New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

GISP GIAC Information Security Professional Questions and Answers

Questions 4

Which of the following provides secure online payment services?

Options:

A.

CA

B.

IEEE

C.

ACH

D.

ICSA

Buy Now
Questions 5

On which of the following OSI model layers does the Point-to-Point Protocol (PPP) work?

Options:

A.

Session layer

B.

Transport layer

C.

Application layer

D.

Data-link layer

Buy Now
Questions 6

Which of the following protocols provides maintenance and error reporting function?

Options:

A.

ICMP

B.

IGMP

C.

PPP

D.

UDP

Buy Now
Questions 7

Which of the following is used to prevent the electronic emissions of a computer from being used by unauthorized users?

Options:

A.

Spoofing

B.

System hardening

C.

Shielding

D.

Auditing

Buy Now
Questions 8

Which of the following is a type of halon?

Options:

A.

Halon C

B.

Halon 1900

C.

Halon 1301

D.

Halon 1300

Buy Now
Questions 9

A ________ is a detailed step-by-step document that explains exactly what is to be done.

Options:

A.

Procedure

B.

Baseline

C.

Standard

D.

Rule

Buy Now
Questions 10

What are packet sniffers?

Options:

A.

Packet sniffers test package security.

B.

Packet sniffers capture the packages as they cross the network.

C.

Packet sniffers encrypt the packages as they cross the network.

D.

Packet sniffers test the packages to verify data integrity.

Buy Now
Questions 11

Which of the following rated systems of the Orange book has mandatory protection of the TCB?

Options:

A.

A-rated

B.

C-rated

C.

B-rated

D.

D-rated

Buy Now
Questions 12

Which of the following types of attacks occurs when attackers enter a system or capture network traffic and make changes to selected files or data packets?

Options:

A.

Brute force attack

B.

Teardrop attack

C.

Dictionary attack

D.

Data diddling attack

Buy Now
Questions 13

International Data Encryption Algorithm (IDEA) is a __________ block cipher.

Options:

A.

32-bit

B.

128-bit

C.

16-bit

D.

64-bit

Buy Now
Questions 14

Which of the following protects from electrical and magnetic induction that causes interference to the power voltage?

Options:

A.

Power regulator

B.

Shielded line

C.

Firewall

D.

Smoke detector

Buy Now
Questions 15

Which of the following is a documentation of guidelines that are used to create archival copies of important data?

Options:

A.

Backup policy

B.

Security policy

C.

User policy

D.

Audit policy

Buy Now
Questions 16

Which of the following security models deal only with integrity?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Biba

B.

Bell-LaPadula

C.

Biba-Wilson

D.

Clark-Wilson

Buy Now
Questions 17

Which of the following protocols uses TCP port 22 as the default port and operates at the application layer?

Options:

A.

Secure Sockets Layer (SSL)

B.

Secure Shell (SSH)

C.

Post Office Protocol version 3 (POP3)

D.

Trivial File Transfer Protocol (TFTP)

Buy Now
Questions 18

Which of the following are the basic architectures of microprocessors used in modern computers?

Each correct answer represents a complete solution. Choose two.

Options:

A.

ASCII

B.

RISC

C.

CISC

D.

PCIe

Buy Now
Questions 19

Which of the following is a term that refers to unsolicited e-mails sent to a large number of e-mail users?

Options:

A.

Hotfix

B.

Buffer overflow

C.

Biometrics

D.

Spam

Buy Now
Questions 20

Which of the following protocols is used with a tunneling protocol to provide security?

Options:

A.

EAP

B.

IPSec

C.

FTP

D.

IPX/SPX

Buy Now
Questions 21

Which of the following are the ways of sending secure e-mail messages over the Internet?

Each correct answer represents a complete solution. Choose two.

Options:

A.

IPSec

B.

S/MIME

C.

PGP

D.

TLS

Buy Now
Questions 22

Which of the following statements about Denial-of-Service (DoS) attack are true?

Each correct answer represents a complete solution. Choose three.

Options:

A.

It disrupts connections between two computers, preventing communications between services.

B.

It changes the configuration of the TCP/IP protocol.

C.

It saturates network resources.

D.

It disrupts services to a specific computer.

Buy Now
Questions 23

How many keys are used to encrypt data in symmetric encryption?

Options:

A.

Four

B.

One

C.

Two

D.

Three

Buy Now
Questions 24

Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

Options:

A.

Visitors

B.

Customers

C.

Employees

D.

Hackers

Buy Now
Questions 25

Which of the following is used to prevent the electronic emissions of a computer from being used by unauthorized users?

Options:

A.

Spoofing

B.

Auditing

C.

Shielding

D.

System hardening

Buy Now
Questions 26

Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP) ?

Options:

A.

TCP port 110

B.

UDP port 161

C.

UDP port 1701

D.

TCP port 443

Buy Now
Questions 27

Which of the following acts as an intermediary between a user on the internal network and a service on the external network such as the Internet?

Options:

A.

DNS server

B.

Firewall

C.

Proxy server

D.

WINS server

Buy Now
Questions 28

Which of the following processes is known as Declassification?

Options:

A.

Verifying the identity of a person, network host, or system process.

B.

Physically destroying the media and the information stored on it.

C.

Assessing the risk involved in making a confidential document available to public.

D.

Removing the content from the media so that it is difficult to restore.

Buy Now
Questions 29

Fill in the blank with the appropriate value.

Twofish symmetric key block cipher operates on 128-bits block size using key sizes up to______ bits.

Options:

A.

256

Buy Now
Questions 30

Which of the following types of attacks is mounted with the objective of causing a negative impact on the performance of a computer or network?

Options:

A.

Denial-of-Service (DoS) attack

B.

Impersonation attack

C.

Vulnerability attack

D.

Man-in-the-middle attack

Buy Now
Questions 31

Which of the following access control models are used in the commercial sector?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Clark-Wilson model

B.

Clark-Biba model

C.

Bell-LaPadula model

D.

Biba model

Buy Now
Questions 32

Which of the following layers of the OSI model provides end-to-end service?

Options:

A.

The physical layer

B.

The application layer

C.

The session layer

D.

The transport layer

Buy Now
Questions 33

John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?

Options:

A.

Session splicing attack

B.

Evasion attack

C.

Insertion attack

D.

Polymorphic shell code attack

Buy Now
Questions 34

Which of the following types of attacks slows down or stops a server by overloading it with requests?

Options:

A.

Vulnerability attack

B.

Impersonation attack

C.

Network attack

D.

DoS attack

Buy Now
Questions 35

Which of the following components come under the physical layer of the OSI model?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Wall jacks

B.

Hubs

C.

Switches

D.

Fiber cabling

E.

RJ-45 connectors

Buy Now
Questions 36

Which of the following statements about extranet are true?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It is an area of a company's Web site, which is only available to selected customers, suppliers, an business partners.

B.

It is an area of a company's Web site, which is available to Internet users.

C.

It is an arrangement commonly used for business-to-business relationships.

D.

It is an arrangement commonly used for a company's employees.

Buy Now
Questions 37

Fill in the blank with the appropriate layer name.

The Network layer of the OSI model corresponds to the _______________ layer of the TCP/IP model.

Options:

A.

Internet

Buy Now
Questions 38

Which of the following policies is set by a network administrator to allow users to keep their emails and documents for a fixed period of time?

Options:

A.

Retention policy

B.

Password policy

C.

Audit policy

D.

Backup policy

Buy Now
Questions 39

Which of the following statements about Due Care policy is true?

Options:

A.

It provides information about new viruses.

B.

It is a method used to authenticate users on a network.

C.

It identifies the level of confidentiality of information.

D.

It is a method for securing database servers.

Buy Now
Questions 40

Which of the following are used to suppress paper or wood fires?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Water

B.

Kerosene

C.

CO2

D.

Soda acid

Buy Now
Questions 41

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully performed the following steps of the preattack phase to check the security of the We-are-secure network:

•Gathering information

•Determining the network range

•Identifying active systems

Now, he wants to find the open ports and applications running on the network. Which of the following tools will he use to accomplish his task?

Options:

A.

ARIN

B.

APNIC

C.

SuperScan

D.

RIPE

Buy Now
Questions 42

Which of the following types of halon is found in portable extinguishers and is stored as a liquid?

Options:

A.

Halon 11

B.

Halon 1301

C.

Halon 1211

D.

Halon-f

Buy Now
Questions 43

Which of the following are tunneling protocols?

Each correct answer represents a complete solution. Choose two.

Options:

A.

NNTP

B.

SMTP

C.

L2TP

D.

PPTP

Buy Now
Questions 44

Which of the following are the examples of administrative controls?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Data Backup

B.

Auditing

C.

Security policy

D.

Security awareness training

Buy Now
Questions 45

Which of the following is the most secure authentication method?

Options:

A.

Certificate-based authentication

B.

Basic authentication

C.

Digest authentication

D.

Integrated Windows authentication

Buy Now
Questions 46

Which of the following statements about a fiber-optic cable are true?

Each correct answer represents a complete solution. Choose three.

Options:

A.

It is immune to electromagnetic interference (EMI).

B.

It can transmit undistorted signals over great distances.

C.

It has eight wires twisted into four pairs.

D.

It uses light pulses for signal transmission.

Buy Now
Questions 47

Which of the following statement about eavesdropping is true?

Options:

A.

It is a type of password guessing attack.

B.

It is a way of preventing electronic emissions that are generated from a computer or network.

C.

It is known as network saturation attack or bandwidth consumption attack.

D.

It is the process of hearing or listening in private conversations.

Buy Now
Questions 48

You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?

Options:

A.

RAID-1

B.

RAID-10

C.

RAID-0

D.

RAID-5

Buy Now
Questions 49

Which of the following books deals with confidentiality?

Options:

A.

Brown Book

B.

Red Book

C.

Purple Book

D.

Orange Book

Buy Now
Questions 50

Which of the following is the default port for DNS zone transfer?

Options:

A.

Port 21

B.

Port 80

C.

Port 23

D.

Port 53

Buy Now
Questions 51

Which of the following are advantages of NTFS file system over FAT32 and FAT?

Each correct answer represents a part of the solution. Choose two.

Options:

A.

Support for file and folder level permissions.

B.

Support for dual-booting.

C.

Support for Encrypting File System (EFS).

D.

Support for audio files.

Buy Now
Questions 52

Which of the following records everything a person types using the keyboard?

Options:

A.

Line conditioner

B.

Firewall

C.

Port scanner

D.

Keystroke logger

Buy Now
Questions 53

Where are user accounts and passwords stored in a decentralized privilege management environment?

Options:

A.

On each server.

B.

On a central authentication server.

C.

On more than one server.

D.

On a server configured for decentralized privilege management.

Buy Now
Questions 54

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. John notices that the We-are-secure network is vulnerable to a man-inthe- middle attack since the key exchange process of the cryptographic algorithm it is using does not authenticate participants. Which of the following cryptographic algorithms is being used by the Weare- secure server?

Options:

A.

RSA

B.

Diffie-Hellman

C.

Twofish

D.

Blowfish

Buy Now
Questions 55

Which of the following should be implemented to protect an organization from spam?

Options:

A.

Packet filtering

B.

Auditing

C.

System hardening

D.

E-mail filtering

Buy Now
Questions 56

Which of the following is an open source network intrusion detection system?

Options:

A.

Sourcefire

B.

NETSH

C.

Macof

D.

Snort

Buy Now
Questions 57

Which of the following protocols is used to retrieve e-mails from a remote mail server?

Options:

A.

SNMP

B.

POP3

C.

SMTP

D.

IGMP

Buy Now
Questions 58

Which of the following activities is used to take place after recording and registering an incident?

Options:

A.

Restoring

B.

Matching

C.

Analysis

D.

Classification

Buy Now
Questions 59

Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

Options:

A.

Corroborating

B.

Circumstantial

C.

Direct

D.

Incontrovertible

Buy Now
Questions 60

You work as a Network Administrator for Rick International. The company has a TCP/IP-based network. A user named Kevin wants to set an SSH terminal at home to connect to the company's network. You have to configure your company's router for it. By default, which of the following standard ports does the SSH protocol use for connection?

Options:

A.

21

B.

443

C.

80

D.

22

Buy Now
Questions 61

Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

Options:

A.

Visitors

B.

Customers

C.

Employees

D.

Hackers

Buy Now
Questions 62

Which of the following two components does Kerberos Key Distribution Center (KDC) consist of?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Data service

B.

Account service

C.

Authentication service

D.

Ticket-granting service

Buy Now
Questions 63

Which of the following can be prevented by an organization using job rotation and separation of duties policies?

Options:

A.

Collusion

B.

Phishing

C.

Buffer overflow

D.

Eavesdropping

Buy Now
Questions 64

Which of the following methods of authentication uses finger prints to identify users?

Options:

A.

Biometrics

B.

PKI

C.

Kerberos

D.

Mutual authentication

Buy Now
Questions 65

Which of the following is a process of monitoring data packets that travel across a network?

Options:

A.

Packet sniffing

B.

Packet filtering

C.

Shielding

D.

Password guessing

Buy Now
Questions 66

Which of the following is not a level of military data-classification system?

Options:

A.

Unclassified

B.

Normal

C.

Confidential

D.

Top secret

Buy Now
Questions 67

Which of the following should propose applicable and effective security controls for managing the risks?

Options:

A.

Risk assessment

B.

Risk treatment plan

C.

Risk communication

D.

Risk management plan

Buy Now
Questions 68

Which of the following tabs will you click in the Internet Options dialog box to include a websites as a trusted site?

Options:

A.

Security

B.

Privacy

C.

Content

D.

General

Buy Now
Questions 69

Which of the following classes of fire comes under Class C fire?

Options:

A.

Combustible metals fire

B.

Paper or wood fire

C.

Oil fire

D.

Electronic or computer fire

Buy Now
Questions 70

Maria works as a professional Ethical Hacker. She recently has been assigned a project to test the security of www.we-are-secure.com. The company has provided the following information about the infrastructure of its network:

•Network diagrams of the we-are-secure infrastructure

•Source code of the security tools

•IP addressing information of the we-are-secure network

Which of the following testing methodologies is we-are-secure.com using to test the security of its network?

Options:

A.

Graybox

B.

Whitebox

C.

Blackbox

D.

Alpha testing

Buy Now
Questions 71

Which of the following is a type of scam that entice a user to disclose personal information such as social security number, bank account details, or credit card number?

Options:

A.

Snooping

B.

Phishing

C.

SYN attack

D.

Spoofing

Buy Now
Questions 72

Fill in the blank with the appropriate layer name of the OSI model.

Secure Socket Layer (SSL) operates at the _____ layer of the OSI model.

Options:

A.

transport

Buy Now
Questions 73

You are a salesperson. You are authorized to access only the information that is essential for your work. Which of the following access control models is used in your organization?

Options:

A.

Role-Based Access Control

B.

Discretionary Access Control

C.

Mandatory Access Control

D.

Rule-Based Access Control

E.

Privilege Access Control

Buy Now
Questions 74

Which of the following is the default port for Simple Network Management Protocol (SNMP)?

Options:

A.

TCP port 80

B.

TCP port 110

C.

TCP port 25

D.

UDP port 161

Buy Now
Questions 75

Which of the following layers of the OSI model corresponds to the Host-to-Host layer of the TCP/IP model?

Options:

A.

The transport layer

B.

The session layer

C.

The application layer

D.

The presentation layer

Buy Now
Questions 76

Which of the following protocols provides functionalities for advanced management associated with the use of digital certificates such as certificate issuance, exchange, and revocation?

Options:

A.

Hypertext Transfer Protocol Secure (HTTPS)

B.

Certificate Management Protocol (CMP)

C.

Extensible Authentication Protocol-Transport Level Security (EAP-TLS)

D.

Certificate Enrollment Protocol (CEP)

Buy Now
Questions 77

Which of the following conditions the line to keep voltage steady and clean?

Options:

A.

Power regulator

B.

Demilitarized zone (DMZ)

C.

Transponder

D.

Smoke detector

Buy Now
Questions 78

You work as a Web Developer for WebCrunch Inc. You create a web site that contains information about the company's products and services. The web site is to be used by the company's suppliers only. Which of the following options will you use to specify the nature of access to the web site?

Options:

A.

Intranet

B.

Internet and Intranet

C.

Internet

D.

Extranet

Buy Now
Questions 79

You are going to upgrade your hard disk's file system from FAT to NTFS. What are the major advantages of the NTFS file system over FAT16 and FAT32 file systems?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

NTFS gives better file security than FAT16 and FAT32.

B.

NTFS file system supports for larger hard disks.

C.

NTFS give improved disk compression than FAT16 and FAT32.

D.

Automatic backup.

Buy Now
Questions 80

Which of the following statements about the authentication concept of information security management is true?

Options:

A.

It ensures the reliable and timely access to resources.

B.

It ensures that modifications are not made to data by unauthorized personnel or processes.

C.

It determines the actions and behaviors of a single individual within a system, and identifies that particular individual.

D.

It establishes the users' identity and ensures that the users are who they say they are.

Buy Now
Questions 81

Which of the following OSI model layers handles addressing and routing?

Options:

A.

Session

B.

Physical

C.

Network

D.

Application

Buy Now
Questions 82

This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of these tools are as follows:

•It displays the signal strength of a wireless network, MAC address, SISD, channel details, etc.

•It is commonly used for the following purposes:

a. War driving

b. Detecting unauthorized access points

c. Detecting causes of interference on a WLAN

d. WEP ICV error tracking

e. Making Graphs and Alarms on 802.11 Data, including Signal Strength

This tool is known as __________.

Options:

A.

Kismet

B.

NetStumbler

C.

Absinthe

D.

THC-Scan

Buy Now
Questions 83

Which of the following types of firewalls looks deep into packets and makes granular access control decisions?

Options:

A.

Stateful

B.

Application level proxy

C.

Packet filtering

D.

Circuit level proxy

Buy Now
Questions 84

Which of the following is a reason to implement security logging on a DNS server?

Options:

A.

For measuring a DNS server's performance

B.

For recording the number of queries resolved

C.

For preventing malware attacks on a DNS server

D.

For monitoring unauthorized zone transfer

Buy Now
Questions 85

A war dialer is a tool that is used to scan thousands of telephone numbers to detect vulnerable modems. It provides an attacker unauthorized access to a computer. Which of the following tools can an attacker use to perform war dialing?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

ToneLoc

B.

THC-Scan

C.

Wingate

D.

NetStumbler

Buy Now
Questions 86

Which of the following protocols implements VPN using IPSec?

Options:

A.

PPP

B.

L2TP

C.

PPTP

D.

SLIP

Buy Now
Questions 87

Which of the following features of a switch helps to protect network from MAC flood and MAC spoofing?

Options:

A.

Port security

B.

Multi-Authentication

C.

Quality of Service (QoS)

D.

MAC Authentication Bypass

Buy Now
Questions 88

Which of the following is ensured by the concept of availability in information system security?

Options:

A.

Data modifications are not made by an unauthorized user or process.

B.

The intentional or unintentional unauthorized disclosure of a message or important document contents is prevented.

C.

The systems are up and running when they are needed.

D.

Unauthorized modifications are not made by authorized users.

Buy Now
Questions 89

Which of the following statements regarding Secure Sockets Layer (SSL) are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

SSL provides message integrity to prevent alteration to the message.

B.

SSL can process credit cards.

C.

During SSL session, information is encrypted to prevent unauthorized disclosure.

D.

SSL can support 128-bit encryption.

Buy Now
Questions 90

Which of the following can be prevented by an organization using job rotation and separation of duties policies?

Options:

A.

Buffer overflow

B.

Collusion

C.

Phishing

D.

Eavesdropping

Buy Now
Questions 91

Which of the following statements about Secure Sockets Layer (SSL) are true?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It provides communication privacy, authentication, and message integrity.

B.

It provides mail transfer service.

C.

It provides connectivity between Web browser and Web server.

D.

It uses a combination of public key and symmetric encryption for security of data.

Buy Now
Questions 92

Which of the following access control models requires centralize database of user accounts?

Options:

A.

User based

B.

Data based

C.

Group based

D.

Partitions based

Buy Now
Questions 93

Which of the following are politically motivated threats that an organization faces?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Power distribution outages

B.

Civil disobedience

C.

Riot

D.

Terrorist attacks

E.

Vandalism

Buy Now
Questions 94

Mark works as a Webmaster for Infonet Inc. He sets up an e-commerce site. He wants to accept online payments through credit cards on this site. He wants the credit card numbers to be encrypted. What will Mark do to accomplish the task?

Options:

A.

Use PGP.

B.

Use HTTP.

C.

Use MIME.

D.

Use SET.

Buy Now
Questions 95

Which of the following terms is used for a router that filters traffic before it is passed to the firewall?

Options:

A.

Honey pot

B.

Bastion host

C.

Demilitarized zone (DMZ)

D.

Screened host

Buy Now
Questions 96

Which of the following access control models uses a role based method to determine access rights and permission?

Options:

A.

Discretionary access control

B.

Roaming access control

C.

Nondiscretionary access control

D.

Mandatory access control

Buy Now
Questions 97

Which of the following tools is NOT used for logging network activities in the Linux operating system?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Timbersee

B.

PsGetSid

C.

PsLoggedOn

D.

Swatch

Buy Now
Questions 98

You work as a Network Administrator for NetTech Inc. When you enter http://66.111.64.227 in the browser 's address bar, you are able to access the site. But, you are unable to access the site when you enter http://www.PassGuide.com. What is the most likely cause?

Options:

A.

The site's Web server has heavy traffic.

B.

The site's Web server is offline.

C.

WINS server has no NetBIOS name entry for the server.

D.

DNS entry is not available for the host name.

Buy Now
Exam Code: GISP
Exam Name: GIAC Information Security Professional
Last Update: Dec 27, 2024
Questions: 659
GISP pdf

GISP PDF

$25.5  $84.99
GISP Engine

GISP Testing Engine

$30  $99.99
GISP PDF + Engine

GISP PDF + Testing Engine

$40.5  $134.99