GISF Online Practice Questions and Answers

You and your project team have identified the project risks and now are analyzing the probability and impact of the risks. What type of analysis of the risks provides a quick and high-level review of each identified risk event?

A. A risk probability-impact matrix

B. Quantitative risk analysis

C. Qualitative risk analysis

D. Seven risk responses

Andrew works as a Network Administrator for NetTech Inc. The company has a Windows Server 2008 domain-based network. The network contains five Windows 2008 member servers and 120 Windows XP Professional client computers. Andrew is concerned about the member servers that are not meeting the security requirements as mentioned in the security policy of the company. Andrew wants to compare the current security settings of the member servers with the security template that is configured according to the security policy of the company. Which of the following tools will Andrew use to accomplish this?

A. Security Configuration and Analysis Tool

B. Active Directory Migration Tool (ADMT)

C. Task Manager

D. Group Policy Management Console (GPMC)

Victor works as a network administrator for DataSecu Inc. He uses a dual firewall Demilitarized Zone (DMZ) to insulate the rest of the network from the portions, which is available to the Internet. Which of the following security threats may occur if DMZ protocol attacks are performed? Each correct answer represents a complete solution. Choose all that apply.

A. Attacker can exploit any protocol used to go into the internal network or intranet of the com pany.

B. Attacker managing to break the first firewall defense can access the internal network without breaking the second firewall if it is different.

C. Attacker can gain access to the Web server in a DMZ and exploit the database.

D. Attacker can perform Zero Day attack by delivering a malicious payload that is not a part of the intrusion detection/prevention systems guarding the network.

The Incident handling process implemented in an enterprise is responsible to deal with all the incidents regarding the enterprise. Which of the following procedures will be involved by the preparation phase of the Incident handling process?

A. Organizing a solution to remove an incident

B. Building up an incident response kit

C. Working with QA to validate security of the enterprise

D. Setting up the initial position after an incident

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

A. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

B. HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"

C. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

D. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

Which of the following types of viruses can prevent itself from being detected by an antivirus application?

A. File virus

B. Boot sector virus

C. Multipartite virus

D. Stealth virus

Which of the following IDS/IPS detection methods do the URLs use to detect and prevent an attack?

A. Encryption-based detection

B. Policy-based detection

C. Signature-based detection

D. Internet bot detection

Mark works as a Customer Support Technician for uCertify Inc. The company provides troubleshooting support to users. Mark is troubleshooting a computer of a user who is working on Windows Vista. The user reports that his sensitive data is being accessed by someone because of security vulnerability in the component of Windows Vista. Which of the following features of Windows Security Center should Mark configure to save the user's data?

A. Automatic updating

B. Firewall

C. Malware protection

D. Content Advisor

Which of the following statements about Public Key Infrastructure (PKI) are true? Each correct answer represents a complete solution. Choose two.

A. It is a digital representation of information that identifies users.

B. It uses asymmetric key pairs.

C. It provides security using data encryption and digital signature.

D. It uses symmetric key pairs.

You work as an Application Developer for uCertify Inc. The company uses Visual Studio .NET Framework

3.5 as its application development platform. You are working on a WCF service. You have decided to implement transport level security. Which of the following security protocols will you use?

A. Kerberos

B. HTTPS

C. RSA

D. IPSEC