New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GIAC G2700 - GIAC Certified ISO-2700 Specialist Practice Test

GIAC G2700 Premium Access     Download Demo    
Page: 8 / 14
Total 453 questions

Which of the following security design principles supports comprehensive and simple design and implementation of protection mechanisms, so that an unintended access path does not exist or can be readily identified and eliminated?

A.

Psychological acceptability

B.

Separation of duties

C.

Economy of mechanism

D.

Least privilege

Which of the following statements are true about Regulation of Investigatory Powers Act 2000?

Each correct answer represents a complete solution. Choose all that apply.

A.

It enables certain public bodies to demand ISPs fit equipment to facilitate surveillance.

B.

It enables mass surveillance of communications in transit.

C.

It enables certain private bodies to demand that someone hand over keys to protected information.

D.

It allows certain public bodies to monitor people's Internet activities.

Which of the following are the variables on which the structure of Service Level Agreement depends?

Each correct answer represents a complete solution. Choose all that apply.

A.

It depends on the physical aspects of the organization.

B.

It depends on the nature of the business activities, in terms of general terms and conditions, and business hours.

C.

It depends on the cultural aspects.

D.

It depends on the infrastructure aspects of the organization.

You work as a Network Administrator for Net Soft Inc. You are designing a data backup plan for your company's network. The backup policy of the company requires high security and easy recovery of data. Which of the following options will you choose to accomplish this?

A.

Take a full backup daily with the previous night's tape taken offsite.

B.

Take a full backup on alternate days and keep rotating the tapes.

C.

Take a full backup on Monday and a differential backup on each of the following weekdays. Keep Monday's backup offsite.

D.

Take a full backup daily and use six-tape rotation.

E.

Take a full backup on Monday and an incremental backup on each of the following weekdays. Keep Monday's backup offsite.

F.

Take a full backup daily with one tape taken offsite weekly.

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following is an intangible asset?

A.

Equipment

B.

Electricity

C.

Personal data

D.

Reputation of the company

You work as an Information Security Manager for uCertify Inc. You are working on the documentation of ISMS. Which of the following steps are concerned with the development of ISMS?

Each correct answer represents a complete solution. Choose all that apply.

A.

Risk management

B.

HR security planning

C.

Statement of Applicability

D.

Selection of appropriate controls

Which of the following is the correct formula of annualized loss expectancy?

A.

ALE=single loss expectancy*annualized rate of occurrence

B.

ALE= asset value*exposure factor

C.

ALE=single loss expectancy*exposure factor

D.

ALE=asset value*annualized rate of occurrence

David works as the Network Administrator for Blue Well Inc. One of his tasks is to develop and maintain risk management plan. Which of the following are the objectives of risk management plan?

Each correct answer represents a complete solution. Choose all that apply.

A.

Eliminating risks

B.

Accepting risks cautiously that cannot be eliminated

C.

Developing required risks

D.

Transferring risks by insurance

How can you calculate the Annualized Loss Expectancy (ALE) that may occur due to a threat?

A.

Asset Value X Exposure Factor (EF)

B.

Single Loss Expectancy (SLE)/ Exposure Factor (EF)

C.

Exposure Factor (EF)/Single Loss Expectancy (SLE)

D.

Single Loss Expectancy (SLE) X Annualized Rate of Occurrence (ARO)

Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?

A.

Data custodian

B.

User

C.

Auditor

D.

Data owner