GISP Practice Test Free – 50 Real Exam Questions to Boost Your Confidence
Preparing for the GISP exam? Start with our GISP Practice Test Free – a set of 50 high-quality, exam-style questions crafted to help you assess your knowledge and improve your chances of passing on the first try.
Taking a GISP practice test free is one of the smartest ways to:
- Get familiar with the real exam format and question types
- Evaluate your strengths and spot knowledge gaps
- Gain the confidence you need to succeed on exam day
Below, you will find 50 free GISP practice questions to help you prepare for the exam. These questions are designed to reflect the real exam structure and difficulty level. You can click on each Question to explore the details.
Which of the following statement about snooping is true?
A. It occurs when an unauthorized user tries to log on repeatedly to a computer or network by guessing usernames and passwords.
B. It is an activity of observing the content that appears on a computer monitor or watching what a user is typing.
C. It is a technique that makes a transmission appear to have come from an authentic source by forging the IP address.
D. It is the art of convincing people and making them disclose useful information such as account names and passwords.
Which of the following are used to suppress electrical and computer fires? Each correct answer represents a complete solution. Choose two.
A. Halon
B. Soda acid
C. CO2
D. Water
Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.
A. Technical
B. Administrative
C. Automatic
D. Physical
SIMULATION - Fill in the blank with the appropriate value. Twofish symmetric key block cipher operates on 128-bits block size using key sizes up to______ bits.
Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?
A. Visitors
B. Customers
C. Employees
D. Hackers
Which of the following provides secure online payment services?
A. CA
B. IEEE
C. ACH
D. ICSA
attacks? Each correct answer represents a complete solution. Choose two.
A. An unauthorized person gains entrance to the building where the company’s database server resides and accesses the server by pretending to be an employee.
B. An unauthorized person inserts an intermediary software or program between two communicating hosts to listen to and modify the communication packets passing between the two hosts.
C. An unauthorized person calls a user and pretends to be a system administrator in order to get the user’s password.
D. An unauthorized person modifies packet headers by using someone else’s IP address to hide his identity.
are true? Each correct answer represents a complete solution. Choose two.
A. It is a false warning about a virus.
B. It spreads through e-mail messages.
C. It corrupts DLL files.
D. It is a boot sector virus.
Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.
A. Data downloading from the Internet
B. File and object access
C. Network logons and logoffs
D. Printer access
Which of the following is a process of monitoring data packets that travel across a network?
A. Packet sniffing
B. Packet filtering
C. Shielding
D. Password guessing
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to perform a stealth scan to discover open ports and applications running on the We-are-secure server. For this purpose, he wants to initiate scanning with the IP address of any third party. Which of the following scanning techniques will John use to accomplish his task?
A. TCP SYN/ACK
B. IDLE
C. UDP
D. RPC
The Children's Online Privacy Protection Act makes it illegal for Web sites to collect information from children under __ years of age without verifiable permission of a parent?
A. 15
B. 13
C. 10
D. 21
E. 18
?
A. TCP port 22
B. UDP port 161
C. UDP port 138
D. TCP port 443
are true? Each correct answer represents a complete solution. Choose two.
A. It can also be nested with the Layer Two Tunneling Protocol (L2TP).
B. It is an IPSec protocol.
C. It uses TCP port 22 as the default port and operates at the application layer.
D. It is a text-based communication protocol.
Which of the following are man-made threats that an organization faces? Each correct answer represents a complete solution. Choose three.
A. Frauds
B. Strikes
C. Employee errors
D. Theft
Which of the following methods of authentication uses finger prints to identify users?
A. Biometrics
B. PKI
C. Kerberos
D. Mutual authentication
You work as a Network Administrator for NetTech Inc. The company's network has a Windows 2000 domain-based network. You want to prevent malicious e- mails from entering the network from the non-existing domains. What will you do to accomplish this?
A. Enable DNS recursive queries on the DNS server.
B. Disable DNS reverse lookup on the e-mail server.
C. Enable DNS reverse lookup on the e-mail server.
D. Disable DNS recursive queries on the DNS server.
Which of the following are examples of passive attacks? Each correct answer represents a complete solution. Choose all that apply.
A. Shoulder surfing
B. Dumpster diving
C. Placing a backdoor
D. Eavesdropping
Which of the following is a reason to implement security logging on a DNS server?
A. For measuring a DNS server’s performance
B. For recording the number of queries resolved
C. For preventing malware attacks on a DNS server
D. For monitoring unauthorized zone transfer
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. In order to do so, he performs the following steps of the preattack phase successfully: ✑ Information gathering ✑ Determination of network range ✑ Identification of active systems ✑ Location of open ports and applications Now, which of the following tasks should he perform next?
A. Install a backdoor to log in remotely on the We-are-secure server.
B. Map the network of We-are-secure Inc.
C. Fingerprint the services running on the we-are-secure network.
D. Perform OS fingerprinting on the We-are-secure network.
Sam works as a Web Developer for McRobert Inc. He wants to control the way in which a Web browser receives information and downloads content from Web sites. Which of the following browser settings will Sam use to accomplish this?
A. Proxy server
B. Security
C. Cookies
D. Certificate
A war dialer is a tool that is used to scan thousands of telephone numbers to detect vulnerable modems. It provides an attacker unauthorized access to a computer. Which of the following tools can an attacker use to perform war dialing? Each correct answer represents a complete solution. Choose all that apply.
A. ToneLoc
B. THC-Scan
C. Wingate
D. NetStumbler
SIMULATION - Fill in the blanks with the appropriate values. Blowfish is a _______ -bit block cipher that can support key lengths of up to ______ bits.
Which of the following protocols is responsible for the resolution of IP addresses to media access control (MAC) addresses?
A. ARP
B. PPP
C. ICMP
D. HTTP
Which of the following entities is used by Routers and firewalls to determine which packets should be forwarded or dropped?
A. Rootkit
B. Backdoor
C. Access control list
D. Rainbow table
Which of the following heights of fence deters only casual trespassers?
A. 3 to 4 feet
B. 2 to 2.5 feet
C. 8 feet
D. 6 to 7 feet
Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.
A. Technical
B. Administrative
C. Automatic
D. Physical
You work as a Network Administrator for NetTech Inc. The company's network has a Windows 2000 domain-based network. You want to prevent malicious e- mails from entering the network from the non-existing domains. What will you do to accomplish this?
A. Disable DNS recursive queries on the DNS server.
B. Enable DNS recursive queries on the DNS server.
C. Enable DNS reverse lookup on the e-mail server.
D. Disable DNS reverse lookup on the e-mail server.
? Each correct answer represents a complete solution. Choose three.
A. Authentication
B. Data encryption
C. Authorization
D. Accounting
Which authentication method uses retinal scanners for authentication process?
A. Biometrics
B. Challenge Handshake Authentication Protocol (CHAP)
C. Smart cards
D. Kerberos
E. Certifications
F. Multi-factor
?
A. PPP
B. L2TP
C. PPTP
D. SLIP
model? Each correct answer represents a complete solution. Choose two.
A. User’s group
B. Access rights and permissions
C. File and data ownership
D. Smart card
John works as a C programmer. He develops the following C program:
#include
#include
#include
int buffer(char *str) {
char buffer1[10];
strcpy(buffer1, str);
return 1;
}
int main(int argc, char *argv[]) {
buffer (argv[1]);
printf("Executedn");
return 1;
}
His program is vulnerable to a __________ attack.
A. Denial-of-Service
B. SQL injection
C. Buffer overflow
D. Cross site scripting
Which of the following is a signature-based intrusion detection system (IDS) ?
A. StealthWatch
B. Snort
C. RealSecure
D. Tripwire
?
A. It is a signature verification utility.
B. It is a certification authority.
C. It is an encryption technology.
D. It is an authentication server.
Which of the following hardware devices prevents broadcasts from crossing over subnets?
A. Bridge
B. Router
C. Modem
D. Hub
Which of the following protocols work at the network layer? Each correct answer represents a complete solution. Choose three.
A. RIP
B. OSPF
C. SPX
D. IGMP
Which of the following protocols uses TCP port 22 as the default port and operates at the application layer?
A. Secure Sockets Layer (SSL)
B. Secure Shell (SSH)
C. Post Office Protocol version 3 (POP3)
D. Trivial File Transfer Protocol (TFTP)
Which of the following protocols transmits user credentials as plaintext?
A. MS-CHAP
B. PAP
C. MS-CHAP v2
D. CHAP
components? Each correct answer represents a complete solution. Choose three.
A. Switches
B. Bridges
C. MAC addresses
D. Hub
An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to?
A. Biometrics
B. Anonymous
C. Mutual
D. Multi-factor
You work as a Network Administrator for NetTech Inc. Employees in remote locations connect to the company's network using Remote Access Service (RAS). Which of the following will you use to protect the network against unauthorized access?
A. Bridge
B. Antivirus software
C. Gateway
D. Firewall
You are using a Windows-based sniffer named ASniffer to record the data traffic of a network. You have extracted the following IP Header information of a randomly chosen packet from the sniffer's log: 45 00 00 28 00 00 40 00 29 06 43 CB D2 D3 82 5A 3B 5E AA 72 Which of the following TTL decimal values and protocols are being carried by the IP Header of this packet?
A. 16, ICMP
B. 41, TCP
C. 16, UDP
D. 41, UDP
You work as a professional Ethical Hacker. You are assigned a project to test the security of www.we-are-secure.com. You are working on the Windows Server 2003 operating system. You suspect that your friend has installed the keyghost keylogger onto your computer. Which of the following countermeasures would you employ in such a situation? Each correct answer represents a complete solution. Choose all that apply.
A. Use on-screen keyboards and speech-to-text conversion software which can also be useful agains keyloggers, as there are no typing or mouse movements involved.
B. Remove the SNMP agent or disable the SNMP service.
C. Use commercially available anti-keyloggers such as PrivacyKeyboard.
D. Monitor the programs running on the server to see whether any new process is running on the server or not.
Which of the following is a name, symbol, or slogan with which a product is identified?
A. Trademark
B. Patent
C. Trade secret
D. Copyright
Which of the following is the process of finding weaknesses in cryptographic algorithms and obtaining the plaintext or key from the ciphertext?
A. Cryptanalysis
B. Kerberos
C. Cryptographer
D. Cryptography
Which of the following are politically motivated threats that an organization faces? Each correct answer represents a complete solution. Choose all that apply.
A. Power distribution outages
B. Civil disobedience
C. Riot
D. Terrorist attacks
E. Vandalism
Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two.
A. Building Risk free systems
B. Assuring the integrity of organizational data
C. Risk control
D. Risk identification
are true? Each correct answer represents a complete solution. Choose two.
A. It is the term used by Microsoft for major service pack releases.
B. It is generally related to security problems.
C. It is a collection of files used by Microsoft for software updates released between major service pack releases.
D. It is generally related to the problems of a Web server’s performance.
fire?
A. Combustible metals fire
B. Paper or wood fire
C. Oil fire
D. Electronic or computer fire
Free Access Full GISP Practice Test Free Questions
If you’re looking for more GISP practice test free questions, click here to access the full GISP practice test.
We regularly update this page with new practice questions, so be sure to check back frequently.
Good luck with your GISP certification journey!