March Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

ISC ISSAP ISSAP Information Systems Security Architecture Professional Exam Practice Test

Demo: 35 questions
Total 237 questions

ISSAP Information Systems Security Architecture Professional Questions and Answers

Question 1

You work as a Chief Security Officer for Tech Perfect Inc. You have configured IPSec and ISAKMP protocol in the company's network in order to establish a secure communication infrastructure. ccording to the Internet RFC 2408, which of the following services does the ISAKMP protocol offer to the network? Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

It relies upon a system of security associations.

B.

It provides key generation mechanisms.

C.

It authenticates communicating peers.

D.

It protects against threats, such as DoS attack, replay attack, etc.

Question 2

Your customer is concerned about security. He wants to make certain no one in the outside world can see the IP addresses inside his network. What feature of a router would accomplish this?

Options:

A.

Port forwarding

B.

NAT

C.

MAC filtering

D.

Firewall

Question 3

Which of the following encryption modes has the property to allow many error correcting codes to function normally even when applied before encryption?

Options:

A.

OFB mode

B.

CFB mode

C.

CBC mode

D.

PCBC mode

Question 4

You are calculating the Annualized Loss Expectancy (ALE) using the following formula: ALE=AV * EF * ARO What information does the AV (Asset Value) convey?

Options:

A.

It represents how many times per year a specific threat occurs.

B.

It represents the percentage of loss that an asset experiences if an anticipated threat occurs.

C.

It is expected loss for an asset due to a risk over a one year period.

D.

It represents the total cost of an asset, including the purchase price, recurring maintenance, expenses, and all other costs.

Question 5

Which of the following authentication methods provides credentials that are only valid during a single session?

Options:

A.

Kerberos v5

B.

Smart card

C.

Certificate

D.

Token

Question 6

You are the Security Consultant and have been contacted by a client regarding their encryption and hashing algorithms. Their in-house network administrator tells you that their current hashing algorithm is an older one with known weaknesses and is not collision resistant.Which algorithm are they most likely using for hashing?

Options:

A.

PKI

B.

SHA

C.

Kerberos

D.

MD5

Question 7

Which of the following is a form of gate that allows one person to pass at a time?

Options:

A.

Biometric

B.

Man-trap

C.

Turnstile

D.

Fence

Question 8

You work as an administrator for Techraft Inc. Employees of your company create 'products', which are supposed to be given different levels of access. You need to configure a security policy in such a way that an employee (producer of the product) grants accessing privileges (such as read, write, or alter) for his product. Which of the following access control models will you use to accomplish this task?

Options:

A.

Discretionary access control (DAC)

B.

Role-based access control (RBAC)

C.

Mandatory access control (MAC)

D.

Access control list (ACL)

Question 9

You are implementing some security services in an organization, such as smart cards, biometrics, access control lists, firewalls, intrusion detection systems, and clipping levels. Which of the following categories of implementation of the access control includes all these security services?

Options:

A.

Administrative access control

B.

Logical access control

C.

Physical access control

D.

Preventive access control

Question 10

Which of the following backup types backs up files that have been added and all data that have been modified since the most recent backup was performed?

Options:

A.

Differential backup

B.

Incremental backup

C.

Daily backup

D.

Full backup

Question 11

Which of the following protocols work at the Network layer of the OSI model?

Options:

A.

Routing Information Protocol (RIP)

B.

File Transfer Protocol (FTP)

C.

Simple Network Management Protocol (SNMP)

D.

Internet Group Management Protocol (IGMP)

Question 12

You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location. However, budget is an issue. Which of the following is most appropriate for this client?

Options:

A.

Warm site

B.

Cold site

C.

Off site

D.

Hot site

Question 13

Which of the following authentication methods support mutual authentication? Each correct answer represents a complete solution. Choose two.

Options:

A.

MS-CHAP v2

B.

NTLM

C.

EAP-MD5

D.

EAP-TLS

Question 14

Which of the following uses public key cryptography to encrypt the contents of files?

Options:

A.

EFS

B.

DFS

C.

NTFS

D.

RFS

Question 15

You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disaster scenario and you want to discuss it with your team members for getting appropriate responses of the disaster. In which of the following disaster recovery tests can this task be performed?

Options:

A.

Full-interruption test

B.

Parallel test

C.

Simulation test

D.

Structured walk-through test

Question 16

Which of the following processes is used by remote users to make a secure connection to internal resources after establishing an Internet connection?

Options:

A.

Spoofing

B.

Packet sniffing

C.

Tunneling

D.

Packet filtering

Question 17

You are responsible for security at a defense contracting firm. You are evaluating various possible encryption algorithms to use. One of the algorithms you are examining is not integer based, uses shorter keys, and is public key based. What type of algorithm is this?

Options:

A.

Symmetric

B.

None - all encryptions are integer based.

C.

Elliptic Curve

D.

RSA

Question 18

Which of the following protocols supports encapsulation of encrypted packets in secure wrappers that can be transmitted over a TCP/IP connection?

Options:

A.

PPTP

B.

UDP

C.

IPSec

D.

PAP

Question 19

The service-oriented modeling framework (SOMF) provides a common modeling notation to address alignment between business and IT organizations. Which of the following principles does the SOMF concentrate on? Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Disaster recovery planning

B.

SOA value proposition

C.

Software assets reuse

D.

Architectural components abstraction

E.

Business traceability

Question 20

Which of the following protocols is designed to efficiently handle high-speed data over wide area networks (WANs)?

Options:

A.

PPP

B.

X.25

C.

Frame relay

D.

SLIP

Question 21

Which of the following are the initial steps required to perform a risk analysis process? Each correct answer represents a part of the solution. Choose three.

Options:

A.

Estimate the potential losses to assets by determining their value.

B.

Establish the threats likelihood and regularity.

C.

Valuations of the critical assets in hard costs.

D.

Evaluate potential threats to the assets.

Question 22

Which of the following terms refers to the method that allows or restricts specific types of packets from crossing over the firewall?

Options:

A.

Hacking

B.

Packet filtering

C.

Web caching

D.

Spoofing

Question 23

Which of the following does PEAP use to authenticate the user inside an encrypted tunnel? Each correct answer represents a complete solution. Choose two.

Options:

A.

GTC

B.

MS-CHAP v2

C.

AES

D.

RC4

Question 24

Which of the following are the countermeasures against a man-in-the-middle attack? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Using public key infrastructure authentication.

B.

Using basic authentication.

C.

Using Secret keys for authentication.

D.

Using Off-channel verification.

Question 25

You work as a Network Administrator for Blue Bell Inc. The company has a TCP-based network. The company has two offices in different cities. The company wants to connect the two offices by using a public network. You decide to configure a virtual private network (VPN) between the offices. Which of the following protocols is used by VPN for tunneling?

Options:

A.

L2TP

B.

HTTPS

C.

SSL

D.

IPSec

Question 26

Which of the following is an electrical event shows that there is enough power on the grid to prevent from a total power loss but there is no enough power to meet the current electrical demand?

Options:

A.

Power Surge

B.

Power Spike

C.

Blackout

D.

Brownout

Question 27

Which of the following devices is a least expensive power protection device for filtering the electrical stream to control power surges, noise, power sags, and power spikes?

Options:

A.

Line Conditioner

B.

Surge Suppressor

C.

Uninterrupted Power Supply (UPS)

D.

Expansion Bus

Question 28

Kerberos is a computer network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Which of the following statements are true about the Kerberos authentication scheme? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Kerberos requires continuous availability of a central server.

B.

Dictionary and brute force attacks on the initial TGS response to a client may reveal the subject's passwords.

C.

Kerberos builds on Asymmetric key cryptography and requires a trusted third party.

D.

Kerberos requires the clocks of the involved hosts to be synchronized.

Question 29

Which of the following protocols provides connectionless integrity and data origin authentication of IP packets?

Options:

A.

ESP

B.

AH

C.

IKE

D.

ISAKMP

Question 30

SSH is a network protocol that allows data to be exchanged between two networks using a secure channel. Which of the following encryption algorithms can be used by the SSH protocol? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Blowfish

B.

DES

C.

IDEA

D.

RC4

Question 31

You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process to handle the events and incidents. You identify Denial of Service attack (DOS) from a network linked to your internal enterprise network. Which of the following phases of the Incident handling process should you follow next to handle this incident?

Options:

A.

Containment

B.

Preparation

C.

Recovery

D.

Identification

Question 32

Which of the following is a method for transforming a message into a masked form, together with a way of undoing the transformation to recover the message?

Options:

A.

Cipher

B.

CrypTool

C.

Steganography

D.

MIME

Question 33

Which of the following protocols uses public-key cryptography to authenticate the remote computer?

Options:

A.

SSH

B.

Telnet

C.

SCP

D.

SSL

Question 34

You work as a Network Administrator for NetTech Inc. You want to have secure communication on the company's intranet. You decide to use public key and private key pairs. What will you implement to accomplish this?

Options:

A.

Microsoft Internet Information Server (IIS)

B.

VPN

C.

FTP server

D.

Certificate server

Question 35

Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?

Options:

A.

Social engineering attack

B.

Cross site scripting attack

C.

Mail bombing

D.

Password guessing attack

Demo: 35 questions
Total 237 questions