Exambible offers free demo for GISF exam. "GIAC Information Security Fundamentals", also known as GISF exam, is a GIAC Certification. This set of posts, Passing the GIAC GISF exam, will help you answer those questions. The GISF Questions & Answers covers all the knowledge points of the real exam. 100% real GIAC GISF exams and revised by experts!

Free GISF Demo Online For GIAC Certifitcation:


You work as a Software Developer for Mansoft Inc. You create an application. You want to use the application to encrypt data. You use the HashAlgorithmType enumeration to specify the algorithm used for generating Message Authentication Code (MAC) in Secure Sockets Layer (SSL) communications.
Which of the following are valid values for HashAlgorithmType enumeration? Each correct answer represents a part of the solution. Choose all that apply.

  • A. MD5
  • B. None
  • C. DES
  • D. RSA
  • E. SHA1
  • F. 3DES

Answer: ABE


Which of the following are the benefits of information classification for an organization?

  • A. It helps identify which information is the most sensitive or vital to an organization.
  • B. It ensures that modifications are not made to data by unauthorized personnel or processes
  • C. It helps identify which protections apply to which information.
  • D. It helps reduce the Total Cost of Ownership (TCO).

Answer: AC


Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?

  • A. Authentication
  • B. Confidentiality
  • C. Integrity
  • D. Non-repudiation

Answer: B


You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries. But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be
involved in resolving this process and find a solution? Each correct answer represents a part of the solution. Choose all that apply.

  • A. Recovery
  • B. Contamination
  • C. Identification
  • D. Eradication
  • E. Preparation

Answer: ABD


Joseph works as a Software Developer for WebTech Inc. He wants to protect the algorithms and the techniques of programming that he uses in developing an application. Which of the following laws are used to protect a part of software?

  • A. Trademark laws
  • B. Patent laws
  • C. Copyright laws
  • D. Code Security law

Answer: B


You are the Administrator for a corporate network. You are concerned about denial of service attacks. Which of the following measures would be most helpful in defending against a Denial-of-Service (DoS) attack?

  • A. Shorten the timeout for connection attempts.
  • B. Place a honey pot in the DMZ.
  • C. Implement a strong password policy.
  • D. Implement network based antivirus.

Answer: A


You work as an Application Developer for uCertify Inc. The company uses Visual Studio
.NET Framework 3.5 as its application development platform. You are working on a WCF service. You have decided to implement transport level security. Which of the following security protocols will you use?

  • A. Kerberos
  • B. HTTPS
  • C. RSA
  • D. IPSEC

Answer: B


Which of the following tools can be used to perform tasks such as Windows password cracking Windows enumeration, and VoIP session sniffing?

  • A. John the Ripper
  • B. Obiwan
  • C. Cain
  • D. L0phtcrack

Answer: C


Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

  • A. Availability
  • B. Integrity
  • C. Confidentiality
  • D. Authenticity

Answer: C


Fred is the project manager for the TCC Company. His company has an internal policy that states each year they will provide free services to a nonprofit organization. Therefore, the company and its employees are not allowed to charge or receive money or gifts from the nonprofit organization they choose to provide free services. This year, the TCC Company offers to provide project management services to the children's hospital for a marketing campaign to raise money. Due to the TCC Company's project management services, the nonprofit agency exceeded previous years fund raising efforts. To show appreciation the nonprofit organization offered to reimburse the project manager for his travel expenses. Which of the following best describes how the project manager should handle the situation?

  • A. Say thank you and let them pay for the travel, it is the least they can do.
  • B. Tell the hospital no thank you and explain it is against company policy to accept payment for services provided to their pro bono customers.
  • C. Say nothing as to not hurt the feelings of the children's hospital.
  • D. Ask if the hospital could pay for some of the supplies too.

Answer: B


Which of the following refers to the process of verifying the identity of a person, network host, or system process?

  • A. Hacking
  • B. Authentication
  • C. Packet filtering
  • D. Auditing

Answer: B


John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He copies the whole structure of the We-are-secure Web site to the local disk and obtains all the files on the Web site. Which of the following techniques is he using to accomplish his task?

  • A. TCP FTP proxy scanning
  • B. Eavesdropping
  • C. Fingerprinting
  • D. Web ripping

Answer: D


Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

  • A. Corrective controls
  • B. Detective controls
  • C. Safeguards
  • D. Preventive controls

Answer: A


In which type of access control do user ID and password system come under?

  • A. Physical
  • B. Power
  • C. Technical
  • D. Administrative

Answer: C


Which of the following policies define how Identification and Authorization occur and determine access control, audits, and network connectivity?

  • A. Information policies
  • B. Usage policies
  • C. Security policies
  • D. Administrative policies
  • E. Disaster Recovery Plans
  • F. Design Requirements

Answer: C


What does a firewall check to prevent certain ports and applications from getting the packets into an Enterprise?

  • A. The application layer port numbers and the transport layer headers
  • B. The presentation layer headers and the session layer port numbers
  • C. The network layer headers and the session layer port numbers
  • D. The transport layer port numbers and the application layer headers

Answer: D


John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks? Each correct answer represents a complete solution. Choose all that apply.

  • A. Dictionary attack
  • B. Rule based attack
  • C. Brute Force attack
  • D. Hybrid attack

Answer: ACD


Adam, a novice Web user is getting large amount of unsolicited commercial emails on his email address. He suspects that the emails he is receiving are the Spam. Which of the following steps will he take to stop the Spam?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Forward a copy of the spam to the ISP to make the ISP conscious of the spam.
  • B. Send an email to the domain administrator responsible for the initiating IP address.
  • C. Report the incident to the FTC (The U.
  • D. Federal Trade Commission) by sending a copy of the spam message.
  • E. Close existing email account and open new email account.

Answer: AC


Recommend!! Get the Full GISF dumps in VCE and PDF From DumpSolutions.com, Welcome to Download: https://www.dumpsolutions.com/GISF-dumps/ (New 333 Q&As Version)