GIAC Information Security Professional
Last Update May 18, 2024
Total Questions : 659
We are offering FREE GISP GIAC exam questions. All you do is to just go and sign up. Give your details, prepare GISP free exam questions and then go for complete pool of GIAC Information Security Professional test questions that will help you more.
Which of the following involves identifying and minimizing the effect of risks?
Which of the following are examples of passive attacks?
Each correct answer represents a complete solution. Choose all that apply.
An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?
Which of the following is not a major concern in traditional business transactions as compare to online transactions?
Which of the following protocols work at the session layer of the OSI model?
Each correct answer represents a complete solution. Choose two.
Which of the following can be done over telephone lines, e-mail, instant messaging, and any other method of communication considered private.
SSH is a network protocol that allows data to be exchanged between two networks using a secure channel. Which of the following encryption algorithms can be used by the SSH protocol?
Each correct answer represents a complete solution. Choose all that apply.
An attacker sends a large number of packets to a target computer that causes denial of service. Which of the following type of attacks is this?
Which of the following technologies are forms of single sign-on (SSO)?
Each correct answer represents a complete solution. Choose three.
Which of the following are politically motivated threats that an organization faces?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following ports is used by the control connection on the FTP server?
Which of the following types of virus is capable of changing its signature to avoid detection?
Which of the following statements about Denial-of-Service (DoS) attack are true?
Each correct answer represents a complete solution. Choose three.
You work as a Network Administrator of a TCP/IP network. You are having DNS resolution problem. Which of the following utilities will you use to diagnose the problem?
You work as a Network Administrator for NetTech Inc. The company's network has a Windows 2000 domain-based network. You want to prevent malicious e-mails from entering the network from the non-existing domains. What will you do to accomplish this?
Which of the following are the ways of sending secure e-mail messages over the Internet?
Each correct answer represents a complete solution. Choose two.
Which of the following should propose applicable and effective security controls for managing the risks?
Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2000 domain-based network. Users report that they are unable to log on to the network. Mark finds that accounts are locked out due to multiple incorrect log on attempts. What is the most likely cause of the account lockouts?
Which of the following activities is used to take place after recording and registering an incident?
Which of the following refers to a computer that must be secure because it is accessible from the Internet and is vulnerable to attacks?
Which of the following IP addresses are private addresses?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following rated systems of the Orange book has mandatory protection of the TCB?
Which of the following services are provided by Remote Authentication Dial-In User Service (RADIUS)?
Each correct answer represents a complete solution. Choose three.
Which of the following acts as an intermediary between a user on the internal network and a service on the external network such as the Internet?
Which of the following are the ways of sending secure e-mail messages over the Internet?
Each correct answer represents a complete solution. Choose two.
Which of the following types of virus is capable of changing its signature to avoid detection?
Which of the following techniques allows an attacker to take network traffic coming towards a host at one port and redirect it from that host to another host.
Which of the following authentication protocols provides support for a wide range of authentication methods, such as smart cards and certificates?
Which of the following are tunneling protocols?
Each correct answer represents a complete solution. Choose two.
What are the benefits of using a proxy server on a network?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following features of a switch helps to protect network from MAC flood and MAC spoofing?
Which of the following security models dictates that subjects can only access objects through applications?
Which of the following protocols is responsible for the resolution of IP addresses to media access control (MAC) addresses?
Which of the following are the major tasks of risk management?
Each correct answer represents a complete solution. Choose two.
On which of the following OSI model layers does the Point-to-Point Protocol (PPP) work?
Identify whether the given statement is true or false.
"Replay attack is a type of attack in which attackers capture packets containing passwords or digital signatures whenever packets pass between two hosts on a network."
Sam works as a Web Developer for McRobert Inc. He wants to control the way in which a Web browser receives information and downloads content from Web sites. Which of the following browser settings will Sam use to accomplish this?
Which of the following categories of UTP cable has maximum data transfer rate of 155 Mbps?
What will be the best strategy to prevent employees on a Local Area Network from performing unauthorized activities?
Fill in the blank with the appropriate layer name of the OSI model.
Secure Socket Layer (SSL) operates at the _______ layer of the OSI model.
Mark has been hired by a company to work as a Network Assistant. He is assigned the task to configure a dial-up connection. He is configuring a laptop. Which of the following protocols should he disable to ensure that the password is encrypted during remote access?
Which of the following are used to suppress paper or wood fires?
Each correct answer represents a complete solution. Choose two.
John works as a Network Administrator for We-are-secure Inc. The We-are-secure server is based on Windows Server 2003. One day, while analyzing the network security, he receives an error message that Kernel32.exe is encountering a problem. Which of the following steps should John take as a countermeasure to this situation?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following steps are generally followed in computer forensic examinations?
Each correct answer represents a complete solution. Choose three.
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to perform a stealth scan to discover open ports and applications running on the We-are-secure server. For this purpose, he wants to initiate scanning with the IP address of any third party. Which of the following scanning techniques will John use to accomplish his task?
You work as a Network Administrator for Infonet Inc. The company's network has an FTP server.
You want to secure the server so that only authorized users can access it. What will you do to accomplish this?
Which of the following cables provides maximum security against electronic eavesdropping on a network?
Which of the following tools is a component of Cisco Adaptive Security Appliance (ASA) and provides an in-depth security design to prevent various types of problems such as viruses, spams, and spyware?
Which of the following statements about a host-based intrusion prevention system (HIPS) are true?
Each correct answer represents a complete solution. Choose two.
Which of the following statements about Diffie-Hellman encryption are true?
Each correct answer represents a complete solution. Choose two.
These are false reports about non-existent viruses. In these reports, the writer often claims to do impossible things. Due to these false reports, the network administrator shuts down his network, which in turn affects the work of the company. These reports falsely claim to describe an extremely dangerous virus, and declare that the report is issued by a reputed company. These reports are known as __________.
Which of the following protocols allows an e-mail client to access and manipulate a remote e-mail file without downloading it to the local computer?
Which of the following standards works at the presentation layer?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?
You work as a Network Administrator for NetTech Inc. The company's network is connected to the Internet.
For security, you want to restrict unauthorized access to the network with minimum administrative effort.
You want to implement a hardware-based solution. What will you do to accomplish this?
Which of the following statements about Network Address Translation (NAT) is true?
Which of the following is the main reason for implementing CCTV as part of the physical arrangement?
Which of the following statements are true about worms?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following conditions the line to keep voltage steady and clean?
You work as a Network Administrator for NetTech Inc. Employees in remote locations connect to the company's network using Remote Access Service (RAS). Which of the following will you use to protect the network against unauthorized access?
Which of the following methods can be helpful to eliminate social engineering threat?
Each correct answer represents a complete solution. Choose three.
This type of virus infects programs that can execute and load into memory to perform predefined steps for infecting systems. It infects files with the extensions .EXE, .COM, .BIN, and .SYS. As it can replicate or destroy these types of files, the operating system becomes corrupted and needs reinstallation. This type of virus is known as __________.
Which of the following is a term used to refer to access of a wireless Internet connection by bringing one's own computer within the range of another's wireless connection, and using that service without the subscriber's explicit permission or knowledge?
Where are user accounts and passwords stored in a decentralized privilege management environment?
Which of the following ports is assigned by the Internet Assigned Number Authority (IANA) for RADIUS accounting?
Which of the following command-line utilities queries the DNS server to check whether or not the zone database contains the correct information?
Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?
A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?
Which of the following tools or services is used to find the entire IP address range used by an organization?
Which of the following is a documentation of guidelines that are used to create archival copies of important data?
Fill in the blanks with the appropriate values.
Twofish symmetric algorithm operates on _______ -bit blocks and can support a key length of up to ________ bits.
Which of the following methods of encryption uses a single key to encrypt and decrypt data?
Which of the following statements about System Access Control List (SACL) is true?
Which of the following refers to the emulation of the identity of a network computer by an attacking computer?
It is the technique for gathering information for a Web site owner about a user through a few lines of code that reside in the Web pages. This information is gathered through __________.
Which of the following statements regarding Secure Sockets Layer (SSL) are true?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following statements about incremental backup are true?
Each correct answer represents a complete solution. Choose two.
Which of the following statements about the authentication concept of information security management is true?
Which of the following types of safes can be chosen by an organization to store data backups or other types of valuables?
Each correct answer represents a complete solution. Choose three.
Which of the following terms is used for the process of securing a system or a device on a network infrastructure?
You work as a Network Administrator for Net Perfect Inc. The company has a Windows 2000, TCP/IP-based class C network consisting of 200 hosts. The network uses private IP addressing. A computer on the network is connected to the Internet. The management plans to increase the number of hosts to 300. The management also wants all hosts to be able to access the Internet through the existing connection. Which of the following steps will you take to accomplish this?
Each correct answer represents a part of the solution. Choose two.
Which of the following is a process of monitoring data packets that travel across a network?
Which of the following is a documentation of guidelines that computer forensics experts use to handle evidences?
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He copies the whole structure of the We-are-secure Web site to the local disk and obtains all the files on the Web site. Which of the following techniques is he using to accomplish his task?
A war dialer is a tool that is used to scan thousands of telephone numbers to detect vulnerable modems. It provides an attacker unauthorized access to a computer. Which of the following tools can an attacker use to perform war dialing?
Each correct answer represents a complete solution. Choose all that apply.