GISF GIAC Information Security Fundamentals Free Practice Exam Questions (2025 Updated)
Prepare effectively for your GIAC GISF GIAC Information Security Fundamentals certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.
You work as a Network Administrator for Marioxnet Inc. You have the responsibility of handling two routers with BGP protocol for the enterprise's network. One of the two routers gets flooded with an unexpected number of data packets, while the other router starves with no packets reaching it. Which of the following attacks can be a potential cause of this?
Which of the following is an organization that defines standards for anti-virus software?
Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?
You are the project manager of a new project in your organization. You and the project team have identified the project risks, completed risk analysis, and are planning the most appropriate risk responses. Which of the following tools is most effective to choose the most appropriate risk response?
You are the project manager of the HHH Project. The stakeholders for this project are scattered across the world and you need a method to promote interaction. You determine that a Web conferencing software would be the most cost effective solution. The stakeholders can watch a slide show while you walk them through the project details. The stakeholders can hear you, ask questions via a chat software, and post concerns. What is the danger in this presentation?
You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process to handle the events and incidents. You identify Denial of Service attack (DOS) from a network linked to your internal enterprise network. Which of the following phases of the Incident handling process should you follow next to handle this incident?
Which U.S. government agency is responsible for establishing standards concerning cryptography for nonmilitary use?
Security is responsible for well-being of information and infrastructures in which the possibilities of successful yet undetected theft, tampering, and/or disruption of information and services are kept low or tolerable. Which of the following are the elements of security?
Each correct answer represents a complete solution. Choose all that apply.
Based on the case study, to implement more security, which of the following additional technologies should you implement for laptop computers?
(Click the Exhibit button on the toolbar to see the case study.)
Each correct answer represents a complete solution. Choose two.
You have decided to implement an intrusion detection system on your network. You primarily are interested in the IDS being able to recognized known attack techniques. Which type of IDS should you choose?
How long are cookies in effect if no expiration date is set?
A Cisco Unified Wireless Network has an AP that does not rely on the central control device of the network. Which type of AP has this characteristic?
Mark is implementing security on his e-commerce site. He wants to ensure that a customer sending a message is really the one he claims to be. Which of the following techniques will he use to ensure this?
How should you configure the Regional Centers' e-mail, so that it is secure and encrypted?
(Click the Exhibit button on the toolbar to see the case study.)
The ATM of a bank is robbed by breaking the ATM machine. Which of the following physical security devices can now be used for verification and historical analysis of the ATM robbery?
In which type of access control do user ID and password system come under?
You work as a project manager for TYU project. You are planning for risk mitigation. You need to identify the risks that will need a more in-depth analysis. Which of the following activities will help you in this?
You work as a security manager in Mariotiss Inc. Your enterprise has been facing network and software security threats since a few months. You want to renew your current security policies and management to enhance the safety of your information systems. Which of the following is the best practice to initiate the renewal process from the lowest level with the least managerial effort?
Which of the following Web attacks is performed by manipulating codes of programming languages such as SQL, Perl, Java present in the Web pages?
