Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: s2p65

Easiest Solution 2 Pass Your Certification Exams

GISP GIAC Information Security Professional Free Practice Exam Questions (2025 Updated)

Prepare effectively for your GIAC GISP GIAC Information Security Professional certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

GIAC GISP Premium Access     Download Demo    
Page: 3 / 7
Total 659 questions

Which of the following is a name, symbol, or slogan with which a product is identified?

A.

Trademark

B.

Patent

C.

Trade secret

D.

Copyright

Which of the following statements about Diffie-Hellman encryption are true?

Each correct answer represents a complete solution. Choose two.

A.

It uses only a private key.

B.

It uses both a public key and a private key.

C.

It does not authenticate the parties involved.

D.

It was developed in 1976.

Which of the following access control models are used in the commercial sector?

Each correct answer represents a complete solution. Choose two.

A.

Clark-Wilson model

B.

Clark-Biba model

C.

Bell-LaPadula model

D.

Biba model

Which of the following protocols is used to query and modify information stored within the directory services?

A.

PPTP

B.

ARP

C.

PAP

D.

LDAP

Which of the following is a type of intruder detection that involves logging network events to a file for an administrator to review later?

A.

Passive detection

B.

Event detection

C.

Active detection

D.

Packet detection

Which of the following access control models uses a role based method to determine access rights and permission?

A.

Discretionary access control

B.

Roaming access control

C.

Nondiscretionary access control

D.

Mandatory access control

Which of the following database types is a collection of tables that are linked by their primary keys?

A.

Relational database management system

B.

Object-oriented database management system

C.

Hierarchical database management system

D.

File-oriented database management system

Which of the following terms refers to the method that allows or restricts specific types of packets from crossing over the firewall?

A.

Web caching

B.

Hacking

C.

Packet filtering

D.

Spoofing

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He wants to test the effect of a virus on the We-are-secure server. He injects the virus on the server and, as a result, the server becomes infected with the virus even though an established antivirus program is installed on the server. Which of the following do you think are the reasons why the antivirus installed on the server did not detect the virus injected by John?

Each correct answer represents a complete solution. Choose all that apply.

A.

The mutation engine of the virus is generating a new encrypted code.

B.

John has changed the signature of the virus.

C.

The virus, used by John, is not in the database of the antivirus program installed on the server.

D.

John has created a new virus.

Fill in the blank with the appropriate value.

Service Set Identifiers (SSIDs) are case sensitive text strings that have a maximum length of_______ characters.

A.

32

Which of the following cables provides maximum security against electronic eavesdropping on a network?

A.

Fibre optic cable

B.

NTP cable

C.

STP cable

D.

UTP cable

Which of the following statements about Network Address Translation (NAT) are true?

Each correct answer represents a complete solution. Choose two.

A.

It allows the computers in a private network to share a global, ISP assigned address to connect to the Internet.

B.

It reduces the need for globally unique IP addresses.

C.

It allows external network clients access to internal services.

D.

It provides added security by using Internet access to deny or permit certain traffic from the Bastion Host.

Fill in the blank with the appropriate value.

Primary Rate Interface (PRI) of an ISDN connection contains _______ B channels and ______ D channel.

A.

23,1

Which of the following is the process of overwriting all addressable locations on a disk?

A.

Sanitization

B.

Authentication

C.

Spoofing

D.

Drive wiping

Sam works as a Web Developer for McRobert Inc. He wants to control the way in which a Web browser receives information and downloads content from Web sites. Which of the following browser settings will Sam use to accomplish this?

A.

Proxy server

B.

Security

C.

Cookies

D.

Certificate

Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 domainbased network. The company has two offices in different cities. The offices are connected through the Internet. Both offices have a Windows 2003 server named SERV1 and SERV2 respectively. Mark is required to create a secure connection between both offices. He configures a VPN connection between the offices using the two servers. He uses L2TP for VPN and also configures an IPSec tunnel. Which of the following will he achieve with this configuration?

Each correct answer represents a part of the solution. Choose two.

A.

Highest possible encryption for traffic between the offices

B.

Encryption for the local files stored on the two servers

C.

Extra bandwidth on the Internet connection

D.

Mutual authentication between the two servers

Which of the following statements about active attack is true?

A.

It does not insert false packets into the data stream.

B.

It makes the computer's network services unavailable.

C.

It inserts false packets into the data stream.

D.

It locks out the users' accounts.

Which of the following categories of UTP cable has maximum data transfer rate of 155 Mbps?

A.

Category 5

B.

Category 3

C.

Category 7

D.

Category 6

Which of the following is the default port for Secure Shell (SSH)?

A.

TCP port 22

B.

UDP port 161

C.

UDP port 138

D.

TCP port 443

Which of the following Windows RRAS authentication protocols uses completely unencrypted passwords?

A.

PAP

B.

MS-CHAP

C.

CHAP

D.

MS-CHAP v2

Which of the following statements about smurf is true?

A.

It is a UDP attack that involves spoofing and flooding.

B.

It is an ICMP attack that involves spoofing and flooding.

C.

It is a denial of service (DoS) attack that leaves TCP ports open.

D.

It is an attack with IP fragments that cannot be reassembled.

You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP-based Windows NT network. You are configuring a computer that will be used as a file server on the network. You have to decide the disk configuration for the computer to obtain better performance.

A fault tolerant disk configuration is not a requirement. Which of the following RAID levels will you choose to fulfil the requirement?

A.

RAID-1

B.

RAID-4

C.

RAID-3

D.

RAID-0

E.

RAID-5

You work as a Network Administrator of a TCP/IP network. You are having DNS resolution problem. Which of the following utilities will you use to diagnose the problem?

A.

PING

B.

IPCONFIG

C.

TRACERT

D.

NSLOOKUP

Which of the following processes is used by remote users to make a secure connection to internal resources after establishing an Internet connection?

A.

Tunneling

B.

Spoofing

C.

Packet filtering

D.

Packet sniffing

Which of the following technologies are forms of single sign-on (SSO)?

Each correct answer represents a complete solution. Choose three.

A.

CoSign

B.

SESAME

C.

Kerberos

D.

RADIUS

Which of the following should propose applicable and effective security controls for managing the risks?

A.

Risk assessment

B.

Risk treatment plan

C.

Risk communication

D.

Risk management plan

Which of the following protocols is used to send e-mails on the Internet?

A.

HTTP

B.

IMAP4

C.

SMTP

D.

POP3

Which of the following statements about a hoax are true?

Each correct answer represents a complete solution. Choose two.

A.

It is a false warning about a virus.

B.

It spreads through e-mail messages.

C.

It corrupts DLL files.

D.

It is a boot sector virus.

John works as a Network Administrator for We-are-secure Inc. The We-are-secure server is based on Windows Server 2003. One day, while analyzing the network security, he receives an error message that Kernel32.exe is encountering a problem. Which of the following steps should John take as a countermeasure to this situation?

Each correct answer represents a complete solution. Choose all that apply.

A.

He should upgrade his antivirus program.

B.

He should restore his Windows settings.

C.

He should observe the process viewer (Task Manager) to see whether any new process is running on the computer or not. If any new malicious process is running, he should kill that process.

D.

He should download the latest patches for Windows Server 2003 from the Microsoft site, so that he can repair the kernel.

Which of the following intrusion detection systems (IDS) monitors network traffic and compares it against an established baseline?

A.

Network-based

B.

File-based

C.

Signature-based

D.

Anomaly-based

GIAC GISP Premium Access     Download Demo    
Page: 3 / 7
Total 659 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved