giac gisf practice test

You are the project manager of SST project. You are in the process of collecting and distributing
performance information including status report, progress measurements, and forecasts. Which of
the following process are you performing?

• A. Perform Quality Control
• B. Verify Scope
• C. Report Performance
• D. Control Scope

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based
network. The company is aware of various types of security attacks and wants to impede them.
Hence, management has assigned John a project to port scan the company's Web Server. For this, he
uses the nmap port scanner and issues the following command to perform idle port scanning:
nmap -PN -p- -sI IP_Address_of_Company_Server
He analyzes that the server's TCP ports 21, 25, 80, and 111 are open.
Which of the following security policies is the company using during this entire process to mitigate
therisk of hacking attacks?

• A. Audit policy
• B. Antivirus policy
• C. Non-disclosure agreement
• D. Acceptable use policy

Which of the following protocols provides secured transaction of data between two computers?

• A. SSH
• B. FTP
• C. Telnet
• D. RSH

A firewall is a combination of hardware and software, used to provide security to a network. It isused
to protect an internal network or intranet against unauthorized access from the Internet orother
outside networks. It restricts inbound and outbound access and can analyze all trafficbetween an
internal network and the Internet. Users can configure a firewall to pass or blockpackets from
specific IP addresses and ports. Which of the following tools works as a firewall forthe Linux 2.4
kernel?

• A. IPChains
• B. OpenSSH
• C. Stunnel
• D. IPTables

Which of the following concepts represent the three fundamental principles of informationsecurity?
Each correct answer represents a complete solution. Choose three.

• A. Privacy
• B. Availability
• C. Integrity
• D. Confidentiality

You work as a Software Developer for Mansoft Inc. You create an application. You want to use the
application to encrypt data. You use the HashAlgorithmType enumeration to specify the algorithm
used for generating Message Authentication Code (MAC) in Secure Sockets Layer (SSL)
communications.
Which of the following are valid values for HashAlgorithmType enumeration?
Each correct answer represents a part of the solution. Choose all that apply.

• A. MD5
• B. None
• C. DES
• D. RSA
• E. SHA1
• F. 3DES

John works as a professional Ethical Hacker. He has been assigned a project to test the security of
www.we-are-secure.com. He wants to test the effect of a virus on the We-are-secure server. He
injects the virus on the server and, as a result, the server becomes infected with the virus even
though an established antivirus program is installed on the server. Which of the following do you
thinkare the reasons why the antivirus installed on the server did not detect the virus injected by
John?
Each correct answer represents a complete solution. Choose all that apply.

• A. The virus, used by John, is not in the database of the antivirus program installed on the ser ver.
• B. The mutation engine of the virus is generating a new encrypted code.
• C. John has created a new virus.
• D. John has changed the signature of the virus.

Which of the following types of virus is capable of changing its signature to avoid detection?

• A. Stealth virus
• B. Boot sector virus
• C. Macro virus
• D. Polymorphic virus

Which of the following protocols can help you get notified in case a router on a network fails?

• A. SMTP
• B. SNMP
• C. TCP
• D. ARP

Computer networks and the Internet are the prime mode of Information transfer today. Which of the
following is a technique used for modifying messages, providing Information and Cyber security, and
reducing the risk of hacking attacks during communications and message passing over the Internet?

• A. Cryptography
• B. OODA loop
• C. Risk analysis
• D. Firewall security