GIAC Information Security Professional - GISP Exam Questions [2026]

QUESTION NO: 1
Which of the following provides high availability of data?

A. EFS B. Anti-virus software C. Backup D. RAID

Correct Answer: D

QUESTION NO: 2
Which of the following protocols multicasts messages and information among all member devices in an IP multicast group?

A. ICMP B. ARP C. IGMP D. TCP

Correct Answer: C

QUESTION NO: 3
Which of the following statements about smurf is true?

A. It is an attack with IP fragments that cannot be reassembled. B. It is a UDP attack that involves spoofing and flooding. C. It is an ICMP attack that involves spoofing and flooding. D. It is a denial of service (DoS) attack that leaves TCP ports open.

Correct Answer: C

QUESTION NO: 4
Which of the following statements about DMZ is true?

A. DMZ is a corporate network used as the Internet. B. DMZ is a network that lies in between a corporate network and the Internet. C. DMZ is a network that is not connected to the Internet. D. DMZ is a firewall that lies in between two corporate networks.

Correct Answer: B

QUESTION NO: 5
In which of the following security tests does the security testing team simulate as an employee or other person with an authorized connection to the organization's network?

A. Remote dial-up network B. Stolen equipment C. Local network D. Remote network

Correct Answer: C

QUESTION NO: 6
Which of the following statements about a smart card are true?
Each correct answer represents a complete solution. Choose two.

A. It is a device that works as an interface between a computer and a network. B. It is a device that routes data packets between computers in different networks. C. It is a device that contains a microprocessor and permanent memory. D. It is used to securely store public and private keys for log on , e-mail signing and encryption, and file encryption.

Correct Answer: C,D

QUESTION NO: 7
How many keys are used to encrypt data in symmetric encryption?

A. One B. Three C. Four D. Two

Correct Answer: A

QUESTION NO: 8
Which of the following is used by the Diffie-Hellman encryption algorithm?

A. Key exchange B. Access control entry C. Access control list D. Password

Correct Answer: A

QUESTION NO: 9
Which of the following occurs when a packet is sent from a source computer to a destination computer?

A. Broadcast transmission B. Baseband transmission C. Multicast transmission D. Unicast transmission

Correct Answer: D

QUESTION NO: 10
Which of the following terms is used for securing an operating system from an attack?

A. System hardening B. System hacking C. System mirroring D. System indexing

Correct Answer: A

QUESTION NO: 11
Which of the following can be prevented by an organization using job rotation and separation of duties policies?

A. Collusion B. Phishing C. Eavesdropping D. Buffer overflow

Correct Answer: B

QUESTION NO: 12
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He recommends a disk encryption tool to encrypt the secret files of the We-are-secure server. He presents a report to the We-are-secure authorities as given below:
Which of the following tools is John recommending for disk encryption on the We-are- secure server?

A. CryptoHeaven B. Stunnel C. Magic Lantern D. TrueCrypt

Correct Answer: D

QUESTION NO: 13
Which of the following can be prevented by an organization using job rotation and separation of duties policies?

A. Collusion B. Phishing C. Eavesdropping D. Buffer overflow

Correct Answer: A

QUESTION NO: 14
Which of the following should be implemented to protect an organization from spam?

A. E-mail filtering B. Packet filtering C. System hardening D. Auditing

Correct Answer: A

QUESTION NO: 15
Which of the following are the responsibilities of the custodian of data?
Each correct answer represents a complete solution. Choose two.

A. Security of data B. Maintaining integrity of data C. User authentication D. Backing up data

Correct Answer: A,B