Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: s2p65

Easiest Solution 2 Pass Your Certification Exams

GISP GIAC Information Security Professional Free Practice Exam Questions (2025 Updated)

Prepare effectively for your GIAC GISP GIAC Information Security Professional certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

GIAC GISP Premium Access     Download Demo    
Page: 1 / 7
Total 659 questions

Which of the following is a documentation of guidelines that computer forensics experts use to handle evidences?

A.

Chain of custody

B.

Evidence access policy

C.

Chain of evidence

D.

Incident response policy

Mark works as a Webmaster for Infonet Inc. He sets up an e-commerce site. He wants to accept online payments through credit cards on this site. He wants the credit card numbers to be encrypted. What will Mark do to accomplish the task?

A.

Use PGP.

B.

Use HTTP.

C.

Use MIME.

D.

Use SET.

Which of the following methods can be helpful to eliminate social engineering threat?

Each correct answer represents a complete solution. Choose three.

A.

Password policies

B.

Vulnerability assessments

C.

Data classification

D.

Data encryption

You are using a Windows-based sniffer named ASniffer to record the data traffic of a network. You have extracted the following IP Header information of a randomly chosen packet from the sniffer's log:

45 00 00 28 00 00 40 00 29 06 43 CB D2 D3 82 5A 3B 5E AA 72

Which of the following TTL decimal values and protocols are being carried by the IP Header of this packet?

A.

16, ICMP

B.

41, TCP

C.

16, UDP

D.

41, UDP

In which of the following does a Web site store information such as user preferences to provide customized services to users?

A.

ActiveX control

B.

Keyword

C.

Protocol

D.

Cookie

John works as a contract Ethical Hacker. He has recently got a project to do security checking for www.we-are-secure.com. He wants to find out the operating system of the we-are-secure server in the information gathering step. Which of the following commands will he use to accomplish the task?

Each correct answer represents a complete solution. Choose two.

A.

nc 208.100.2.25 23

B.

nc -v -n 208.100.2.25 80

C.

nmap -v -O 208.100.2.25

D.

nmap -v -O www.we-are-secure.com

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He copies the whole structure of the We-are-secure Web site to the local disk and obtains all the files on the Web site. Which of the following techniques is he using to accomplish his task?

A.

TCP FTP proxy scanning

B.

Eavesdropping

C.

Web ripping

D.

Fingerprinting

Which of the following is used to allow or deny access to network resources?

A.

ACL

B.

System hardening

C.

Spoofing

D.

NFS

On which of the following does a CGI program execute?

A.

Router

B.

Client and Web server

C.

Client

D.

Web server

Which of the following are considered Bluetooth security violations?

Each correct answer represents a complete solution. Choose two.

A.

Social engineering

B.

Bluesnarfing

C.

SQL injection attack

D.

Bluebug attack

E.

Cross site scripting attack

Fill in the blanks with the appropriate values.

International Data Encryption Algorithm (IDEA) is a ______ -bit block cipher that uses a _____-bit key.

A.

64,128

Which of the following statements about asymmetric encryption are true?

Each correct answer represents a complete solution. Choose two.

A.

Asymmetric encryption uses a public key and a private key pair for data encryption.

B.

Asymmetric encryption is faster as compared to symmetric encryption.

C.

In asymmetric encryption, the public key is distributed and the private key is available only to the recipient of the message.

D.

In asymmetric encryption, only one key is needed to encrypt and decrypt data.

Which of the following are the primary components of a discretionary access control (DAC) model?

Each correct answer represents a complete solution. Choose two.

A.

User's group

B.

Access rights and permissions

C.

File and data ownership

D.

Smart card

Which of the following needs to be documented to preserve evidences for presentation in court?

A.

Incident response policy

B.

Separation of duties

C.

Chain of custody

D.

Account lockout policy

Which of the following is the most secure policy for a firewall?

A.

Passing all packets unless they are explicitly rejected.

B.

Enabling all internal interfaces.

C.

Blocking all packets unless they are explicitly permitted.

D.

Disabling all external interfaces.

Which of the following is used by the Diffie-Hellman encryption algorithm?

A.

Password

B.

Access control entry

C.

Key exchange

D.

Access control list

Which of the following is used by attackers to obtain an authenticated connection on a network?

A.

Denial-of-Service (DoS) attack

B.

Replay attack

C.

Man-in-the-middle attack

D.

Back door

Which of the following terms is used for the process of securing a system or a device on a network infrastructure?

A.

Sanitization

B.

Cryptography

C.

Hardening

D.

Authentication

Which of the following are types of social engineering attacks?

Each correct answer represents a complete solution. Choose two.

A.

An unauthorized person gains entrance to the building where the company's database server resides and accesses the server by pretending to be an employee.

B.

An unauthorized person inserts an intermediary software or program between two communicating hosts to listen to and modify the communication packets passing between the two hosts.

C.

An unauthorized person calls a user and pretends to be a system administrator in order to get the user's password.

D.

An unauthorized person modifies packet headers by using someone else's IP address to hide his identity.

Which of the following types of activities can be audited for security?

Each correct answer represents a complete solution. Choose three.

A.

Data downloading from the Internet

B.

File and object access

C.

Network logons and logoffs

D.

Printer access

Which of the following are the goals of risk management?

Each correct answer represents a complete solution. Choose three.

A.

Identifying the risk

B.

Assessing the impact of potential threats

C.

Finding an economic balance between the impact of the risk and the cost of the countermeasure

D.

Identifying the accused

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using the TFN and Trin00 tools to test the security of the We-aresecure server, so that he can check whether the server is vulnerable or not. Using these tools, which of the following attacks can John perform to test the security of the We-are-secure server?

A.

Reply attack

B.

Cross site scripting attack

C.

DDoS attack

D.

Brute force attack

Which of the following are the common roles with regard to data in an information classification program?

Each correct answer represents a complete solution. Choose all that apply.

A.

User

B.

Owner

C.

Custodian

D.

Security auditor

E.

Editor

Which of the following statements are true about worms?

Each correct answer represents a complete solution. Choose all that apply.

A.

Worms can exist inside files such as Word or Excel documents.

B.

Worms cause harm to the network by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

C.

One feature of worms is keystroke logging.

D.

Worms replicate themselves from one system to another without using a host file.

Which of the following records is the first entry in a DNS database file?

A.

SRV

B.

CNAME

C.

MX

D.

SOA

Which of the following protocols work at the network layer?

Each correct answer represents a complete solution. Choose three.

A.

OSPF

B.

SPX

C.

IGMP

D.

RIP

Which of the following protocols is used to provide security for wireless local area networks (WLANs)?

A.

WEP

B.

EAP

C.

NAT

D.

TLS

Which of the following protects from electrical and magnetic induction that causes interference to the power voltage?

A.

Power regulator

B.

Shielded line

C.

Firewall

D.

Smoke detector

Which of the following is used for secure financial transactions over the Internet?

A.

VPN

B.

ATM

C.

SSL

D.

SET

Which of the following services is provided by the message authentication code (MAC) ?

A.

Data recovery

B.

Integrity

C.

Fault tolerance

D.

Key recovery

GIAC GISP Premium Access     Download Demo    
Page: 1 / 7
Total 659 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved