Free GIAC GISP Practice Test & Real Exam Questions

Exam Code/Number: GISP
Exam Name/Title: GIAC Information Security Professional
Certification Provider: GIAC
Corresponding Certification: GIAC Information Security

Exam Questions: 659
Updated On: Jun 15, 2026

Question #1

Which of the following is used by attackers to record everything a person types, including usernames, passwords, and account information?

A. Packet sniffing

B. Spoofing

C. Wiretapping

D. Keystroke logging

Discussion 0

Correct Answer: D Vote an answer

Question #2

Perfect World Inc., provides its sales managers access to the company's network from remote locations. The sales managers use laptops to connect to the network. For security purposes, the company's management wants the sales managers to log on to the network using smart cards over a remote connection. Which of the following authentication protocols should be used to accomplish this?

A. Extensible Authentication Protocol (EAP)

B. Challenge Handshake Authentication Protocol (CHAP)

C. Open Shortest Path First (OSPF)

D. Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

Discussion 0

Correct Answer: A Vote an answer

Question #3

Which of the following are based on malicious code?
Each correct answer represents a complete solution. Choose two.

A. Denial-of-Service (DoS)

B. Worm

C. Trojan horse

D. Biometrics

Discussion 0

Correct Answer: B,C Vote an answer

Question #4

The _______ protocol allows applications to communicate across a network in a way designed to prevent eavesdropping and message forgery.

A. EAP

B. PPP

C. TCP

D. TLS

Discussion 0

Correct Answer: D Vote an answer

Question #5

Fill in the blanks with the appropriate values.
Blowfish is a _______ -bit block cipher that can support key lengths of up to ______ bits.

A. 64,448

Discussion 0

Correct Answer: A Vote an answer

Question #6

Which of the following federal laws are related to hacking activities?
Each correct answer represents a complete solution. Choose three.

A. 18 U.S.C. 1028

B. 18 U.S.C. 2510

C. 18 U.S.C. 1030

D. 18 U.S.C. 1029

Discussion 0

Correct Answer: B,C,D Vote an answer

Question #7

Which of the following processes is known as Declassification?

A. Physically destroying the media and the information stored on it.

B. Removing the content from the media so that it is difficult to restore.

C. Assessing the risk involved in making a confidential document available to public.

D. Verifying the identity of a person, network host, or system process.

Discussion 0

Correct Answer: C Vote an answer

Question #8

Which of the following refers to a computer that must be secure because it is accessible from the Internet and is vulnerable to attacks?

A. LMHOSTS

B. Gateway

C. Bastion host

D. Firewall

Discussion 0

Correct Answer: C Vote an answer

Question #9

Which of the following is used to prevent the electronic emissions of a computer from being used by unauthorized users?

A. Auditing

B. Shielding

C. Spoofing

D. System hardening

Discussion 0

Correct Answer: B Vote an answer

Question #10

Which of the following are the phases of the Certification and Accreditation (C&A) process?
Each correct answer represents a complete solution. Choose two.

A. Continuous Monitoring

B. Initiation

C. Auditing

D. Detection

Discussion 0

Correct Answer: A,B Vote an answer

Question #11

An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to?

A. Multi-factor

B. Anonymous

C. Mutual

D. Biometrics

Discussion 0

Correct Answer: A Vote an answer

Question #12

Which U.S. government agency is responsible for establishing standards concerning cryptography for nonmilitary use?

A. National Institute of Standards and Technology (NIST)

B. Central Security Service (CSS)

C. International Telecommunications Union

D. Request for Comments (RFC)

E. National Security Agency (NSA)

F. American Bankers Association

Discussion 0

Correct Answer: A Vote an answer

Question #13

You work as a Network Administrator for NetTech Inc. The company has a network that consists of 200 client computers and ten database servers. One morning, you find that a hacker is accessing unauthorized data on a database server on the network. Which of the following actions will you take to preserve the evidences?
Each correct answer represents a complete solution. Choose three.

A. Prevent a forensics experts team from entering the server room.

B. Prevent the company employees from entering the server room.

C. Detach the network cable from the database server.

D. Preserve the log files for a forensics expert.

Discussion 0

Correct Answer: B,C,D Vote an answer

Question #14

Which of the following statements about the availability concept of Information security management is true?

A. It ensures that unauthorized modifications are not made to data by authorized personnel or processes.

B. It ensures reliable and timely access to resources.

C. It ensures that modifications are not made to data by unauthorized personnel or processes.

D. It determines actions and behaviors of a single individual within a system.

Discussion 0

Correct Answer: B Vote an answer

Question #15

Which of the following statements about DES (Data Encryption Standard) is true?

A. Its most widely used symmetric encryption algorithm uses a 56-bit key.

B. Its most widely used symmetric encryption algorithm uses a 64-bit key.

C. Its most widely used symmetric encryption algorithm uses a 128-bit key.

D. Its most widely used symmetric encryption algorithm uses a 32-bit key.

Discussion 0

Correct Answer: A Vote an answer

Download Free GIAC GISP Demo

Simply submit your e-mail address below to get started with our free demo of your GIAC GISP exam.