GIAC G2700 Study Material, First-hand GIAC G2700 Practice Exam With Accurate Answers

Welcome to download the newest Pass4itsure 352-011 Practical Exam dumps: http://www.pass4itsure.com/352-011.html

Most accurate GIAC G2700 practice test for you to free download.csci-scrc is also an authenticated IT certifications site that offer all the new questions and answers timely.Visit the site Flydumps.com to get free GIAC G2700 VCE test engine and PDF.

QUESTION NO: 21
You work as an Information Security Manager for uCertify Inc. You are working on communication and organization management. You need to create the documentation on change management.
Which of the following are the main objectives of change management?
Each correct answer represents a complete solution. Choose all that apply.
A. Minimal disruption of services
B. Reduction of inventory in accordance with revenue
C. Economic utilization of resources involved in the change
D. Reduction in back-out activities
Answer: A,C,D
QUESTION NO: 22
Which of the following is used for secure financial transactions over the Internet?
A. ATM

B. VPN

C. SSL
D. SET
Answer: D QUESTION NO: 23

You work as a Security Administrator for uCertify Inc. You have been assigned the task to verify the identity of the employees recruited in your organization. Which of the following components of security deals with an employee’s verification in the organization?
A. Network Security
B. Physical security
C. Access security
D. Human resource security
Answer: D
QUESTION NO: 24
You work as the Human Resource Manager for uCertify Inc. You need to recruit some candidates for the marketing department of the organization. Which of the following should be defined to the new employees of the organization before they have joined?
Each correct answer represents a complete solution. Choose all that apply.
A. Marketing tips and tricks
B. Organization’s network topology
C. Job roles
D. Organization’s security policy
Answer: C,D
QUESTION NO: 25
You work as an Information Security Manager for uCertify Inc. You need to make the documentation on change management. What are the advantages of change management?
Each correct answer represents a complete solution. Choose all that apply.
A. Improved productivity of users due to more stable and better IT services

B. Improved IT personnel productivity, since there is a reduced number of urgent changes and a back-out of erroneous changes
C. Improved adverse impact of changes on the quality of IT services
D. Increased ability to absorb frequent changes without making an unstable IT environment
Answer: A,B,D
QUESTION NO: 26
You work as a Network Administrator for uCertify Inc. The organization has constructed a cafeteria for their employees and you are responsible to select the access control method for the cafeteria.
There are a few conditions for giving access to the employees, which are as follows:
1.
Top level management can get access any time.

2.
Staff members can get access during the specified hours.

3.
Guests can get access only in working hours.
Which of the following access control methods is suitable to accomplish the task?
A. Discretionary access control
B. Lattice-based access control
C. Attribute-based access control
D. Rule-based access control
Answer: D
QUESTION NO: 27
Which of the following are the uses of cryptography as defined in a policy document?
Each correct answer represents a complete solution. Choose all that apply.
A. Backup
B. Control of keys
C. Applications supporting cryptography

D. Recovery Answer: A,B,C
QUESTION NO: 28
Which of the following is the designing phase of the ISMS?
A. Check
B. Plan
C. Act
D. Do
Answer: B
QUESTION NO: 29
Single Loss Expectancy (SLE) represents an organization’s loss from a single threat. Which of the following formulas best describes the Single Loss Expectancy (SLE)?
A. SLE = Asset Value (AV) * Exposure Factor (EF)
B. SLE = Annualized Loss Expectancy (ALE) * Exposure Factor (EF)
C. SLE = Annualized Loss Expectancy (ALE) * Annualized Rate of Occurrence (ARO)
D. SLE = Asset Value (AV) * Annualized Rate of Occurrence (ARO)
Answer: A
QUESTION NO: 30
Qualitative risk analysis includes judgment, intuition, and experience. Which of the following methods are used to perform qualitative risk analysis?
Each correct answer represents a complete solution. Choose all that apply.
A. Egress filtering

B. Checklists
C. Delphi technique
D. Brainstorming
Answer: B,C,D
QUESTION NO: 31
Which of the following information security standards deals with the protection of the computer facilities?
A. Physical and environmental security
B. Compliance
C. Organization of information security
D. Risk assessment and treatment
Answer: A
QUESTION NO: 32
Which of the following is a technical measure?
A. Encryption of data
B. Creation of a policy that defines what is and what is not permitted in the e-mail
C. Allocation of information to an owner
D. Storage of system management passwords
Answer: A
QUESTION NO: 33
Which of the following types of social engineering attacks is a term that refers to going through someone’s trash to find out useful or confidential information?
A. Authorization by third party

B. Dumpster diving
C. Shoulder surfing
D. Important user posing
Answer: B
QUESTION NO: 34
Which of the following are the things included by sensitive system isolation?
Each correct answer represents a complete solution. Choose all that apply.
A. Construction of appropriately isolated environments where technically and operationally feasible
B. Inclusion of all documents technically stored in a virtual directory
C. Explicit identification and acceptance of risks when shared facilities and/or resources must be used
D. Explicit identification and documentation of sensitivity by each system/application controller (owner)
Answer: A,C,D
QUESTION NO: 35
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to assign ownership of some assets of the organization. Which of the following statements correctly describe the responsibilities of an asset owner?
Each correct answer represents a complete solution. Choose all that apply.
A. The owner has property rights to the asset.
B. The owner is allowed to delegate responsibility for maintaining the asset.
C. The owner should have a document describing the security controls for the asset.
D. The owner is allowed to delegate accountability of the asset.
Answer: B,C

QUESTION NO: 36

You work as a Security Administrator for uCertify Inc. You need to make a documentation to provide ongoing education and awareness training of disciplinary actions of your company. What are the primary reasons to create this documentation?
Each correct answer represents a complete solution. Choose all that apply.
A. To ensure that employees understand information security threats
B. To ensure that employees have the necessary knowledge to mitigate security threats
C. To ensure that employees are aware of and understand their roles and responsibilities
D. To ensure that employees have the necessary knowledge about the company’s forthcoming Projects
Answer: A,B,C
QUESTION NO: 37
The stronger points of CRAMM assist prioritization by providing a countermeasure with high priority if some conditions are met. Which of the following are these conditions?
Each correct answer represents a complete solution. Choose all that apply.
A. It requires protecting a high risk system.
B. It does not require the installation of alternative countermeasures.
C. It is inexpensive to implement.
D. It provides protection against several threats.
Answer: A,B,D
QUESTION NO: 38
Which of the following tasks are performed by Information Security Management?
Each correct answer represents a complete solution. Choose all that apply.
A. It is designed to protect information and any equipment that is used in connection with its storage, transmission, and processing.
B. It is designed to develop information and any equipment that is used in connection with its storage, transmission, and processing.

C. It is designed to recognize information and any equipment that is used in connection with its storage, transmission, and processing.
D. It is designed to control information and any equipment that is used in connection with its storage, transmission, and processing.
Answer: A,C,D
QUESTION NO: 39
Which of the following standards was made in 1995 by the joint initiative of the Department of Trade and Industry in the United Kingdom and leading UK private-sector businesses?
A. BS7799
B. ISO 27001
C. BS2700
D. ISMS
Answer: A
QUESTION NO: 40
Which of the following are the variables on which the structure of Service Level Agreement depends?
Each correct answer represents a complete solution. Choose all that apply.
A. It depends on the cultural aspects.
B. It depends on the infrastructure aspects of the organization.
C. It depends on the nature of the business activities, in terms of general terms and conditions, and business hours.
D. It depends on the physical aspects of the organization.
Answer: A,C,D QUESTION NO: 41

Which of the following is one of the mechanisms available for administrators to employ for replicating the databases containing the DNS data across a set of DNS servers?
A. DNS zone transfer
B. DNS cache poisoning
C. DNS spoofing
D. ARP spoofing
Answer: A
QUESTION NO: 42
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following are information assets?
Each correct answer represents a complete solution. Choose all that apply.
A. User manuals
B. Operating systems
C. Training metarials
D. Personal data
Answer: A,C,D
QUESTION NO: 43 CORRECT TEXT
Fill in the blank with the appropriate term.
is the built-in file encryption tool for Windows file systems. It protects encrypted files from those who have physical possession of the computer where the encrypted files are stored.
Answer: EFS
QUESTION NO: 44

Which of the following are the major tasks of risk management?
Each correct answer represents a complete solution. Choose two.
A. Assuring the integrity of organizational data
B. Building Risk free systems
C. Risk identification
D. Risk control
Answer: C,D
QUESTION NO: 45
You work as an Information Security Manager for uCertify Inc. You have been assigned the task to create the documentation on control A.7.2 of the ISO standard. Which of the following is the chief concern of control A.7.2?
A. Classification of owners
B. Usage of information
C. Identification of inventory
D. Classification of information
Answer: D
QUESTION NO: 46
Andrew is the CEO of uCertify Inc. He wants to improve the resources and revenue of the company. He uses the PDCA methodology to accomplish the task. Which of the following are the phases of the PDCA methodology?
Each correct answer represents a complete solution. Choose all that apply.
A. Deviate
B. Plan
C. Calculate
D. Act
Answer: B,D QUESTION NO: 47

Which of the following international information security standards is concerned with anticipating and responding to information security breaches?
A. Organization of information security
B. Information security incident management
C. Physical and environmental security
D. Risk assessment and treatment
Answer: B
QUESTION NO: 48
You work as the Network Security Administrator for uCertify Inc. You are responsible for protecting your network from unauthorized access from both inside and outside the organization. For outside attacks, you have installed a number of security tools that protect your network. For internal security, employees are using passwords more than 8 characters; however, a few of them having the same designation often exchange their passwords, making it possible for others to access their accounts.
There is already a policy to stop this practice, but still employees are doing so. Now, you want to stop this and ensure that this never happens again. Which of the following will be the best step to stop this practice?
A. Create a policy that forces users to create a password combined with special characters.
B. Create a new policy that forces users to change their passwords once every 15 days.
C. Create a policy to enter their employee code while logged in to the system.
D. Create a policy to enter their personal email id while logged in to the system.
Answer: B
QUESTION NO: 49
You work as a Project Manager for uCertify Inc. You are working on an asset management plan.

You need to make the documentation on every single process related to asset management.
Which of the following is an example of asset management?
A. Making DR plan
B. Tracking references
C. Checking topology
D. Tracking inventory
Answer: D
QUESTION NO: 50
In which of the following does CRAMM provide assistance?
Each correct answer represents a complete solution. Choose all that apply.
A. Audits
B. Contingency planning
C. US7799 certification
D. BS7799 certification
Answer: A,B,D

Flydumps only provides GIAC G2700 Practice Exams with highest quality for the candidates,because all GIAC G2700 questions are written by most experienced experts who are really responsible.

Welcome to download the newest Pass4itsure 352-011 Practical Exam dumps: http://www.pass4itsure.com/352-011.html

GIAC G2700 Study Material, First-hand GIAC G2700 Practice Exam With Accurate Answers