GISF | How Many Questions Of GISF Real Exam

NEW QUESTION 1

What does a firewall check to prevent certain ports and applications from getting the packets into an Enterprise?

• A. The application layer port numbers and the transport layer headers
• B. The presentation layer headers and the session layer port numbers
• C. The network layer headers and the session layer port numbers
• D. The transport layer port numbers and the application layer headers

Answer: D

NEW QUESTION 2

Which of the following objects in an Active Directory serve as security principles? Each correct answer represents a part of the solution. Choose all that apply.

• A. User accounts
• B. Organizational units (OUs)
• C. Computer accounts
• D. Groups

Answer: ACD

NEW QUESTION 3

Kelly is the project manager of the NNQ Project for her company. This project will last for one year and has a budget of $350,000. Kelly is working with her project team and subject matter experts to begin the risk response planning process. When the project manager begins the plan risk response process, what two inputs will she need?

• A. Risk register and the results of risk analysis
• B. Risk register and the risk response plan
• C. Risk register and the risk management plan
• D. Risk register and power to assign risk responses

Answer: C

NEW QUESTION 4

Which of the following protocols implements VPN using IPSec?

• A. SLIP
• B. PPTP
• C. PPP
• D. L2TP

Answer: D

NEW QUESTION 5

Which of the following statements are TRUE regarding asymmetric encryption and symmetric encryption? Each correct answer represents a complete solution. Choose all that apply.

• A. Data Encryption Standard (DES) is a symmetric encryption key algorithm.
• B. In symmetric encryption, the secret key is available only to the recipient of the message.
• C. Symmetric encryption is commonly used when a message sender needs to encrypt a large amount of data.
• D. Asymmetric encryption uses a public key and a private key pair for data encryption.

Answer: ACD

NEW QUESTION 6

You send and receive messages on Internet. A man-in-the-middle attack can be performed to capture and read your message. Which of the following Information assurance pillars ensures the security of your message or data against this type of attack?

• A. Authentication
• B. Non-repudiation
• C. Data availability
• D. Confidentiality

Answer: D

NEW QUESTION 7

You have decided to implement an intrusion detection system on your network. You primarily are interested in the IDS being able to recognized known attack techniques. Which type of IDS should you choose?

• A. Signature Based
• B. Passive
• C. Active
• D. Anomaly Based

Answer: A

NEW QUESTION 8

You work as a Security manager for Orangesect Inc. The enterprise is using the OODA loop strategy to counter the security issues in the enterprise. Some of the IP addresses of the enterprise have been hacked. You match up the present hacking issue and condition with the past hacking experiences to find a solution. Which of the following phases of the OODA loop involves the procedure followed by you?

• A. The decide phase
• B. The orient phase
• C. The observe phase
• D. The act phase

Answer: B

NEW QUESTION 9

Which of the following are used as primary technologies to create a layered defense for giving protection to a network?
Each correct answer represents a complete solution. Choose all that apply.

• A. Vulnerability
• B. Firewall
• C. Endpoint authentication
• D. IDS

Answer: BCD

NEW QUESTION 10

Which of the following layers of the OSI model corresponds to the Host-to-Host layer of the TCP/IP model?

• A. The presentation layer
• B. The application layer
• C. The transport layer
• D. The session layer

Answer: C

NEW QUESTION 11

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. He enters a single quote in the input field of the login page of the Weare- secure Web site and receives the following error message:
Microsoft OLE DB Provider for ODBC Drivers error '0x80040E14'
This error message shows that the We-are-secure Website is vulnerable to _____.

• A. A buffer overflow
• B. An XSS attack
• C. A Denial-of-Service attack
• D. A SQL injection attack

Answer: D

NEW QUESTION 12

You are the security manager of Microliss Inc. Your enterprise uses a wireless network infrastructure with access points ranging 150-350 feet. The employees using the network complain that their passwords and important official information have been traced. You discover the following clues:
The information has proved beneficial to another company.
The other company is located about 340 feet away from your office. The other company is also using wireless network.
The bandwidth of your network has degraded to a great extent. Which of the following methods of attack has been used?

• A. A piggybacking attack has been performed.
• B. The information is traced using Bluebugging.
• C. A DOS attack has been performed.
• D. A worm has exported the information.

Answer: A

NEW QUESTION 13

A firewall is a combination of hardware and software, used to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Which of the following tools works as a firewall for the Linux 2.4 kernel?

• A. IPChains
• B. OpenSSH
• C. Stunnel
• D. IPTables

Answer: D

NEW QUESTION 14

Which of the following is the most secure place to host a server that will be accessed publicly through the Internet?

• A. A DNS Zone
• B. An Intranet
• C. A demilitarized zone (DMZ)
• D. A stub zone

Answer: C

NEW QUESTION 15

Which term best describes an e-mail that contains incorrect and misleading information or warnings about viruses?

• A. Blowfish
• B. Spam
• C. Virus
• D. Trojan horse
• E. Hoax
• F. Rlogin

Answer: E

NEW QUESTION 16

Which of the following techniques can be used by an administrator while working with the symmetric encryption cryptography? Each correct answer represents a complete solution. Choose all that apply.

• A. Transposition cipher
• B. Message Authentication Code
• C. Stream cipher
• D. Block cipher

Answer: BCD

NEW QUESTION 17

You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 Active Directory domain-based network. The network has three Windows Server 2008 member servers and 150 Windows Vista client computers. According to the company's security policy, you want to apply Windows firewall setting to all the computers in the domain to improve security.
Which of the following is the fastest and the most effective way to accomplish the task?

• A. Apply firewall settings manually.
• B. Apply firewall settings on the domain controller of the domain.
• C. Use group policy to apply firewall settings.
• D. Use a batch file to apply firewall setting.

Answer: C

NEW QUESTION 18
......