GIAC Information Security Professional v6.0

Page:    1 / 44   
Exam contains 659 questions

Which of the following practices come in the category of denial of service attack?
Each correct answer represents a complete solution. Choose three.

  • A. Sending lots of ICMP packets to an IP address
  • B. Disrupting services to a specific computer
  • C. Performing Back door attack on a system
  • D. Sending thousands of malformed packets to a network for bandwidth consumption


Answer : A,B,D

stand for?

  • A. Rivest-Shamir-Adleman
  • B. Read System Authority
  • C. Rivest-System-Adleman
  • D. Remote System Authority


Answer : A

Which of the following authentication methods support mutual authentication?
Each correct answer represents a complete solution. Choose two.

  • A. MS-CHAP v2
  • B. EAP-TLS
  • C. EAP-MD5
  • D. NTLM


Answer : A,B

Fill in the blank with the appropriate layer name.
The Network layer of the OSI model corresponds to the _______________ layer of the
TCP/IP model.

  • A. Internet


Answer : A

Which of the following are the application layer protocols for security?
Each correct answer represents a complete solution. Choose three.

  • A. Secure Hypertext Transfer Protocol (S-HTTP)
  • B. Secure Sockets Layer (SSL)
  • C. Secure Electronic Transaction (SET)
  • D. Secure Shell (SSH)


Answer : A,C,D

John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the
We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?

  • A. Session splicing attack
  • B. Evasion attack
  • C. Insertion attack
  • D. Polymorphic shell code attack


Answer : D

Which of the following types of attacks is only intended to make a computer resource unavailable to its users?

  • A. Teardrop attack
  • B. Denial of Service attack
  • C. Land attack
  • D. Replay attack


Answer : B

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to perform a stealth scan to discover open ports and applications running on the We-are-secure server. For this purpose, he wants to initiate scanning with the IP address of any third party. Which of the following scanning techniques will John use to accomplish his task?

  • A. RPC
  • B. IDLE
  • C. UDP
  • D. TCP SYN/ACK


Answer : D

Mark has been hired by a company to work as a Network Assistant. He is assigned the task to configure a dial-up connection. He is configuring a laptop. Which of the following protocols should he disable to ensure that the password is encrypted during remote access?

  • A. SPAP
  • B. MSCHAP V2
  • C. PAP
  • D. MSCHAP


Answer : C

components?
Each correct answer represents a complete solution. Choose three.

  • A. Switches
  • B. Bridges
  • C. MAC addresses
  • D. Hub


Answer : A,B,C

are true?
Each correct answer represents a complete solution. Choose two.

  • A. It can detect events scattered over the network.
  • B. It is a technique that allows multiple computers to share one or more IP addresses.
  • C. It cannot detect events scattered over the network.
  • D. It can handle encrypted and unencrypted traffic equally.


Answer : C,D

You work as a professional Ethical Hacker. You are assigned a project to test the security of www.we-are-secure.com. You are working on the Windows Server 2003 operating system. You suspect that your friend has installed the keyghost keylogger onto your computer. Which of the following countermeasures would you employ in such a situation?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Use on-screen keyboards and speech-to-text conversion software which can also be useful agains keyloggers, as there are no typing or mouse movements involved.
  • B. Remove the SNMP agent or disable the SNMP service.
  • C. Use commercially available anti-keyloggers such as PrivacyKeyboard.
  • D. Monitor the programs running on the server to see whether any new process is running on the server or not.


Answer : A,C,D

Which of the following can be prevented by an organization using job rotation and separation of duties policies?

  • A. Collusion
  • B. Eavesdropping
  • C. Buffer overflow
  • D. Phishing


Answer : A

Which of the following protocols work at the data-link layer?
Each correct answer represents a complete solution. Choose two.

  • A. NFS
  • B. SSL
  • C. ARP
  • D. PPP


Answer : C,D

Which of the following terms refers to the method that allows or restricts specific types of

  • A. Web caching
  • B. Hacking
  • C. Packet filtering
  • D. Spoofing


Answer : C

Page:    1 / 44   
Exam contains 659 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.