GISF GIAC Exam Questions and Free Practice Test

Question 25

- (Topic 2)
The workstations on your network utilize Windows XP (service pack 2 or later). Many users
take their laptops on the road. You are very concerned about the security and want to have a robust firewall solution for mobile users. You have decided that all your firewalls to use the Stateful Packet Inspection (SPI) method. What must you do to provide SPI to your mobile users?

A. You must purchase a third party firewall solution for your mobile users.

B. Do nothin

C. Windows XP service pack 2 has a firewall turned on by default.

D. Download the SPI template from Microsoft.

E. Configure the Windows XP firewall to use SPI.

Correct Answer:A

Question 26

- (Topic 2)
How should you configure USSOWA1 and USSTIME1 to allow secure access for remote employees?
(Click the Exhibit button on the toolbar to see the case study.)
Each correct answer represents a complete solution. Choose three.

A. Place USSTIME1 on the internal network

B. Place USSOWA1 on the internal network

C. Enable all connections from external network

D. Place USSTIME1 in a DMZ

E. Place USSOWA1 in a DMZ

F. Allow only TCP port 443 connections from the external network

G. Allow only TCP port 80 connections from the external network

Correct Answer:DEF

Question 27

- (Topic 2)
Donna is the project manager for her organization. She is preparing a plan to manage changes to the project should changes be requested. Her change management plan defines the process for documenting, tracking, and determining if the changes should be approved or declined. What system is considered the parent of the change control system documented in Donna's plan?

A. Project Management Information System

B. Integrated Change Control System

C. Change Control System

D. Quality Management System

Correct Answer:A

Question 28

- (Topic 1)
You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

A. Quantitative risk analysis

B. Risk audits

C. Qualitative risk analysis

D. Requested changes

Correct Answer:D

Question 29

- (Topic 2)
Which of the following is a technique of attacks in which the attacker secretly listens to the private conversation between victims?

A. Eavesdropping

B. Intrusion

C. Dialler attack

D. Denial of service

Correct Answer:A

Question 30

- (Topic 1)
The SALES folder has a file named XFILE.DOC that contains critical information about your company. This folder resides on an NTFS volume. The company's Senior Sales Manager asks you to provide security for that file. You make a backup of that file and keep it in a locked cupboard, and then you deny access on the file for the Sales group. John, a member of the Sales group, accidentally deletes that file. You have verified that John is not a member of any other group.
Although you restore the file from backup, you are confused how John was able to delete the file despite having no access to that file.
What is the most likely cause?

A. The Sales group has the Full Control permission on the SALES folder.

B. The Deny Access permission does not work on files.

C. The Deny Access permission does not restrict the deletion of files.

D. John is a member of another group having the Full Control permission on that file.

Correct Answer:A

START GISF EXAM