Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: s2p65

Easiest Solution 2 Pass Your Certification Exams

G2700 GIAC Certified ISO-2700 Specialist Practice Test Free Practice Exam Questions (2025 Updated)

Prepare effectively for your GIAC G2700 GIAC Certified ISO-2700 Specialist Practice Test certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

GIAC G2700 Premium Access     Download Demo    
Page: 6 / 7
Total 453 questions

You work as a Network Security Administrator for uCertify Inc. You feel that someone has accessed your computer and used your e-mail account. To check whether there is any virus installed into your computer, you scan your computer but do not find any illegal software. Which of the following types of security attacks generally runs behind the scenes on your computer?

A.

Zero-day

B.

Rootkit

C.

Hybrid

D.

Replay

Which of the following tools can be used for steganography?

Each correct answer represents a complete solution. Choose all that apply.

A.

Snow.exe

B.

Stegbreak

C.

Anti-x

D.

Image hide

Mark is the project manager of the HAR Project. The project is scheduled to last for eighteen months and six months already passed. Management asks Mark that how often the project team is participating in the risk reassessment of this project. What should Mark tell management if he is following the best practices for risk management?

A.

Project risk management happens at every milestone.

B.

Project risk management has been concluded with the project planning.

C.

At every status meeting of the project team, project risk management is an agenda item.

D.

Project risk management is scheduled for every month in the 18-month project.

Fill in the blank with the appropriate term.

______is the process of managing user authorizations based on the ITU-T Recommendation X.509.

Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?

A.

Cross site scripting attack

B.

Mail bombing

C.

Password guessing attack

D.

Social engineering attack

Which of the following are the purposes of security awareness, training, and education?

Each correct answer represents a complete solution. Choose all that apply.

A.

Improve awareness of the need to protect system resources.

B.

Make computer system users aware of their security responsibilities and teaching them correct practices, which helps users change their behavior.

C.

Enhance the skills and knowledge so that the computer users can perform their jobs more securely.

D.

Construct in-depth knowledge, as needed, to design, implement, or operate security programs for organizations and systems.

Which of the following are implemented in the Do phase of the PDCA model?

Each correct answer represents a complete solution. Choose all that apply.

A.

Information security policy

B.

Development of an information security policy

C.

Underlying procedures and measures of the information security policy

D.

Documentation of an information security policy

Mark works as a Webmaster for Infonet Inc. He sets up an e-commerce site. He wants to accept online payments through credit cards on this site. He wants the credit card numbers to be encrypted. What will Mark do to accomplish the task?

A.

Use PGP.

B.

Use SET.

C.

Use HTTP.

D.

Use MIME.

Which of the following are the elements of Information Security Management System framework?

Each correct answer represents a complete solution. Choose all that apply.

A.

Implement

B.

Reset

C.

Plan

D.

Control

Which of the following are the rights that are given to the person who has processed data?

Each correct answer represents a complete solution. Choose all that apply.

A.

To require that their data is used for direct marketing

B.

To view the data an organization holds on them, for a small fee, known as 'subject access f ee'

C.

To require that data is not used in any way that may potentially cause damage or distress

D.

To request that incorrect information be corrected

Which of the following statements are true about Regulation of Investigatory Powers Act 2000?

Each correct answer represents a complete solution. Choose all that apply.

A.

It enables certain public bodies to demand ISPs fit equipment to facilitate surveillance.

B.

It enables mass surveillance of communications in transit.

C.

It enables certain private bodies to demand that someone hand over keys to protected information.

D.

It allows certain public bodies to monitor people's Internet activities.

Sam works as the Network Administrator for uCertify Inc. The information of a sensitive nature is processed. The highest-level security measures are to be implemented by management. What is this kind of risk strategy called?

A.

Risk compensating

B.

Risk avoiding

C.

Risk bearing

D.

Risk neutral

Which of the following defines the amount of data loss a business can endure?

A.

RTA

B.

RTO

C.

RPO

D.

BCP

In which of the following sections of the Computer Misuse Act 1990 are amendments made by Part 5 of the Police and Justice Act 2006?

Each correct answer represents a complete solution. Choose all that apply.

A.

Section 39

B.

Section 38

C.

Section 36

D.

Section 35

You work as an Information Security Manager for uCertify Inc. You are implementing an asset management strategy. Which of the following should you include in your strategy to make it effective?

Each correct answer represents a complete solution. Choose all that apply.

A.

Software assets

B.

Organization's reputation

C.

Outage duration

D.

IT equipment

Which of the following provides high availability of data?

A.

Anti-virus software

B.

RAID

C.

EFS

D.

Backup

Peter works as a Security Administrator for SecureEnet Inc. He observes that the database server of the company has been compromised and the data is stolen. Peter immediately wants to report this crime to the law enforcement authorities. Which of the following organizations looks after computer crime investigations in the United States?

A.

Local or National office of the US secret service

B.

National Institute of Standards and Technology

C.

Federal Bureau of Investigation

D.

Incident response team

You work as an Information Security Manager for uCertify Inc. You are working on the documentation of ISMS. Which of the following steps are concerned with ISMS?

Each correct answer represents a complete solution. Choose all that apply.

A.

Definition of the ISMS scope

B.

Disaster recovery planning

C.

Risk Management

D.

Definition of the security policy

You are the Network Administrator for a school. You are concerned that end users' might accidentally have access to resources they do not require. What concept should you implement in your network security management to best address this concern?

A.

Explicit Deny

B.

Implicit Allow

C.

ACL

D.

The principle of least privileges

Which of the following paragraphs of the Turnbull Report stated that a company's internal control system encompasses the policies, processes, tasks, behaviors, and other aspects of the company?

A.

Paragraph 28

B.

Paragraph 20

C.

Paragraph 22

D.

Paragraph 21

GIAC G2700 Premium Access     Download Demo    
Page: 6 / 7
Total 453 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved