GISP Practice Exam Questions with Answers GIAC Information Security Professional Certification

Which of the following statements about Microsoft hotfix are true?

Each correct answer represents a complete solution. Choose two.

Which of the following is the default port for TACACS?

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using the TFN and Trin00 tools to test the security of the We-aresecure server, so that he can check whether the server is vulnerable or not. Using these tools, which of the following attacks can John perform to test the security of the We-are-secure server?

Which of the following concepts represent the three fundamental principles of information security?

Each correct answer represents a complete solution. Choose three.

Which of the following statements are true about worms?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following enables an inventor to legally enforce his right to exclude others from using his invention?

Which of the following protocols work at the network layer?

Each correct answer represents a complete solution. Choose three.

In which of the following security tests does the security testing team simulate as an employee or other person with an authorized connection to the organization's network?

Which of the following provides secure online payment services?

Which of the following processes is known as Declassification?

Which of the following is the process of finding weaknesses in cryptographic algorithms and obtaining the plaintext or key from the ciphertext?

Which of the following types of evidence is considered as the best evidence?

Which of the following provides high availability of data?

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company.

To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

SSL session keys are available in which of the following lengths?

Which U.S. government agency is responsible for establishing standards concerning cryptography for nonmilitary use?

Which of the following encryption methods comes under symmetric encryption algorithm?

Each correct answer represents a complete solution. Choose three.

Which of the following rate systems of Orange book has mandatory protection of the Trusted Computing Base (TCB)?

Which of the following is the rating for gasoline or oil fires?

Which of the following types of fire comes under Class K fire?

Fill in the blank with the appropriate layer name of the OSI model.

Secure Socket Layer (SSL) operates at the _______ layer of the OSI model.

Identify whether the given statement is true or false.

"Replay attack is a type of attack in which attackers capture packets containing passwords or digital signatures whenever packets pass between two hosts on a network."

Which of the following is used to prevent the electronic emissions of a computer from being used by unauthorized users?

Which of the following ports is used by a BOOTP server?

Which of the following acts as an intermediary between a user on the internal network and a service on the external network such as the Internet?

Which of the following processes removes data from the media so that it is difficult to restore?

You work as a Network Administrator for NetTech Inc. The company's network is connected to the Internet. For security, you want to restrict unauthorized access to the network with minimum administrative effort. You want to implement a hardware-based solution. What will you do to accomplish this?

Which of the following entities is used by Routers and firewalls to determine which packets should be forwarded or dropped?

Which of the following is not a level of military data-classification system?

The _______ protocol allows applications to communicate across a network in a way designed to prevent eavesdropping and message forgery.

Which of the following key sizes is used by International Data Encryption Algorithm (IDEA)?

International Data Encryption Algorithm (IDEA) is a __________ block cipher.

How many voice channels are available in a T2 line?

Fill in the blanks with the appropriate values.

International Data Encryption Algorithm (IDEA) is a _____ -bit block cipher that uses a ________-bit key.

Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

You work as a Network Administrator for NetTech Inc. The company wants to encrypt its e-mails.

Which of the following will you use to accomplish this?

An attacker sends a large number of packets to a target computer that causes denial of service. Which of the following type of attacks is this?

Which of the following technologies are forms of single sign-on (SSO)?

Each correct answer represents a complete solution. Choose three.

Which of the following layers of the OSI model corresponds to the Host-to-Host layer of the TCP/IP model?

Which of the following types of virus is capable of changing its signature to avoid detection?

Which of the following needs to be documented to preserve evidences for presentation in court?

The backup system that stores only those files that have been changed since the last backup is known as ______.

Which of the following can be done over telephone lines, e-mail, instant messaging, and any other method of communication considered private.

Which of the following is used to prevent the electronic emissions of a computer from being used by unauthorized users?

You are a salesperson. You are authorized to access only the information that is essential for your work. Which of the following access control models is used in your organization?

Which of the following are examples of passive attacks?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following processes is known as Declassification?

Which of the following protocols is used with a tunneling protocol to provide security?

Which of the following is used by attackers to obtain an authenticated connection on a network?

Which of the following is the default port for Secure Shell (SSH)?

Which of the following methods of encryption uses a single key to encrypt and decrypt data?

Which of the following protocols work at the session layer of the OSI model?

Each correct answer represents a complete solution. Choose two.

John works as a Network Security Professional. He is assigned a project to test the security of www.we-are-secure.com. He is working on the Linux operating system and wants to install an Intrusion Detection System on the We-are-secure server so that he can receive alerts about any hacking attempts. Which of the following tools can John use to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following encryption algorithms are based on stream ciphers?

Each correct answer represents a complete solution. Choose two.

Which of the following statements best describes VeriSign?

Which of the following are tunneling protocols?

Each correct answer represents a complete solution. Choose two.

Which of the following type of errors occurs when a legitimate user incorrectly denied access to resources by the Biometrics authentication systems?

These are false reports about non-existent viruses. In these reports, the writer often claims to do impossible things. Due to these false reports, the network administrator shuts down his network, which in turn affects the work of the company. These reports falsely claim to describe an extremely dangerous virus, and declare that the report is issued by a reputed company. These reports are known as __________.

Which of the following rate systems of the Orange book has no security controls?

Which of the following is an entry in an object's discretionary access control list (DACL) that grants permissions to a user or group?

Fill in the blank with the appropriate value.

Primary Rate Interface (PRI) of an ISDN connection contains _______ B channels and ______ D channel.

Mark has been hired by a company to work as a Network Assistant. He is assigned the task to configure a dial-up connection. He is configuring a laptop. Which of the following protocols should he disable to ensure that the password is encrypted during remote access?

Which of the following policies is set by a network administrator to allow users to keep their emails and documents for a fixed period of time?

Which of the following statements about the One Time Password (OTP) security system are true?

Each correct answer represents a complete solution. Choose two.

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to perform a stealth scan to discover open ports and applications running on the We-are-secure server. For this purpose, he wants to initiate scanning with the IP address of any third party. Which of the following scanning techniques will John use to accomplish his task?

Which of the following tools is a component of Cisco Adaptive Security Appliance (ASA) and provides an in-depth security design to prevent various types of problems such as viruses, spams, and spyware?

Which of the following statements about extranet are true?

Each correct answer represents a complete solution. Choose two.

You work as a Network Administrator for Infonet Inc. The company's network has an FTP server.

You want to secure the server so that only authorized users can access it. What will you do to accomplish this?

In which of the following attacks does an attacker send a spoofed TCP SYN packet in which the target's IP address is filled in both the source and destination fields?

Which of the following functions are performed by a firewall?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following statements about Digest authentication are true?

Each correct answer represents a complete solution. Choose two.

Which of the following refers to going through someone's trash to find out useful or confidential information?

Which of the following standards is used in wireless local area networks (WLANs)?

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He writes the following snort rule:

This rule can help him protect the We-are-secure server from the __________.

Which of the following are used to suppress paper or wood fires?

Each correct answer represents a complete solution. Choose two.

Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

Which of the following statements about IPSec are true?

Each correct answer represents a complete solution. Choose two.

Which of the following protocols is responsible for requesting Web pages from a Web server and sending back the responses to the Web browser?

Which of the following protocols is used to retrieve e-mails from a remote mail server?

Which of the following protocols work at the Session layer of the OSI model?

Which of the following protocols allows Cisco devices to acquire and utilize digital certificates from Certification Authorities (CAs)?

Which of the following is the default port for DNS zone transfer?

Which of the following devices reads the destination's MAC address from each incoming data packet and forwards the data packet to its destination?

In which of the following attacks does the attacker confuse the switch itself into thinking two ports have the same MAC address?

Which of the following safes are large enough to allow a person to enter?

Which of the following is a term used to refer to access of a wireless Internet connection by bringing one's own computer within the range of another's wireless connection, and using that service without the subscriber's explicit permission or knowledge?

Which of the following techniques allows an attacker to take network traffic coming towards a host at one port and redirect it from that host to another host.

Which of the following protects against unauthorized access to confidential information via encryption and works at the network layer?

Which of the following statements is true about transient noise?

Which of the following are the phases of the Certification and Accreditation (C&A) process?

Each correct answer represents a complete solution. Choose two.

Which of the following types of attacks occurs when attackers enter a system or capture network traffic and make changes to selected files or data packets?

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against

__________.

Which of the following OSI model layers handles translation of data into standard format, data compression, and decompression?