GISF Online Practice Questions and Answers

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He wants to test the effect of a virus on the We-are-secure server. He injects the virus on the server and, as a result, the server becomes infected with the virus even though an established antivirus program is installed on the server. Which of the following do you think are the reasons why the antivirus installed on the server did not detect the virus injected by John? Each correct answer represents a complete solution. Choose all that apply.

A. The virus, used by John, is not in the database of the antivirus program installed on the ser ver.

B. The mutation engine of the virus is generating a new encrypted code.

C. John has created a new virus.

D. John has changed the signature of the virus.

You are concerned about outside attackers penetrating your network via your company Web server.

You wish to place your Web server between two firewalls One firewall between the Web server and the outside world The other between the Web server and your network What is this called?

A. IDS

B. SPI firewall

C. DMZ

D. Application Gateway firewall

Which of the following are the differences between routed protocols and routing protocols? Each correct answer represents a complete solution. Choose two.

A. A routing protocol is configured on an interface and decides the method of packet delivery.

B. A routing protocol decides the path for a packet through the network.

C. A routed protocol is configured on an interface and decides how a packet will be delivered.

D. A routed protocol works on the transport layer of the OSI model.

You have decided to implement an intrusion detection system on your network. You primarily are interested in the IDS being able to recognized known attack techniques. Which type of IDS should you choose?

A. Signature Based

B. Passive

C. Active

D. Anomaly Based

Which of the following statements about testing are true? Each correct answer represents a complete solution. Choose all that apply.

A. A stub is a program that simulates a calling unit, and a driver is a program that simulates a called unit.

B. In unit testing, each independent unit of an application is tested separately.

C. In integration testing, a developer combines two units that have already been tested into a component.

D. The bottom-up approach to integration testing helps minimize the need for stubs.

You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the Incident handling process will utilize the signature to resolve this incident?

A. Recovery

B. Identification

C. Containment

D. Eradication

Which of the following tools can be used for stress testing of a Web server? Each correct answer represents a complete solution. Choose two.

A. Internet bots

B. Spyware

C. Scripts

D. Anti-virus software

You are developing an online business solution for National Institute of Meteorological and Oceanographic Research (NIMOR). A case study for the organization is given in the exhibit. Based on the case study, you need to implement Internet security so that no user can hack confidential data. According to you, which of the following security options will you use for your solution? Each correct answer represents a complete solution. Choose all that apply. (Click the Exhibit button on the toolbar to see the case study.)

A. Antivirus and antispyware software

B. Secure Sockets Layer and digital certificates

C. Firewall security

D. Automatic Updates in Windows XP

You are the Administrator for a corporate network. You are concerned about denial of service attacks. Which of the following measures would be most helpful in defending against a Denial-of-Service (DoS) attack?

A. Shorten the timeout for connection attempts.

B. Place a honey pot in the DMZ.

C. Implement a strong password policy.

D. Implement network based antivirus.

Which of the following is the process of making additional copies of data so that they may be used to restore the original after a data loss event?

A. Data mining

B. Back-up

C. Data recovery

D. File storage

Which of the following is the purpose of employing DMZ (Demilitarized zone) in a network?

A. It adds an additional layer of security to a Local Area Network (LAN).

B. It creates a check-point to a Local Area Network (LAN).

C. It adds an extra node to the Local Area Network (LAN).

D. It works along with the firewall to filter unwanted data packets.

Donna is the project manager for her organization. She is preparing a plan to manage changes to the project should changes be requested. Her change management plan defines the process for documenting, tracking, and determining if the changes should be approved or declined. What system is considered the parent of the change control system documented in Donna's plan?

A. Project Management Information System

B. Integrated Change Control System

C. Change Control System

D. Quality Management System

You are the project manager for TTX project. You have to procure some electronics gadgets for the project. A relative of yours is in the retail business of those gadgets. He approaches you for your favor to get the order. This is the situation of ____.

A. Bribery

B. Irresponsible practice

C. Illegal practice

D. Conflict of interest

What is VeriSign?

A. It is a data warehouse.

B. It is an e-commerce portal.

C. It is a search engine.

D. It is a payment gateway.

You are the project manager for BlueWell Inc. You are reviewing the risk register for your project. The risk register provides much information to you, the project manager and to the project team during the risk response planning. All of the following are included in the risk register except for which item?

A. Trends in qualitative risk analysis results

B. Symptoms and warning signs of risks

C. List of potential risk responses

D. Network diagram analysis of critical path activities