Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: s2p65

Easiest Solution 2 Pass Your Certification Exams

G2700 GIAC Certified ISO-2700 Specialist Practice Test Free Practice Exam Questions (2025 Updated)

Prepare effectively for your GIAC G2700 GIAC Certified ISO-2700 Specialist Practice Test certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

GIAC G2700 Premium Access     Download Demo    
Page: 3 / 7
Total 453 questions

Peter works as a Security Administrator for SecureEnet Inc. He observes that the database server of the company has been compromised and the data is stolen. Peter immediately wants to report this crime to the law enforcement authorities. Which of the following organizations looks after computer crime investigations in the United States?

A.

National Institute of Standards and Technology

B.

Federal Bureau of Investigation

C.

Local or National office of the US secret service

D.

Incident response team

What does CRAMM stand for?

A.

Continuous Risk Analysis and Management Method

B.

CCTA Risk Analysis and Management Method

C.

Continuous Risk Analyzer and Manager Methodology

D.

CCTA Risk Analyzer and Manager Methodology

You are consulting with a small budget conscious accounting firm. Each accountant keeps individual records on their PC and checks them in and out of a server. They are concerned about losing data should the server hard drive crash. Which of the following RAID levels would you recommend?

A.

RAID 1

B.

RAID 6

C.

RAID 5

D.

RAID 0

Who of the following receive reports after the Check phase of the PDCA model is completed?

Each correct answer represents a complete solution. Choose all that apply.

A.

Security Officer

B.

Management

C.

CEO

D.

Chief Information Security Officer

Which of the following can be protected by the RAID implementation?

A.

Switch failure

B.

Disk failure

C.

Network failure

D.

Host failure

How many modules are there in FaultTree+?

A.

6

B.

5

C.

3

D.

4

Which of the following surveys found that the smaller organizations had had a better understanding of their information assets?

A.

Information Security Breaches Survey (ISBS) 2006

B.

KPMG's Information Security Survey 2000

C.

DTI Survey

D.

CBI Cyber Crime Survey

You work as a Security Administrator for uCertify Inc. You observe that an employee is spreading personal data of your organization. Human resource security deals with the employees handling personal data in an organization. Which section of ISO 27002 describes human resource security?

A.

Section 4

B.

Section 8

C.

Section 3

D.

Section 5

Which of the following statements is related to residual risks?

A.

It can be considered as an indicator of threats coupled with vulnerability.

B.

It is the probabilistic risk before implementing all security measures.

C.

It is a weakness or lack of safeguard that can be exploited by a threat.

D.

It is the probabilistic risk after implementing all security measures.

Which of the following types of viruses is placed into the first sector of the hard drive?

A.

Multipartite

B.

Master boot record

C.

File

D.

Boot sector

You work as a Network Administrator for uCertify Inc. You are responsible for selecting the access control method that will be used for kiosk system software. Your manager wants to have full access to all information about all categories, but the visitors can access only general information about the organization. Which of the following types of access controls is suitable to accomplish this task?

A.

Attribute-based access control

B.

Rule-based access control

C.

Discretionary access control

D.

Mandatory access control

The Information Security Officer (ISO) of Blue Well Inc. wants to have a list of security measures put together. What should be done before security measures are selected by the Information Security Officer?

A.

Carry out an evaluation.

B.

Formulate information security policy.

C.

Carry out a risk analysis.

D.

Set up monitoring.

Mark works as a Data Center Manager for TechNet Inc. A few days ago, he published a blog about himself during his working hours. However, as per the organization's policy, any member of the organization cannot use any resources of the organization for his personal use. Since Mark has violated the policy, he should go to an internal committee and be informed of his rights in the matter. Which of the following practices is being implemented?

A.

Due process

B.

Integrity Management Consulting

C.

Due diligence

D.

Due care

Which of the following statements is true about Return On Investment?

A.

It is the profit achieved through realization of improvements.

B.

It is the outcome that is once compared to the earlier state, which shows a computable increase in a desirable metric or decrease in an undesirable metric.

C.

It is the difference between the benefit achieved and the amount spent to achieve that benefit; it is expressed as a percentage.

D.

It is the extra value produced by establishment of benefits that include long-term outcomes. ROI is a sub-component of VOI.

You work as a Security Administrator for uCertify Inc. You have been assigned the task to improve the security of the organization. For accomplishing the task, you need to improve the layers of physical security. Which of the following are the layers of physical security?

Each correct answer represents a complete solution. Choose all that apply.

A.

Video monitoring

B.

Immigration system

C.

Intrusion detection

D.

Environmental design

E.

Personnel Identification

Which of the following are the limitations of Redundant Array of Inexpensive Disks (RAID)?

Each correct answer represents a complete solution. Choose all that apply.

A.

It is difficult to move RAID to a new system.

B.

It cannot simplify disaster recovery.

C.

It cannot provide a performance boost in all applications.

D.

It cannot protect the data on the array.

Which of the following defines the amount of data loss a business can endure?

A.

RTO

B.

RTA

C.

BCP

D.

RPO

You work as a Security Administrator for uCertify Inc. You have developed a user manual for internal use, which will help your colleagues to work efficiently in the organization. However, you are concerned about the possibility of the user manual being distributed to the public. Therefore, you have decided to implement a system of classification so that you can secure information.

Which of the following information classification levels will you use to implement the system?

A.

Department specific

B.

Public or unclassified

C.

Private or confidential

D.

Classified

Which of the following roles is responsible for the review and risk analysis of all the contracts on regular basis?

A.

The IT Service Continuity Manager

B.

The Configuration Manager

C.

The Supplier Manager

D.

The Service Catalogue Manager

Which of the following is used to shift the impact of a threat to a third party, together with the ownership of the response?

A.

Risk avoidance

B.

Risk transference

C.

Risk mitigation

D.

Risk acceptance

GIAC G2700 Premium Access     Download Demo    
Page: 3 / 7
Total 453 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved