GISP GIAC Information Security Professional Questions and Answers

Which of the following provides secure online payment services?

On which of the following OSI model layers does the Point-to-Point Protocol (PPP) work?

Which of the following protocols provides maintenance and error reporting function?

Which of the following is used to prevent the electronic emissions of a computer from being used by unauthorized users?

Which of the following is a type of halon?

A ________ is a detailed step-by-step document that explains exactly what is to be done.

What are packet sniffers?

Which of the following rated systems of the Orange book has mandatory protection of the TCB?

Which of the following types of attacks occurs when attackers enter a system or capture network traffic and make changes to selected files or data packets?

International Data Encryption Algorithm (IDEA) is a __________ block cipher.

Which of the following protects from electrical and magnetic induction that causes interference to the power voltage?

Which of the following is a documentation of guidelines that are used to create archival copies of important data?

Which of the following security models deal only with integrity?

Each correct answer represents a complete solution. Choose two.

Which of the following protocols uses TCP port 22 as the default port and operates at the application layer?

Which of the following are the basic architectures of microprocessors used in modern computers?

Each correct answer represents a complete solution. Choose two.

Which of the following is a term that refers to unsolicited e-mails sent to a large number of e-mail users?

Which of the following protocols is used with a tunneling protocol to provide security?

Which of the following are the ways of sending secure e-mail messages over the Internet?

Each correct answer represents a complete solution. Choose two.

Which of the following statements about Denial-of-Service (DoS) attack are true?

Each correct answer represents a complete solution. Choose three.

How many keys are used to encrypt data in symmetric encryption?

Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

Which of the following is used to prevent the electronic emissions of a computer from being used by unauthorized users?

Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP) ?

Which of the following acts as an intermediary between a user on the internal network and a service on the external network such as the Internet?

Which of the following processes is known as Declassification?

Fill in the blank with the appropriate value.

Twofish symmetric key block cipher operates on 128-bits block size using key sizes up to______ bits.

Which of the following types of attacks is mounted with the objective of causing a negative impact on the performance of a computer or network?

Which of the following access control models are used in the commercial sector?

Each correct answer represents a complete solution. Choose two.

Which of the following layers of the OSI model provides end-to-end service?

John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?

Which of the following types of attacks slows down or stops a server by overloading it with requests?

Which of the following components come under the physical layer of the OSI model?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following statements about extranet are true?

Each correct answer represents a complete solution. Choose two.

Fill in the blank with the appropriate layer name.

The Network layer of the OSI model corresponds to the _______________ layer of the TCP/IP model.

Which of the following policies is set by a network administrator to allow users to keep their emails and documents for a fixed period of time?

Which of the following statements about Due Care policy is true?

Which of the following are used to suppress paper or wood fires?

Each correct answer represents a complete solution. Choose two.

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully performed the following steps of the preattack phase to check the security of the We-are-secure network:

•Gathering information

•Determining the network range

•Identifying active systems

Now, he wants to find the open ports and applications running on the network. Which of the following tools will he use to accomplish his task?

Which of the following types of halon is found in portable extinguishers and is stored as a liquid?

Which of the following are tunneling protocols?

Each correct answer represents a complete solution. Choose two.

Which of the following are the examples of administrative controls?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following is the most secure authentication method?

Which of the following statements about a fiber-optic cable are true?

Each correct answer represents a complete solution. Choose three.

Which of the following statement about eavesdropping is true?

You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?

Which of the following books deals with confidentiality?

Which of the following is the default port for DNS zone transfer?

Which of the following are advantages of NTFS file system over FAT32 and FAT?

Each correct answer represents a part of the solution. Choose two.

Which of the following records everything a person types using the keyboard?

Where are user accounts and passwords stored in a decentralized privilege management environment?

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. John notices that the We-are-secure network is vulnerable to a man-inthe- middle attack since the key exchange process of the cryptographic algorithm it is using does not authenticate participants. Which of the following cryptographic algorithms is being used by the Weare- secure server?

Which of the following should be implemented to protect an organization from spam?

Which of the following is an open source network intrusion detection system?

Which of the following protocols is used to retrieve e-mails from a remote mail server?

Which of the following activities is used to take place after recording and registering an incident?

Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

You work as a Network Administrator for Rick International. The company has a TCP/IP-based network. A user named Kevin wants to set an SSH terminal at home to connect to the company's network. You have to configure your company's router for it. By default, which of the following standard ports does the SSH protocol use for connection?

Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

Which of the following two components does Kerberos Key Distribution Center (KDC) consist of?

Each correct answer represents a complete solution. Choose two.

Which of the following can be prevented by an organization using job rotation and separation of duties policies?

Which of the following methods of authentication uses finger prints to identify users?

Which of the following is a process of monitoring data packets that travel across a network?

Which of the following is not a level of military data-classification system?

Which of the following should propose applicable and effective security controls for managing the risks?

Which of the following tabs will you click in the Internet Options dialog box to include a websites as a trusted site?

Which of the following classes of fire comes under Class C fire?

Maria works as a professional Ethical Hacker. She recently has been assigned a project to test the security of www.we-are-secure.com. The company has provided the following information about the infrastructure of its network:

•Network diagrams of the we-are-secure infrastructure

•Source code of the security tools

•IP addressing information of the we-are-secure network

Which of the following testing methodologies is we-are-secure.com using to test the security of its network?

Which of the following is a type of scam that entice a user to disclose personal information such as social security number, bank account details, or credit card number?

Fill in the blank with the appropriate layer name of the OSI model.

Secure Socket Layer (SSL) operates at the _____ layer of the OSI model.

You are a salesperson. You are authorized to access only the information that is essential for your work. Which of the following access control models is used in your organization?

Which of the following is the default port for Simple Network Management Protocol (SNMP)?

Which of the following layers of the OSI model corresponds to the Host-to-Host layer of the TCP/IP model?

Which of the following protocols provides functionalities for advanced management associated with the use of digital certificates such as certificate issuance, exchange, and revocation?

Which of the following conditions the line to keep voltage steady and clean?

You work as a Web Developer for WebCrunch Inc. You create a web site that contains information about the company's products and services. The web site is to be used by the company's suppliers only. Which of the following options will you use to specify the nature of access to the web site?

You are going to upgrade your hard disk's file system from FAT to NTFS. What are the major advantages of the NTFS file system over FAT16 and FAT32 file systems?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following statements about the authentication concept of information security management is true?

Which of the following OSI model layers handles addressing and routing?

This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of these tools are as follows:

•It displays the signal strength of a wireless network, MAC address, SISD, channel details, etc.

•It is commonly used for the following purposes:

a. War driving

b. Detecting unauthorized access points

c. Detecting causes of interference on a WLAN

d. WEP ICV error tracking

e. Making Graphs and Alarms on 802.11 Data, including Signal Strength

This tool is known as __________.

Which of the following types of firewalls looks deep into packets and makes granular access control decisions?

Which of the following is a reason to implement security logging on a DNS server?

A war dialer is a tool that is used to scan thousands of telephone numbers to detect vulnerable modems. It provides an attacker unauthorized access to a computer. Which of the following tools can an attacker use to perform war dialing?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following protocols implements VPN using IPSec?

Which of the following features of a switch helps to protect network from MAC flood and MAC spoofing?

Which of the following is ensured by the concept of availability in information system security?

Which of the following statements regarding Secure Sockets Layer (SSL) are true?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following can be prevented by an organization using job rotation and separation of duties policies?

Which of the following statements about Secure Sockets Layer (SSL) are true?

Each correct answer represents a complete solution. Choose two.

Which of the following access control models requires centralize database of user accounts?

Which of the following are politically motivated threats that an organization faces?

Each correct answer represents a complete solution. Choose all that apply.

Mark works as a Webmaster for Infonet Inc. He sets up an e-commerce site. He wants to accept online payments through credit cards on this site. He wants the credit card numbers to be encrypted. What will Mark do to accomplish the task?

Which of the following terms is used for a router that filters traffic before it is passed to the firewall?

Which of the following access control models uses a role based method to determine access rights and permission?

Which of the following tools is NOT used for logging network activities in the Linux operating system?

Each correct answer represents a complete solution. Choose all that apply.

You work as a Network Administrator for NetTech Inc. When you enter http://66.111.64.227 in the browser 's address bar, you are able to access the site. But, you are unable to access the site when you enter http://www.PassGuide.com. What is the most likely cause?