNORT

C.

Packet sniffing

D.

Spoofing

A helpdesk technician received a phone call from an administrator at a remote branch office. The administrator claimed to have forgotten the password for the root account on UNIX servers and asked for it. Although the technician didn't know any administrator at the branch office, the guy sounded really friendly and since he knew the root password himself, he supplied the caller with the password.

What type of attack has just occurred?

A.

Brute Force attack

B.

War dialing attack

C.

Social Engineering attack

D.

Replay attack

Which of the following statements are true about Regulation of Investigatory Powers Act 2000?

Each correct answer represents a complete solution. Choose all that apply.

A.

It enables certain public bodies to demand ISPs fit equipment to facilitate surveillance.

B.

It enables mass surveillance of communications in transit.

C.

It enables certain private bodies to demand that someone hand over keys to protected information.

D.

It allows certain public bodies to monitor people's Internet activities.

Which of the following creates policies, plans, and procedures to minimize the impact of risks to the organizational processes?

A.

Configuration Management

B.

Business Continuity Planning

C.

Social engineering

D.

Change Management

Which of the following paragraphs of the Turnbull Guidance provide clear description of the principles of a risk treatment plan?

Each correct answer represents a complete solution. Choose all that apply.

A.

16

B.

18

C.

17

D.

19

By gaining full control of a router, hackers often acquire full control of the network. Which of the following methods are commonly used to attack routers?

Each correct answer represents a complete solution. Choose all that apply.

A.

Launching a Max Age attack

B.

Route table poisoning

C.

Launching a Sequence++ attack

D.

Launching a social engineering attack

Which of the following is established during the Business Impact Analysis by the owner of a process in accepted business continuity planning methodology?

A.

Recovery Consistency Objective

B.

Recovery Time Actual

C.

Recovery Time Objective

D.

Recovery Point Objective

Which of the following statements is true about annualized rate of occurrence?

A.

It is defined as the cost related to a single realized risk against a particular asset.

B.

It is defined as the yearly cost of all instances of a particular threat against a particular ass et.

C.

It is defined as the expected frequency of occurrence of a particular threat or risk in a singl e year.

D.

It is defined as the percentage of loss experienced by an organization when a particular asset is violated by a realized risk.

You work as the Network Security Administrator for uCertify Inc. The organization is using an intranet to distribute information to its employees. A database residing on the network contains employees' information, such as employee name, designation, department, phone extension, date of birth, date of joining, etc. You are concerned about the security because the database has all information about employees, which can help an unauthorized person to recognize an individual. Which Personally Identifiable Information should be removed from the database so that the unauthorized person cannot identify an individual?

A.

Date of birth

B.

Employee name

C.

Employee code

D.

Date of joining

Mark works as a Security Administrator for uCertify Inc. He is responsible to update Standard Operating Procedures (SOPs) in his organization. In this process, Mark needs to update many programs and modify some registry files in the operating system. He wants to make a document of each step taken by him, so that he can come back and restore the system to its actual state if any problem occurred in the update. Which type of document should Mark create to accomplish the task?

A.

Technical documentation

B.

Change control documentation

C.

Compliance documentation

D.

Legal documentation