GIAC Certified ISO-2700 Specialist Practice Test v6.0 (G2700)

Page:    1 / 31   
Total 457 questions

Victor wants to send an encrypted message to his friend. He is using a steganography technique to accomplish his task. He takes a cover object and changes it accordingly to hide information.
This secret information is recovered only when the algorithm compares the changed cover with the original cover. Which of the following steganography methods is Victor using to accomplish his task?

  • A. The distortion technique
  • B. The substitution technique
  • C. The cover generation technique
  • D. The spread spectrum technique


Answer : A

Which of the following is also known as the 'Code for Information Security'?

  • A. ISO/IEC 20002 standard
  • B. ISO/IEC 27001:2005 standard
  • C. ISO/IEC 27002:2005 standard
  • D. ISO/IEC 20000 standard


Answer : C

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You have been assigned the task to secure information labeling and handling within the organization. Which of the following controls of the ISO standard is concerned with information labeling and handling?

  • A. Control A.7.1.3
  • B. Control A.7.1.2
  • C. Control A.7.2.2
  • D. Control A.7.1.1


Answer : C

Which of the following plans provides measures and capabilities for recovering a major application or general support system?

  • A. Disaster recovery plan
  • B. Crisis communication plan
  • C. Contingency plan
  • D. Business continuity plan


Answer : C

Which of the following documents is developed along the risk management processes to monitor and control risks?

  • A. Fault tree
  • B. Risk mitigation
  • C. Decision tree
  • D. Risk register


Answer : D

Choose and reorder the appropriate steps that you will take to perform auditing.

  • A.


Answer : A

You work as a Security Administrator for uCertify Inc. You have been assigned a task to implement information classification levels. You want to put the highly sensitive documents that should only be accessed by few people of the organization. In which of the following information classification levels should you put those documents?

  • A. Department specific
  • B. High security levels
  • C. Not to be copied
  • D. Classified


Answer : B

Which of the following are the factors that determine the degree to which the Return on
Investment overstates the economic value?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Capitalization policy
  • B. Growth rate of new investment
  • C. Growth rate of old investment
  • D. Length of project life


Answer : A,B,D

Which of the following is expressly set up to attract and trap people who attempt to penetrate other people's computer systems?

  • A. Honeypot
  • B. Internet bot
  • C. Crawler
  • D. Spider


Answer : A

Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?

  • A. Mail bombing
  • B. Cross site scripting attack
  • C. Social engineering attack
  • D. Password guessing attack


Answer : C

Which of the following are the sub-elements of environmental security?
Each correct answer represents a complete solution. Choose all that apply.

  • A. To prevent or respond to environmentally caused conflicts
  • B. To protect and assist environment from a material's potential
  • C. To prevent or repair military damage to the environment
  • D. To protect the environment due to its inherent moral value


Answer : A,C,D

Which of the following is the element used in the technology of encrypting and decrypting the text in cryptography?

  • A. Cipher
  • B. Key
  • C. Plaintext
  • D. Encryption


Answer : B

Mark is hired as an Information Security Officer for BlueWell Inc. He wants to draw the attention of the management towards the significance of integrating information security in the business processes.
Which of the following tasks should he perform first to accomplish the task?

  • A. He should perform a risk assessment.
  • B. He should develop an information security policy.
  • C. He should set up a security budget.
  • D. He should obtain benchmarking information.


Answer : A

You are working with a company that depends on real time data being available to employees, thus performance is an issue. They are trying to select the best method for handing the situation of a hard drive crashing. Which of the following would you recommend to them?

  • A. RAID 2
  • B. RAID 0
  • C. RAID 1
  • D. RAID 5


Answer : D

The Information Security Officer (ISO) of Blue Well Inc. wants to have a list of security measures put together. What should be done before security measures are selected by the
Information Security Officer?

  • A. Carry out a risk analysis.
  • B. Formulate information security policy.
  • C. Set up monitoring.
  • D. Carry out an evaluation.


Answer : A

Page:    1 / 31   
Total 457 questions