Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GIAC GISF - GIAC Information Security Fundamentals

GIAC GISF Premium Access     Download Demo    
Page: 4 / 10
Total 333 questions

Victor works as a professional Ethical Hacker for SecureEnet Inc. He wants to scan the wireless network of the company. He uses a tool that is a free open-source utility for network exploration.

The tool uses raw IP packets to determine the following:

What ports are open on our network systems.

What hosts are available on the network.

Identify unauthorized wireless access points.

What services (application name and version) those hosts are offering.

What operating systems (and OS versions) they are running.

What type of packet filters/firewalls are in use.

Which of the following tools is Victor using?

A.

Nessus

B.

Kismet

C.

Nmap

D.

Sniffer

Adam works as a Professional Penetration Tester for Umbrella Inc. A project has been assigned to him to carry out a Black Box penetration testing as a regular evaluation of the system security and integrity of the company's network. Which of the following statements are true about the Black Box penetration testing?

Each correct answer represents a complete solution. Choose all that apply.

A.

Black box testing provides the testers with complete knowledge of the infrastructure to be tested.

B.

Black box testing simulates an attack from someone who is unfamiliar with the system.

C.

Black box testing simulates an attack from someone who is familiar with the system.

D.

Black box testing assumes no prior knowledge of the infrastructure to be tested.

Which of the following statements about Public Key Infrastructure (PKI) is true?

A.

It uses symmetric key pairs.

B.

It uses public key encryption.

C.

It is a digital representation of information that identifies users.

D.

It provides security using data encryption and digital signature.

You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries. But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be involved in resolving this process and find a solution? Each correct answer represents a part of the solution. Choose all that apply.

A.

Recovery

B.

Contamination

C.

Identification

D.

Eradication

E.

Preparation

Rick works as a Network Administrator for Fimbry Hardware Inc. Based on the case study, which network routing strategy will he implement for the company? (Click the Exhibit button on the toolbar to see the case study.)

A.

He will implement OSPF on all the router interfaces.

B.

He will implement RIP v1 on all the router interfaces.

C.

He will implement the IGMP on all the router interface.

D.

He will implement RIP v2 on all the router interfaces.

E.

He will implement static routes for the routers.

Peter, a malicious hacker, wants to perform an attack. He first compromises computers distributed across the internet and then installs specialized software on these computers. He then instructs the compromised hosts to execute the attack. Every host can then be used to launch its own attack on the target computers. Which of the following attacks is Peter performing?

A.

Teardrop attack

B.

SYN flood attack

C.

Ping of Death attack

D.

DDoS attack

Which of the following are the types of Intrusion detection system?

A.

Server-based intrusion detection system (SIDS)

B.

Client based intrusion detection system (CIDS)

C.

Host-based intrusion detection system (HIDS)

D.

Network intrusion detection system (NIDS)

What is VeriSign?

A.

It is a data warehouse.

B.

It is an e-commerce portal.

C.

It is a search engine.

D.

It is a payment gateway.

You are the Network Administrator for a software development company. Your company creates various utilities and tools. You have noticed that some of the files your company creates are getting deleted from systems. When one is deleted, it seems to be deleted from all the computers on your network. Where would you first look to try and diagnose this problem?

A.

Antivirus log

B.

System log

C.

IDS log

D.

Firewall log

You are the project manager for BlueWell Inc. You are reviewing the risk register for your project. The risk register provides much information to you, the project manager and to the project team during the risk response planning. All of the following are included in the risk register except for which item?

A.

Trends in qualitative risk analysis results

B.

Symptoms and warning signs of risks

C.

List of potential risk responses

D.

Network diagram analysis of critical path activities