GISP GIAC Information Security Professional Questions and Answers

Which of the following needs to be documented to preserve evidences for presentation in court?

Which of the following are examples of passive attacks?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following are the ways of sending secure e-mail messages over the Internet?

Each correct answer represents a complete solution. Choose two.

Which of the following statements about Switched Multimegabit Data Service (SMDS) are true?

Each correct answer represents a complete solution. Choose two.

Which of the following steps can be taken to protect laptops and data they hold?

Each correct answer represents a complete solution. Choose all that apply.

Mark has been hired by a company to work as a Network Assistant. He is assigned the task to configure a dial-up connection. He is configuring a laptop. Which of the following protocols should he disable to ensure that the password is encrypted during remote access?

Which of the following is a source port forwarder and redirector tool?

Which of the following is the process of overwriting all addressable locations on a disk?

Which of the following are the application layer protocols for security?

Each correct answer represents a complete solution. Choose three.

Which of the following terms is used for a router that filters traffic before it is passed to the firewall?

Which of the following protocols is used to query and modify information stored within the directory services?

Which of the following authentication methods support mutual authentication?

Each correct answer represents a complete solution. Choose two.

Which of the following standards is used in wireless local area networks (WLANs)?

Which of the following is the default port for the NetBIOS name service?

Which of the following processes is known as sanitization?

Which of the following heights of fence deters only casual trespassers?

Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP) ?

Which of the following are the responsibilities of the owner with regard to data in an information classification program?

Each correct answer represents a complete solution. Choose three.

When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known as __________.

Which of the following is a name, symbol, or slogan with which a product is identified?

Which of the following encryption algorithms are based on block ciphers?

You work as a Network Administrator for Infonet Inc. The company's network has an FTP server.

You want to secure the server so that only authorized users can access it. What will you do to accomplish this?

Which of the following statements is true about transient noise?

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.

You have configured a firewall on the network. A filter has been applied to block all the ports. You want to enable sending and receiving of emails on the network. Which of the following ports will you open?

Each correct answer represents a complete solution. Choose two.

Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?

Which of the following tools can be used by a user to hide his identity?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following are the examples of technical controls?

Each correct answer represents a complete solution. Choose three.

Which of the following statements about incremental backup are true?

Each correct answer represents a complete solution. Choose two.

Which of the following encryption strengths is used to secure NTLM version 2 passwords?

Which of the following statements about IPSec are true?

Each correct answer represents a complete solution. Choose two.

Which of the following layers are the sub layers of the data-link layer?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following provides the best protection against a man-in-the-middle attack?

Which of the following allows an attacker to enter malicious data into a Website?

Which of the following is the method of hiding data within another media type such as graphic or document?

Which of the following statements regarding Secure Sockets Layer (SSL) are true?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following statements about System Access Control List (SACL) is true?

It is the technique for gathering information for a Web site owner about a user through a few lines of code that reside in the Web pages. This information is gathered through __________.

Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security equivalent to wired networks for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. Which of the following statements are true about WEP?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following protocols provides functionalities for advanced management associated with the use of digital certificates such as certificate issuance, exchange, and revocation?

Which of the following devices reads the destination's MAC address from each incoming data packet and forwards the data packet to its destination?

Which of the following allows an administrator to find weak passwords on the network?

Which of the following key sizes is used by International Data Encryption Algorithm (IDEA)?

Which of the following are man-made threats that an organization faces?

Each correct answer represents a complete solution. Choose three.

Which of the following is a program that monitors data packets traveling across a network?

Which of the following occurs when a packet is sent from a source computer to a destination computer?

Which of the following tools is used for breaking digital watermark?

Which of the following tools is used to flood the local network with random MAC addresses?

Which of the following are the responsibilities of a custodian with regard to data in an information classification program?

Each correct answer represents a complete solution. Choose three.

In which of the following cryptographic attacking techniques does an attacker obtain encrypted messages that have been encrypted using the same encryption algorithm?

What are the benefits of using a proxy server on a network?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following devices performs protocol and format translations?

Which of the following types of computers is used for attracting potential intruders?

Which of the following are types of social engineering attacks?

Each correct answer represents a complete solution. Choose two.

Which of the following statements about a smart card are true?

Each correct answer represents a complete solution. Choose two.

You are using a Windows-based sniffer named ASniffer to record the data traffic of a network. You have extracted the following IP Header information of a randomly chosen packet from the sniffer's log:

45 00 00 28 00 00 40 00 29 06 43 CB D2 D3 82 5A 3B 5E AA 72

Which of the following TTL decimal values and protocols are being carried by the IP Header of this packet?

Fill in the blank with the appropriate value.

Twofish symmetric key block cipher operates on 128-bits block size using key sizes up to______ bits.

You work as a Network Administrator for NetTech Inc. Employees in remote locations connect to the company's network using Remote Access Service (RAS). Which of the following will you use to protect the network against unauthorized access?

Which of the following needs to be documented to preserve evidences for presentation in court?

Which of the following terms is used for the process of securing a system or a device on a network infrastructure?

Which of the following security models deal only with integrity?

Each correct answer represents a complete solution. Choose two.

Which of the following layers protocols handles file transfer and network management?

Which of the following services is provided by the message authentication code (MAC) ?

On which of the following OSI model layers does the Point-to-Point Protocol (PPP) work?

Which of the following should propose applicable and effective security controls for managing the risks?

Identify whether the given statement is true or false.

"Replay attack is a type of attack in which attackers capture packets containing passwords or digital signatures whenever packets pass between two hosts on a network."

Which of the following types of computers is used for attracting potential intruders?

Which of the following are examples of passive attacks?

Each correct answer represents a complete solution. Choose all that apply.

A ________ attack occurs when an attacker successfully inserts an intermediary software or program between two communicating hosts.

Which of the following is an international treaty that governs intellectual property?

Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

Which of the following rated systems of the Orange book has mandatory protection of the TCB?

The TCP/IP protocol suite uses ____ to identify which service a certain packet is destined for.

What are packet sniffers?

The _______ protocol allows applications to communicate across a network in a way designed to prevent eavesdropping and message forgery.

The Children's Online Privacy Protection Act makes it illegal for Web sites to collect information from children under __ years of age without verifiable permission of a parent?

Which of the following ports is used by a BOOTP server?

Which of the following are the phases of the Certification and Accreditation (C&A) process?

Each correct answer represents a complete solution. Choose two.

The 802.11b wireless standard has a data transfer speed of up to ________.

A ________ is a detailed step-by-step document that explains exactly what is to be done.

Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2000 domain-based network. Users report that they are unable to log on to the network. Mark finds that accounts are locked out due to multiple incorrect log on attempts. What is the most likely cause of the account lockouts?

Which of the following can be prevented by an organization using job rotation and separation of duties policies?

Which of the following services are provided by Remote Authentication Dial-In User Service (RADIUS)?

Each correct answer represents a complete solution. Choose three.

You work as a Network Administrator for NetTech Inc. The company wants to encrypt its e-mails.

Which of the following will you use to accomplish this?

Which of the following protocols is used with a tunneling protocol to provide security?

How many keys are used to encrypt data in symmetric encryption?

An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?

In which of the following processes, a DNS server may return an incorrect IP address, diverting traffic to another computer?

Which of the following is not a biometrics technology for authentication?

Which of the following are the centralized administration technologies?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following is the default port for Simple Network Management Protocol (SNMP)?

Which of the following hashing algorithms produces a variable length hash value?

Which of the following protocols implements VPN using IPSec?

Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

Which of the following statements about packet filtering is true?

Routers and firewalls use _______ to determine which packets should be forwarded or dropped.