1. Home
  2. GIAC
  3. GIAC Certification
  4. GISP
  5. GIAC Information Security Professional Questions and Answers

Pass the GIAC GIAC Certification GISP Questions and answers with CertsForce

 GIAC Exams      Go to Exam Detail      Get Premium Access
Viewing page 3 out of 14 pages
Viewing questions 31-45 out of questions
Questions # 31:

John works as a C programmer. He develops the following C program:

#include

#include

#include

int buffer(char *str) {

char buffer1[10];

strcpy(buffer1, str);

return 1;

}

int main(int argc, char *argv[]) {

buffer (argv[1]);

printf("Executed\n");

return 1;

}

His program is vulnerable to a __________ attack.

Options:
A.

Denial-of-Service

B.

SQL injection

C.

Buffer overflow

D.

Cross site scripting

Questions # 32:

Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security equivalent to wired networks for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. Which of the following statements are true about WEP?

Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

WEP uses the RC4 encryption algorithm.

B.

The Initialization Vector (IV) field of WEP is only 24 bits long.

C.

Automated tools such as AirSnort are available for discovering WEP keys.

D.

It provides better security than the Wi-Fi Protected Access protocol.

Questions # 33:

Which of the following ports is assigned by the Internet Assigned Number Authority (IANA) for RADIUS accounting?

Options:
A.

TCP/UDP port 992

B.

TCP/UDP port 1813

C.

TCP/UDP port 1812

D.

TCP/UDP port 989

Questions # 34:

How many keys are used to encrypt data in symmetric encryption?

Options:
A.

Two

B.

Three

C.

Four

D.

One

Questions # 35:

Which of the following languages is a fourth-generation language?

Options:
A.

FORTRAN

B.

Assembly

C.

C+

D.

SQL

Questions # 36:

Which of the following terms is synonymous with the willful destruction of another person's property?

Options:
A.

Hacking

B.

Vandalism

C.

Spoofing

D.

Phishing

Questions # 37:

Which of the following statements about the authentication concept of information security management is true?

Options:
A.

It ensures the reliable and timely access to resources.

B.

It ensures that modifications are not made to data by unauthorized personnel or processes.

C.

It determines the actions and behaviors of a single individual within a system, and identifies that particular individual.

D.

It establishes the users' identity and ensures that the users are who they say they are.

Questions # 38:

Which of the following is an open source network intrusion detection system?

Options:
A.

Sourcefire

B.

NETSH

C.

Macof

D.

Snort

Questions # 39:

Which of the following layers are the sub layers of the data-link layer?

Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

Media Access Control (MAC)

B.

Logical Link Control (LLC)

C.

Reserve Address Resolution Protocol (RARP)

D.

Serial Line Internet Protocol (SLIP)

Questions # 40:

Which of the following is used in asymmetric encryption?

Options:
A.

Public key and user key

B.

Public key and private key

C.

SSL

D.

NTFS

Questions # 41:

Which of the following are the common roles with regard to data in an information classification program?

Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

User

B.

Owner

C.

Custodian

D.

Security auditor

E.

Editor

Questions # 42:

You work as a Network Administrator for NetTech Inc. The company wants to encrypt its e-mails.

Which of the following will you use to accomplish this?

Options:
A.

IPSec

B.

PGP

C.

PPTP

D.

NTFS

Questions # 43:

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He notices that UDP port 137 of the We-are-secure server is open. Assuming that the Network Administrator of We-are-secure Inc. has not changed the default port values of the services, which of the following services is running on UDP port 137?

Options:
A.

HTTPS

B.

HTTP

C.

TELNET

D.

NetBIOS

Questions # 44:

In which of the following security tests does the security testing team simulate as an employee or other person with an authorized connection to the organization's network?

Options:
A.

Remote dial-up network

B.

Remote network

C.

Stolen equipment

D.

Local network

Questions # 45:

You work as a Network Administrator for McRoberts Inc. The company has a TCP-based network, which is connected to the Internet. Users use their Web browsers to connect to Web servers and to view different Web pages. Which of the following protocols ensures a secure connection between a Web browser and a Web server?

Options:
A.

L2TP

B.

SSL

C.

IPSec

D.

PPTP

Viewing page 3 out of 14 pages
Viewing questions 31-45 out of questions