Cyber Monday Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

GISF GIAC Information Security Fundamentals Free Practice Exam Questions (2025 Updated)

Prepare effectively for your GIAC GISF GIAC Information Security Fundamentals certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

GIAC GISF Premium Access     Download Demo    
Page: 4 / 5
Total 333 questions

Which of the following types of attack can guess a hashed password?

A.

Teardrop attack

B.

Evasion attack

C.

Denial of Service attack

D.

Brute force attack

You are the project manager for TTX project. You have to procure some electronics gadgets for the project. A relative of yours is in the retail business of those gadgets. He approaches you for your favor to get the order. This is the situation of ____.

A.

Bribery

B.

Irresponsible practice

C.

Illegal practice

D.

Conflict of interest

The IT Director of the company is very concerned about the security of the network. Which audit policy should he implement to detect possible intrusions into the network? (Click the Exhibit button on the toolbar to see the case study.)

A.

The success and failure auditing for policy change.

B.

The success and failure auditing for process tracking.

C.

The success and failure auditing for logon events.

D.

The success and failure auditing for privilege use.

Which of the following Windows Security Center features is implemented to give a logical layer protection between computers in a networked environment?

A.

Firewall

B.

Automatic Updating

C.

Other Security Settings

D.

Malware Protection

You are the project manager for a software technology company. You and the project team have identified that the executive staff is not fully committed to the project. Which of the following best describes the risk?

A.

Residual risks

B.

Trend analysis

C.

Schedule control

D.

Organizational risks

Which of the following are the types of Intrusion detection system?

A.

Server-based intrusion detection system (SIDS)

B.

Client based intrusion detection system (CIDS)

C.

Host-based intrusion detection system (HIDS)

D.

Network intrusion detection system (NIDS)

You are a Consumer Support Technician. You are helping a user troubleshoot computer-related issues. While troubleshooting the user's computer, you find a malicious program similar to a virus or worm. The program negatively affects the privacy and security of the computer and is capable of damaging the computer. Which of the following alert levels of Windows Defender is set for this program?

A.

Low

B.

High

C.

Severe

D.

Medium

Which of the following cryptographic algorithms uses a single key to encrypt and decrypt data?

A.

Asymmetric

B.

Symmetric

C.

Numeric

D.

Hashing

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

A.

Quantitative risk analysis

B.

Risk audits

C.

Qualitative risk analysis

D.

Requested changes

Every network device contains a unique built in Media Access Control (MAC) address, which is used to identify the authentic device to limit the network access. Which of the following addresses is a valid MAC address?

A.

F936.28A1.5BCD.DEFA

B.

A3-07-B9-E3-BC-F9

C.

1011-0011-1010-1110-1100-0001

D.

132.298.1.23

Which of the following types of virus is capable of changing its signature to avoid detection?

A.

Stealth virus

B.

Boot sector virus

C.

Macro virus

D.

Polymorphic virus

Computer networks and the Internet are the prime mode of Information transfer today. Which of the following is a technique used for modifying messages, providing Information and Cyber security, and reducing the risk of hacking attacks during communications and message passing over the Internet?

A.

Cryptography

B.

OODA loop

C.

Risk analysis

D.

Firewall security

Which of the following does an anti-virus program update regularly from its manufacturer's Web site?

A.

Hotfixes

B.

Definition

C.

Service packs

D.

Permissions

You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus.

Which of the following phases in the Incident handling process will utilize the signature to resolve this incident?

A.

Recovery

B.

Identification

C.

Containment

D.

Eradication

Which of the following is the most secure place to host a server that will be accessed publicly through the Internet?

A.

A DNS Zone

B.

An Intranet

C.

A demilitarized zone (DMZ)

D.

A stub zone

Which of the following statements are true about UDP?

Each correct answer represents a complete solution. Choose all that apply.

A.

UDP is an unreliable protocol.

B.

FTP uses a UDP port for communication.

C.

UDP is a connectionless protocol.

D.

TFTP uses a UDP port for communication.

E.

UDP works at the data-link layer of the OSI model.

Victor wants to use Wireless Zero Configuration (WZC) to establish a wireless network connection using his computer running on Windows XP operating system. Which of the following are the most likely threats to his computer?

Each correct answer represents a complete solution. Choose two.

A.

Attacker can use the Ping Flood DoS attack if WZC is used.

B.

Attacker by creating a fake wireless network with high power antenna cause Victor's computer to associate with his network to gain access.

C.

Information of probing for networks can be viewed using a wireless analyzer and may be used to gain access.

D.

It will not allow the configuration of encryption and MAC filtering. Sending information is not secure on wireless network.

Which of the following are application layer protocols of Internet protocol (IP) suite?

Each correct answer represents a complete solution. Choose two.

A.

IGP

B.

IGRP

C.

Telnet

D.

SMTP

Victor works as a network administrator for DataSecu Inc. He uses a dual firewall Demilitarized Zone (DMZ) to insulate the rest of the network from the portions, which is available to the Internet. Which of the following security threats may occur if DMZ protocol attacks are performed?

Each correct answer represents a complete solution. Choose all that apply.

A.

Attacker can exploit any protocol used to go into the internal network or intranet of the com pany.

B.

Attacker managing to break the first firewall defense can access the internal network without breaking the second firewall if it is different.

C.

Attacker can gain access to the Web server in a DMZ and exploit the database.

D.

Attacker can perform Zero Day attack by delivering a malicious payload that is not a part of the intrusion detection/prevention systems guarding the network.

In a complex network, Router transfers data packets by observing some form of parameters or metrics provided in the routing table. Which of the following metrics is NOT included in the routing table?

A.

Bandwidth

B.

Load

C.

Delay

D.

Frequency

GIAC GISF Premium Access     Download Demo    
Page: 4 / 5
Total 333 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved