Labour Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: geek65

G2700 GIAC Certified ISO-2700 Specialist Practice Test Questions and Answers

Questions 4

What is the name given to the system that guarantees the coherence of information security in the organization?

Options:

A.

Information Security Management System

B.

Rootkit

C.

Stemkit

D.

Security regulations for special information for the government

Buy Now
Questions 5

By gaining full control of a router, hackers often acquire full control of the network. Which of the following methods are commonly used to attack routers?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Launching a Max Age attack

B.

Route table poisoning

C.

Launching a Sequence++ attack

D.

Launching a social engineering attack

Buy Now
Questions 6

Which of the following are the steps of the Do stage of the project?

Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Operations and resources are managed.

B.

Training and awareness programs for affected staff are scheduled.

C.

The risk treatment plan is implemented and controls are planned.

D.

The options are identified and evaluated for the treatment of the risks.

Buy Now
Questions 7

Which of the following statements are true about Regulation of Investigatory Powers Act 2000?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It enables certain public bodies to demand ISPs fit equipment to facilitate surveillance.

B.

It enables mass surveillance of communications in transit.

C.

It enables certain private bodies to demand that someone hand over keys to protected information.

D.

It allows certain public bodies to monitor people's Internet activities.

Buy Now
Questions 8

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following is an intangible asset?

Options:

A.

Equipment

B.

Electricity

C.

Reputation of the company

D.

Personal data

Buy Now
Questions 9

Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?

Options:

A.

Utility model

B.

Cookie

C.

Trade secret

D.

Copyright

Buy Now
Questions 10

Mark works as a Network Security Administrator for uCertify Inc. He has installed IDS for matching incoming packets against known attacks. Which of the following types of intrusion detection techniques is being used?

Options:

A.

Host-based IDS

B.

Signature-based IDS

C.

Pattern Matching IDS

D.

Network-based IDS

Buy Now
Questions 11

You work as the Network Administrator for a defense contractor. Your company works with sensitive materials and all IT personnel have at least a secret level clearance. You are still concerned that one individual could perhaps compromise the network (intentionally or unintentionally) by setting up improper or unauthorized remote access. What is the best way to avoid this problem?

Options:

A.

Implement least privileges.

B.

Implement RBAC.

C.

Implement three way authentication.

D.

Implement separation of duties.

Buy Now
Questions 12

You work as the Network Security Administrator for uCertify Inc. You are responsible for protecting your network from unauthorized access from both inside and outside the organization. For outside attacks, you have installed a number of security tools that protect your network. For internal security, employees are using passwords more than 8 characters; however, a few of them having the same designation often exchange their passwords, making it possible for others to access their accounts. There is already a policy to stop this practice, but still employees are doing so. Now, you want to stop this and ensure that this never happens again. Which of the following will be the best step to stop this practice?

Options:

A.

Create a policy that forces users to create a password combined with special characters.

B.

Create a policy to enter their personal email id while logged in to the system.

C.

Create a policy to enter their employee code while logged in to the system.

D.

Create a new policy that forces users to change their passwords once every 15 days.

Buy Now
Questions 13

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to make a document on the classification of information assets. Which of the following controls of the ISO standard provides guidelines on the classification of information?

Options:

A.

Control A.7.1.3

B.

Control A.7.1.2

C.

Control A.7.2

D.

Control A.7.2.1

Buy Now
Questions 14

Service Level Agreement (SLA) provides one service for all customers of that service. Which of the following are the contents included by SLAs?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Scope

B.

Mutual responsibilities

C.

Vocations

D.

Service description

Buy Now
Questions 15

Which of the following activities are performed by the 'Do' cycle component of PDCA (plan-docheck- act)?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It manages resources that are required to achieve a goal.

B.

It determines controls and their objectives.

C.

It performs security awareness training.

D.

It detects and responds to incidents properly.

E.

It operates the selected controls.

Buy Now
Questions 16

You work as a Security Administrator for uCertify Inc. You have been assigned a task for helping employees in determining appropriate technical security measures available for electronic information that is deemed sensitive. Which of the following policies will you apply to accomplish the task?

Options:

A.

Default policy

B.

Enterprise policy

C.

Information security policy

D.

Security policy

Buy Now
Questions 17

Fill in the blank with an appropriate phrase.

The______ is concerned with rebuilding production processing and determining the criticality of data.

Options:

A.

recovery team

Buy Now
Questions 18

Which of the following is established during the Business Impact Analysis by the owner of a process in accepted business continuity planning methodology?

Options:

A.

Recovery Consistency Objective

B.

Recovery Time Actual

C.

Recovery Time Objective

D.

Recovery Point Objective

Buy Now
Questions 19

Which of the following laws or acts enforces the prohibition against cyber stalking?

Options:

A.

Malicious Communications Act (1998)

B.

Anti-Cyber-Stalking law (1999)

C.

Stalking Amendment Act (1999)

D.

Stalking by Electronic Communications Act (2001)

Buy Now
Questions 20

Fill in the blank with the appropriate term.

___________is the built-in file encryption tool for Windows file systems. It protects encrypted files from those who have physical possession of the computer where the encrypted files are stored.

Options:

Buy Now
Questions 21

Which of the following are the two methods that are commonly used for applying mandatory access control?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Lattice-based access control

B.

Attribute-based access control

C.

Rule-based access control

D.

Discretionary access control

Buy Now
Questions 22

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to make a document on the usage of information assets. Which of the following controls of the ISO standard deals with the documentation and implementation of rules for the acceptable use of information assets?

Options:

A.

Control A.7.2.1

B.

Control A.7.1.2

C.

Control A.7.1.3

D.

Control A.7.2

Buy Now
Questions 23

Which of the following administrative policy controls is usually associated with government classifications of materials and the clearances of individuals to access those materials?

Options:

A.

Separation of Duties

B.

Due Care

C.

Acceptable Use

D.

Need to Know

Buy Now
Questions 24

Which of the following states that a user should never be given more privileges than are required to carry out a task?

Options:

A.

Principle of least privilege

B.

Role-based security

C.

Security through obscurity

D.

Segregation of duties

Buy Now
Questions 25

Which of the following is the element used in the technology of encrypting and decrypting the text in cryptography?

Options:

A.

Cipher

B.

Key

C.

Plaintext

D.

Encryption

Buy Now
Questions 26

Andrew is the CEO of uCertify Inc. He wants to improve the resources and revenue of the company. He uses the PDCA methodology to accomplish the task. Which of the following are the phases of the PDCA methodology?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Deviate

B.

Plan

C.

Calculate

D.

Act

Buy Now
Questions 27

Which of the following are the perspectives considered to ensure the confidentiality, integrity, and availability of an organization's assets, information, data, and IT services?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Procedural

B.

Technical

C.

Management

D.

Organizational

Buy Now
Questions 28

Which of the following standards was made in 1995 by the joint initiative of the Department of Trade and Industry in the United Kingdom and leading UK private-sector businesses?

Options:

A.

BS7799

B.

ISO 27001

C.

BS2700

D.

ISMS

Buy Now
Questions 29

Which of the following is a process of identifying and documenting project roles, responsibilities, and reporting relationships?

Options:

A.

Capacity planning

B.

Enterprise resource planning

C.

Business Continuity planning

D.

Human resource planning

Buy Now
Questions 30

You work as an Information Security Manager for uCertify Inc. You have been assigned the task to create the documentation on control A.7.2 of the ISO standard. Which of the following is the chief concern of control A.7.2?

Options:

A.

Classification of owners

B.

Usage of information

C.

Identification of inventory

D.

Classification of information

Buy Now
Questions 31

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following are information assets?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

User manuals

B.

Operating systems

C.

Training metarials

D.

Personal data

Buy Now
Questions 32

Which of the following is a fast-emerging global sector that advises individuals and corporations on how to apply the highest ethical standards to every aspect of their business?

Options:

A.

Service Capacity Management (SCM)

B.

Business Capacity Management (BCM)

C.

Resource Capacity Management (RCM)

D.

Integrity Management Consulting

Buy Now
Questions 33

Which of the following statements are true about Information Security Management?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It is not designed to recognize, control, or protect information or any equipment that is used in connection with its processing.

B.

It is designed to recognize, control, and protect information and any equipment that is used in connection with its storage and transmission.

C.

Information Security is a system of policies and procedures.

D.

Information Security Management has the objective to manage information security effectively within all service providers.

Buy Now
Questions 34

Which of the following are the things included by sensitive system isolation?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Construction of appropriately isolated environments where technically and operationally feasible

B.

Inclusion of all documents technically stored in a virtual directory

C.

Explicit identification and acceptance of risks when shared facilities and/or resources must be used

D.

Explicit identification and documentation of sensitivity by each system/application controller (owner)

Buy Now
Questions 35

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to assign ownership of some assets of the organization. Which of the following statements correctly describe the responsibilities of an asset owner?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

The owner has property rights to the asset.

B.

The owner is allowed to delegate responsibility for maintaining the asset.

C.

The owner should have a document describing the security controls for the asset.

D.

The owner is allowed to delegate accountability of the asset.

Buy Now
Questions 36

Which of the following is a formal state transition model of computer security policy that is used to describe a set of access control rules which use security labels on objects and clearances for subjects?

Options:

A.

Five Pillars model

B.

Classic information security model

C.

Bell-LaPadula model

D.

Clark-Wilson integrity model

Buy Now
Questions 37

You are responsible for a Microsoft based network. Your servers are all clustered. Which of the following are the likely reasons for the clustering? Each correct answer represents a complete solution. Choose two.

Options:

A.

Failover

B.

Reduce power consumption

C.

Load balancing

D.

Ease of maintenance

Buy Now
Questions 38

You work as an Information Security Manager for uCertify Inc. You are working on the documentation of ISMS. Which of the following steps are concerned with the development of ISMS?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Risk management

B.

HR security planning

C.

Statement of Applicability

D.

Selection of appropriate controls

Buy Now
Questions 39

David works as the Manager for Tech Mart Inc. An incident had occurred ten months ago due to which the company suffered too much losses. David has been assigned the task to submit a report on the losses incurred by the company in a year. Which of the following should David calculate in order to submit the report containing annualized loss expectancy?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Annualized Rate of Occurrence

B.

Number of employees in the company

C.

Single Loss Expectancy

D.

Asset Value

Buy Now
Questions 40

Which of the following statements is true about annualized loss expectancy?

Options:

A.

It is defined as the cost related to a single realized risk against a particular asset.

B.

It is defined as the yearly cost of all instances of a particular threat against a particular ass et.

C.

It is defined as the percentage of loss experienced by an organization when a particular asset is violated by a realized risk.

D.

It is defined as the expected frequency of occurrence of a particular threat or risk in a singl e year.

Buy Now
Questions 41

Which of the following defines the interdependent relationships among the internal support groups of an organization working to support a Service Level Agreement?

Options:

A.

Two-way Connection Agreement

B.

Non Disclosure Agreement

C.

Operational Level Agreement

D.

System Security Authorization Agreement

Buy Now
Questions 42

Which of the following are the rights that are given to the person who has processed data?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

To require that their data is used for direct marketing

B.

To view the data an organization holds on them, for a small fee, known as 'subject access f ee'

C.

To require that data is not used in any way that may potentially cause damage or distress

D.

To request that incorrect information be corrected

Buy Now
Questions 43

Which formula will you use to calculate the estimated average cost of 1 hour of downtime?

Options:

A.

(Employee costs per hour X Number of employees affected by outage) - (Average income per hour)

B.

(Employee costs per hour - Number of employees affected by outage) + (Average income per hour)

C.

(Employee costs per hour X Number of employees affected by outage) + (Average income per hour)

D.

(Employee costs per hour / Number of employees affected by outage) + (Average income per hour)

Buy Now
Questions 44

Which of the following controls are related to Business Continuity and disaster recovery?

Options:

A.

Detective controls

B.

Preventive controls

C.

Corrective controls

D.

Recovery controls

Buy Now
Questions 45

Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?

Options:

A.

Cross site scripting attack

B.

Mail bombing

C.

Password guessing attack

D.

Social engineering attack

Buy Now
Questions 46

Which of the following are the elements of Information Security Management System framework?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Implement

B.

Reset

C.

Plan

D.

Control

Buy Now
Questions 47

You work as a Security Administrator for uCertify Inc. You observe that an employee is spreading personal data of your organization. Which of the following standards of information security deals with the employees handling personal data in an organization?

Options:

A.

Physical security

B.

Network Security

C.

Human resource security

D.

Personal security

Buy Now
Questions 48

Which of the following pillars of Basel II is concerned with maintenance of regulatory capital intended for three major components of risk that a bank faces, which are credit risk, operational risk, and market risk?

Options:

A.

Pillar 4

B.

Pillar 2

C.

Pillar 3

D.

Pillar 1

Buy Now
Questions 49

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following is an intangible asset?

Options:

A.

Personal data

B.

Electricity

C.

Reputation of the company

D.

Equipment

Buy Now
Questions 50

Which of the following forms the basis for the assessment of information security management system (ISMS)?

Options:

A.

ISO 9000

B.

ISO 27001

C.

BS7799

D.

ISO 9001

Buy Now
Questions 51

Which of the following is used for improving the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation?

Options:

A.

CBAC

B.

MAC

C.

UAC

D.

Implicit deny

Buy Now
Questions 52

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to classify different information assets used in your organization. Which of the following should be the basis of your classification?

Options:

A.

Usage of the information for the organization

B.

Owner of the information

C.

Origin of the information

D.

Impact on the organization if information is disclosed

Buy Now
Questions 53

Which of the following concepts or terms states that changes related to one requirement, i.e., scope, time, or cost, will at least influence one other element?

Options:

A.

Triple theory estimation

B.

Triple point theory

C.

Triple point estimation

D.

Triple constraint

Buy Now
Questions 54

An audit trail is an example of which of the following types of control?

Options:

A.

Detective control

B.

Application control

C.

Preventive control

D.

Deterrent control

Buy Now
Questions 55

You work as a Security Administrator for uCertify Inc. You found that a person is coming inside the working area. Now, you want to ensure the authenticity of that person. By which of the following factors can you determine the accuracy of the authentication?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Two-factor authentication

B.

Three-factor authentication

C.

Many-factor authentication

D.

One-factor authentication

Buy Now
Questions 56

You are the project manager for a construction project. The project involves casting of a column in a very narrow space. Because of the lack of space, casting is highly dangerous. High technical skill will be required for casting that column. You decide to hire a local expert team for casting that column. Which of the following types of risk response are you following?

Options:

A.

Avoidance

B.

Transference

C.

Mitigation

D.

Acceptance

Buy Now
Questions 57

Which of the following is not one of the objectives of risk analysis?

Options:

A.

Determining the risk that threats will become a reality

B.

Identifying assets and their value

C.

Removing the risks

D.

Determining vulnerabilities and threats

Buy Now
Questions 58

You work as an Information Security Manager for uCertify Inc. You are working on the documentation of ISMS. Which of the following steps are concerned with the development of ISMS?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Risk management

B.

Selection of appropriate controls

C.

HR security planning

D.

Statement of Applicability

Buy Now
Questions 59

In which year was the Turnbull report published?

Options:

A.

2005

B.

2000

C.

1999

D.

1992

Buy Now
Questions 60

Which of the following are the limitations of Redundant Array of Inexpensive Disks (RAID)?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It is difficult to move RAID to a new system.

B.

It cannot simplify disaster recovery.

C.

It cannot provide a performance boost in all applications.

D.

It cannot protect the data on the array.

Buy Now
Questions 61

You work as a Security Administrator for uCertify Inc. You have installed ten separate applications for your employees to work. All the applications require users to log in before working on them; however, this takes a lot of time. Therefore, you decide to use SSO to resolve this issue. Which of the following are the other benefits of Single Sign-On (SSO)?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Centralized reporting for compliance adherence

B.

Reducing IT costs due to lower number of IT help desk calls about passwords

C.

Reduces phishing success, because users are not trained to enter password everywhere without thinking

D.

Reduces the user experience

Buy Now
Questions 62

Which of the following is used to shift the impact of a threat to a third party, together with the ownership of the response?

Options:

A.

Risk avoidance

B.

Risk transference

C.

Risk mitigation

D.

Risk acceptance

Buy Now
Questions 63

Which of the following are process elements for remote diagnostics?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

After detected performance degradation, predict the failure moment by extrapolation.

B.

Remotely monitor selected vital system parameters.

C.

Compare with known or expected behavior data.

D.

Perform analysis of data to detect trends.

Buy Now
Questions 64

How many modules are there in FaultTree+?

Options:

A.

6

B.

5

C.

3

D.

4

Buy Now
Questions 65

Which of the following procedures is to reduce the risk to personnel, property, and other assets while minimizing work disorders in the event of an emergency?

Options:

A.

Disaster Recovery Plan

B.

Cyber Incident Response Plan

C.

Occupant Emergency Plan

D.

Crisis Communication Plan

Buy Now
Questions 66

Mark works as a Network Security Administrator for uCertify Inc. He wants to implement a firewall technique over the network to inspect each packet passing through the network and to accept or reject it, based on user-defined rules. Which of the following types of firewall techniques is implemented by Mark to accomplish the task?

Options:

A.

Application gateway

B.

Proxy server

C.

Circuit-level gateway

D.

Packet filter

Buy Now
Questions 67

Which of the following is NOT a module of FaultTree+?

Options:

A.

Kerchief Analysis

B.

Fault Tree Analysis

C.

Event Tree Analysis

D.

Markov Analysis

Buy Now
Exam Code: G2700
Exam Name: GIAC Certified ISO-2700 Specialist Practice Test
Last Update: May 3, 2024
Questions: 453
G2700 pdf

G2700 PDF

$28  $80
 Add to Cart
G2700 Engine

G2700 Testing Engine

$33.25  $95
 Add to Cart
G2700 PDF + Engine

G2700 PDF + Testing Engine

$45.5  $130
 Add to Cart