[Free] 2017(Sep) CollectDumps Dumpsleader GIAC GISF Dumps with VCE and PDF 141-150

CollectDumps 2017 Sep GIAC Official New Released GISF
100% Free Download! 100% Pass Guaranteed!

GIAC Information Security Fundamentals

Question No: 141 – (Topic 1)

You work as a Software Developer for Mansoft Inc. You have participated in the customization of a previously developed Configuration Management Application Block (CMAB) that manages an application configuration setting in multiple data stores. Based on requirements, you have extended the CMAB to read and write configuration data to and from an Oracle database. You need to create a unit test strategy. Which of the following steps would you include in a unit test of the CMAB?

Each correct answer represents a part of the solution. Choose all that apply.

  1. Perform White box testing

  2. Regression test the existing functionality

  3. Execute Use cases of the application

  4. Perform Stress testing

  5. Review the implementation

Answer: A,B,E

Question No: 142 – (Topic 1)

Victor wants to use Wireless Zero Configuration (WZC) to establish a wireless network connection using his computer running on Windows XP operating system. Which of the following are the most likely threats to his computer?

Each correct answer represents a complete solution. Choose two.

  1. Attacker can use the Ping Flood DoS attack if WZC is used.

  2. Attacker by creating a fake wireless network with high power antenna cause Victor#39;s computer to associate with his network to gain access.

  3. Information of probing for networks can be viewed using a wireless analyzer and may be used to gain access.

  4. It will not allow the configuration of encryption and MAC filtering. Sending information is not secure on wireless network.

Answer: B,C

Question No: 143 – (Topic 1)

Which of the following is not needed for effective procurement planning?

  1. Activity resource management

  2. Project schedule

  3. Cost baseline

  4. Quality risk analysis

Answer: D

Question No: 144 – (Topic 1)

You are concerned about rootkits on your network communicating with attackers outside your network. Without using an IDS how can you detect this sort of activity?

  1. By examining your firewall logs.

  2. By examining your domain controller server logs.

  3. By setting up a DMZ.

  4. You cannot, you need an IDS.

Answer: A

Question No: 145 – (Topic 1)

Which of the following network connectivity devices translates one protocol into another and is used to connect dissimilar network technologies?

  1. Hub

  2. Firewall

  3. Bridge

  4. Gateway

Answer: D

Question No: 146 – (Topic 1)

Kelly is the project manager of the NNQ Project for her company. This project will last for one year and has a budget of $350,000. Kelly is working with her project team and subject matter experts to begin the risk response planning process. When the project manager begins the plan risk response process, what two inputs will she need?

  1. Risk register and the results of risk analysis

  2. Risk register and the risk response plan

  3. Risk register and the risk management plan

  4. Risk register and power to assign risk responses

Answer: C

Question No: 147 – (Topic 1)

You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus.

Which of the following phases in the Incident handling process will utilize the signature to resolve this incident?

  1. Recovery

  2. Identification

  3. Containment

  4. Eradication

Answer: D

Question No: 148 – (Topic 1)

Which of the following statements are TRUE regarding asymmetric encryption and symmetric encryption? Each correct answer represents a complete solution. Choose all that apply.

  1. Data Encryption Standard (DES) is a symmetric encryption key algorithm.

  2. In symmetric encryption, the secret key is available only to the recipient of the message.

  3. Symmetric encryption is commonly used when a message sender needs to encrypt a large amount of data.

  4. Asymmetric encryption uses a public key and a private key pair for data encryption.

Answer: A,C,D

Question No: 149 – (Topic 1)

The ATM of a bank is robbed by breaking the ATM machine. Which of the following physical security devices can now be used for verification and historical analysis of the ATM robbery?

  1. Biometric devices

  2. Intrusion detection systems

  3. Key card

  4. CCTV Cameras

Answer: D

Topic 2, Volume B

Question No: 150 – (Topic 2)

What is a variant with regard to Configuration Management?

  1. A CI that has the same name as another CI but shares no relationship.

  2. A CI that has the same essential functionality as another CI but a bit different in some small manner.

  3. A CI that particularly refers to a hardware specification.

  4. A CI that particularly refers to a software version.

Answer: B

100% Free Download!
Download Free Demo:GISF Demo PDF
100% Pass Guaranteed!
Download 2017 CollectDumps GISF Full Exam PDF and VCE

CollectDumps ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 CollectDumps IT Certification PDF and VCE