Cyber Monday Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

GISF GIAC Information Security Fundamentals Free Practice Exam Questions (2025 Updated)

Prepare effectively for your GIAC GISF GIAC Information Security Fundamentals certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

GIAC GISF Premium Access     Download Demo    
Page: 3 / 5
Total 333 questions

Which of the following statements are true about Public-key cryptography? Each correct answer represents a complete solution. Choose two.

A.

Data encrypted with the secret key can only be decrypted by another secret key.

B.

The secret key can encrypt a message, and anyone with the public key can decrypt it.

C.

Data encrypted by the public key can only be decrypted by the secret key.

D.

The distinguishing technique used in public key-private key cryptography is the use of symmetric key algorithms.

You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries. But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be involved in resolving this process and find a solution? Each correct answer represents a part of the solution. Choose all that apply.

A.

Recovery

B.

Contamination

C.

Identification

D.

Eradication

E.

Preparation

Which of the following are parts of applying professional knowledge? Each correct answer represents a complete solution. Choose all that apply.

A.

Maintaining cordial relationship with project sponsors

B.

Reporting your project management appearance

C.

Staying up-to-date with project management practices

D.

Staying up-to-date with latest industry trends and new technology

Which of the following wireless security features provides the best wireless security mechanism?

A.

WPA with 802.1X authentication

B.

WPA with Pre Shared Key

C.

WPA

D.

WEP

You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?

A.

Risk Management Plan

B.

Communications Management Plan

C.

Stakeholder management strategy

D.

Resource Management Plan

Which of the following protocols is used to prevent switching loops in networks with redundant switched paths?

A.

Cisco Discovery Protocol (CDP)

B.

Spanning Tree Protocol (STP)

C.

File Transfer Protocol (FTP)

D.

VLAN Trunking Protocol (VTP)

You work in a company that accesses the Internet frequently. This makes the company's files susceptible to attacks from unauthorized access. You want to protect your company's network from external attacks. Which of the following options will help you in achieving your aim?

A.

FTP

B.

Gopher

C.

Firewall

D.

HTTP

You have purchased a wireless router for your home network. What will you do first to enhance the security?

A.

Change the default password and administrator's username on the router

B.

Disable the network interface card on the computer

C.

Configure DMZ on the router

D.

Assign a static IP address to the computers

You are the Network Administrator for a bank. You discover that someone has logged in with a user account access, but then used various techniques to obtain access to other user accounts. What is this called?

A.

Vertical Privilege Escalation

B.

Session Hijacking

C.

Account hijacking

D.

Horizontal Privilege Escalation

You work as a Software Developer for uCertify Inc. The company has several branches worldwide. The company uses Visual Studio.NET 2005 as its application development platform. You have recently finished the development of an application using .NET Framework 2.0. The application can be used only for cryptography. Therefore, you have implemented the application on a computer. What will you call the computer that implemented cryptography?

A.

Cryptographer

B.

Cryptographic toolkit

C.

Cryptosystem

D.

Cryptanalyst

John is a merchant. He has set up a LAN in his office. Some important files are deleted as a result of virus attack. John wants to ensure that it does not happen again. What will he use to protect his data from virus?

A.

Antivirus

B.

Backup

C.

Symmetric encryption

D.

Firewall

Which of the following statements about a brute force attack is true?

A.

It is a program that allows access to a computer without using security checks.

B.

It is an attack in which someone accesses your e-mail server and sends misleading information to others.

C.

It is a virus that attacks the hard drive of a computer.

D.

It is a type of spoofing attack.

E.

It is an attempt by an attacker to guess passwords until he succeeds.

Which of the following are the benefits of information classification for an organization?

A.

It helps identify which information is the most sensitive or vital to an organization.

B.

It ensures that modifications are not made to data by unauthorized personnel or processes

C.

It helps identify which protections apply to which information.

D.

It helps reduce the Total Cost of Ownership (TCO).

Which of the following is used in asymmetric encryption?

A.

Public key and user key

B.

Public key and private key

C.

SSL

D.

NTFS

You are the Network Administrator for a software development company. Your company creates various utilities and tools. You have noticed that some of the files your company creates are getting deleted from systems. When one is deleted, it seems to be deleted from all the computers on your network. Where would you first look to try and diagnose this problem?

A.

Antivirus log

B.

System log

C.

IDS log

D.

Firewall log

Which of the following logs contains events pertaining to security as defined in the Audit policy?

A.

DNS server log

B.

Application log

C.

System log

D.

Directory Service log

E.

Security log

F.

File Replication Service log

Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?

A.

Technical representative

B.

Legal representative

C.

Lead investigator

D.

Information security representative

Which of the following technologies is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet?

A.

Packet filtering

B.

Firewall

C.

Intrusion detection system (IDS)

D.

Demilitarized zone (DMZ)

The Intrusion Detection System (IDS) instructs the firewall to reject any request from a particular IP address if the network is repeatedly attacked from this address. What is this action known as?

A.

Sending deceptive e-mails

B.

Sending notifications

C.

Shunning

D.

Logging

E.

Spoofing

F.

Network Configuration Changes

You work as the Security Administrator for Prodotxiss Inc. You want to ensure the security of your Wi-Fi enterprise network against the wireless snooping attacks. Which of the following measures will you take over the site network devices of the network?

A.

Apply firewalls at appropriate spots.

B.

Download and install new firmware patch for the router.

C.

Disable the SSID broadcast feature of the router.

D.

Apply a standard ACL on the router.

GIAC GISF Premium Access     Download Demo    
Page: 3 / 5
Total 333 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved