Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GIAC GISP - GIAC Information Security Professional

GIAC GISP Premium Access     Download Demo    
Page: 11 / 14
Total 659 questions

Which of the following terms refers to the method that allows or restricts specific types of packets from crossing over the firewall?

A.

Web caching

B.

Hacking

C.

Packet filtering

D.

Spoofing

Which of the following statements about the One Time Password (OTP) security system are true?

Each correct answer represents a complete solution. Choose two.

A.

It requires a password only once to authenticate users.

B.

It requires a new password every time a user authenticates himself.

C.

It generates passwords by using either the MD4 or MD5 hashing algorithm.

D.

It generates passwords by using Kerberos v5.

Which of the following steps can be taken to protect laptops and data they hold?

Each correct answer represents a complete solution. Choose all that apply.

A.

Use slot locks with cable to connect the laptop to a stationary object.

B.

Keep inventory of all laptops including serial numbers.

C.

Harden the operating system.

D.

Encrypt all sensitive data.

Which of the following are ensured by the concept of integrity in information system security?

Each correct answer represents a complete solution. Choose two.

A.

Unauthorized modifications are not made by authorized users.

B.

Data modifications are not made by an unauthorized user or process.

C.

The intentional or unintentional unauthorized disclosure of a message or important document contents is prevented.

D.

The systems are up and running when they are needed.

Which of the following statements about Discretionary Access Control List (DACL) is true?

A.

It is a rule list containing access control entries.

B.

It specifies whether an audit activity should be performed when an object attempts to access a resource.

C.

It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.

D.

It is a unique number that identifies a user, group, and computer account.

Which of the following can be prevented by an organization using job rotation and separation of duties policies?

A.

Collusion

B.

Eavesdropping

C.

Buffer overflow

D.

Phishing

You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company has recently provided laptops to its sales team members. You have configured access points in the network to enable a wireless network. The company's security policy states that all users using laptops must use smart cards for authentication. Which of the following authentication techniques will you use to implement the security policy of the company?

A.

IEEE 802.1X using EAP-TLS

B.

Pre-shared key

C.

IEEE 802.1X using PEAP-MS-CHAP

D.

Open system

Which of the following standards works at the presentation layer?

Each correct answer represents a complete solution. Choose all that apply.

A.

ASCII

B.

MPEG

C.

TIFF

D.

JPEG

Which of the following types of attacks is only intended to make a computer resource unavailable to its users?

A.

Teardrop attack

B.

Denial of Service attack

C.

Land attack

D.

Replay attack

Which of the following statements about Digest authentication are true?

Each correct answer represents a complete solution. Choose two.

A.

In Digest authentication, passwords are sent across a network as clear text, rather than as a has value.

B.

Digest authentication is used by wireless LANs, which follow the IEEE 802.11 standard.

C.

In Digest authentication, passwords are sent across a network as a hash value, rather than as clear text.

D.

Digest authentication is a more secure authentication method as compared to Basic authentication.

Which of the following is a technique used to attack an Ethernet wired or wireless network?

A.

DNS poisoning

B.

Keystroke logging

C.

Mail bombing

D.

ARP poisoning

Which of the following acts as an intermediary between a user on the internal network and a service on the external network such as the Internet?

A.

DNS server

B.

Firewall

C.

Proxy server

D.

WINS server

Which of the following are the types of access controls?

Each correct answer represents a complete solution. Choose three.

A.

Technical

B.

Administrative

C.

Automatic

D.

Physical

Which of the following methods of authentication uses finger prints to identify users?

A.

Biometrics

B.

PKI

C.

Kerberos

D.

Mutual authentication

Which of the following terms is used for the process of securing a system or a device on a network infrastructure?

A.

Authentication

B.

Sanitization

C.

Hardening

D.

Cryptography