Cissp Issap
Uploaded by
Bishwanath DasCissp Issap
Uploaded by
Bishwanath DasISC CISSP-ISSAP
ISSAP Information Systems Security Architecture
Professional
Version: 4.0
ISC CISSP-ISSAP Exam
Topic 1, Volume A
QUESTION NO: 1
Which of the following elements of planning gap measures the gap between the total potential for
the market and the actual current usage by all the consumers in the market?
A. Project gap
B. Product gap
C. Competitive gap
D. Usage gap
Answer: D
Explanation:
QUESTION NO: 2
Which of the following terms refers to the method that allows or restricts specific types of packets
from crossing over the firewall?
A. Hacking
B. Packet filtering
C. Web caching
D. Spoofing
Answer: B
Explanation:
QUESTION NO: 3
You work as a Network Administrator for NetTech Inc. The company wants to encrypt its e-mails.
Which of the following will you use to accomplish this?
A. PGP
B. PPTP
C. IPSec
D. NTFS
Answer: A
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 2
ISC CISSP-ISSAP Exam
QUESTION NO: 4
Peter works as a Network Administrator for Net World Inc. The company wants to allow remote
users to connect and access its private network through a dial-up connection via the Internet. All
the data will be sent across a public network. For security reasons, the management wants the
data sent through the Internet to be encrypted. The company plans to use a Layer 2 Tunneling
Protocol (L2TP) connection. Which communication protocol will Peter use to accomplish the task?
A. IP Security (IPSec)
B. Microsoft Point-to-Point Encryption (MPPE)
C. Pretty Good Privacy (PGP)
D. Data Encryption Standard (DES)
Answer: A
Explanation:
QUESTION NO: 5
Which of the following protocols multicasts messages and information among all member devices
in an IP multicast group?
A. ARP
B. ICMP
C. TCP
D. IGMP
Answer: D
Explanation:
QUESTION NO: 6
Which of the following security devices is presented to indicate some feat of service, a special
accomplishment, a symbol of authority granted by taking an oath, a sign of legitimate employment
or student status, or as a simple means of identification?
A. Sensor
B. Alarm
C. Motion detector
D. Badge
Answer: D
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 3
ISC CISSP-ISSAP Exam
QUESTION NO: 7
Which of the following is a method for transforming a message into a masked form, together with a
way of undoing the transformation to recover the message?
A. Cipher
B. CrypTool
C. Steganography
D. MIME
Answer: A
Explanation:
QUESTION NO: 8
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those
resources that are required for them. Which of the following access control models will he use?
A. Policy Access Control
B. Mandatory Access Control
C. Discretionary Access Control
D. Role-Based Access Control
Answer: D
Explanation:
QUESTION NO: 9
Which of the following is used to authenticate asymmetric keys?
A. Digital signature
B. MAC Address
C. Demilitarized zone (DMZ)
D. Password
Answer: A
Explanation:
QUESTION NO: 10
IPsec VPN provides a high degree of data privacy by establishing trust points between
communicating devices and data encryption. Which of the following encryption methods does
"Pass Any Exam. Any Time." - www.actualtests.com 4
ISC CISSP-ISSAP Exam
IPsec VPN use? Each correct answer represents a complete solution. Choose two.
A. MD5
B. LEAP
C. AES
D. 3DES
Answer: C,D
Explanation:
QUESTION NO: 11
A user is sending a large number of protocol packets to a network in order to saturate its
resources and to disrupt connections to prevent communications between services. Which type of
attack is this?
A. Denial-of-Service attack
B. Vulnerability attack
C. Social Engineering attack
D. Impersonation attack
Answer: A
Explanation:
QUESTION NO: 12
Which of the following types of firewall functions at the Session layer of OSI model?
A. Circuit-level firewall
B. Application-level firewall
C. Packet filtering firewall
D. Switch-level firewall
Answer: A
Explanation:
QUESTION NO: 13
Which of the following statements about a stream cipher are true? Each correct answer represents
a complete solution. Choose three.
"Pass Any Exam. Any Time." - www.actualtests.com 5
ISC CISSP-ISSAP Exam
A. It typically executes at a higher speed than a block cipher.
B. It divides a message into blocks for processing.
C. It typically executes at a slower speed than a block cipher.
D. It divides a message into bits for processing.
E. It is a symmetric key cipher.
Answer: A,D,E
Explanation:
QUESTION NO: 14
Which of the following types of attack can be used to break the best physical and logical security
mechanism to gain access to a system?
A. Social engineering attack
B. Cross site scripting attack
C. Mail bombing
D. Password guessing attack
Answer: A
Explanation:
QUESTION NO: 15
You are the Security Consultant advising a company on security methods. This is a highly secure
location that deals with sensitive national defense related data. They are very concerned about
physical security as they had a breach last month. In that breach an individual had simply grabbed
a laptop and ran out of the building. Which one of the following would have been most effective in
preventing this?
A. Not using laptops.
B. Keeping all doors locked with a guard.
C. Using a man-trap.
D. A sign in log.
Answer: C
Explanation:
QUESTION NO: 16
You want to implement a network topology that provides the best balance for regional topologies
in terms of the number of virtual circuits, redundancy, and performance while establishing a WAN
"Pass Any Exam. Any Time." - www.actualtests.com 6
ISC CISSP-ISSAP Exam
network. Which of the following network topologies will you use to accomplish the task?
A. Bus topology
B. Fully meshed topology
C. Star topology
D. Partially meshed topology
Answer: D
Explanation:
QUESTION NO: 17
Which of the following protocols is an alternative to certificate revocation lists (CRL) and allows the
authenticity of a certificate to be immediately verified?
A. RSTP
B. SKIP
C. OCSP
D. HTTP
Answer: C
Explanation:
QUESTION NO: 18
Which of the following does PEAP use to authenticate the user inside an encrypted tunnel? Each
correct answer represents a complete solution. Choose two.
A. GTC
B. MS-CHAP v2
C. AES
D. RC4
Answer: A,B
Explanation:
QUESTION NO: 19
Which of the following terms refers to a mechanism which proves that the sender really sent a
particular message?
"Pass Any Exam. Any Time." - www.actualtests.com 7
ISC CISSP-ISSAP Exam
A. Integrity
B. Confidentiality
C. Authentication
D. Non-repudiation
Answer: D
Explanation:
QUESTION NO: 20
Adam works as a Security Analyst for Umbrella Inc. CEO of the company ordered him to
implement two-factor authentication for the employees to access their networks. He has told him
that he would like to use some type of hardware device in tandem with a security or identifying pin
number. Adam decides to implement smart cards but they are not cost effective. Which of the
following types of hardware devices will Adam use to implement two-factor authentication?
A. Biometric device
B. One Time Password
C. Proximity cards
D. Security token
Answer: D
Explanation:
QUESTION NO: 21
Maria works as a Network Security Officer for Gentech Inc. She wants to encrypt her network
traffic. The specific requirement for the encryption algorithm is that it must be a symmetric key
block cipher. Which of the following techniques will she use to fulfill this requirement?
A. IDEA
B. PGP
C. DES
D. AES
Answer: C
Explanation:
QUESTION NO: 22
Which of the following protocols uses public-key cryptography to authenticate the remote
computer?
"Pass Any Exam. Any Time." - www.actualtests.com 8
ISC CISSP-ISSAP Exam
A. SSH
B. Telnet
C. SCP
D. SSL
Answer: A
Explanation:
QUESTION NO: 23
Which of the following cryptographic system services ensures that information will not be disclosed
to any unauthorized person on a local network?
A. Authentication
B. Non-repudiation
C. Integrity
D. Confidentiality
Answer: D
Explanation:
QUESTION NO: 24
Which of the following are the examples of technical controls? Each correct answer represents a
complete solution. Choose three.
A. Auditing
B. Network acchitecture
C. System access
D. Data backups
Answer: A,B,C
Explanation:
QUESTION NO: 25
Which of the following tenets does the CIA triad provide for which security practices are
measured? Each correct answer represents a part of the solution. Choose all that apply.
A. Integrity
B. Accountability
"Pass Any Exam. Any Time." - www.actualtests.com 9
ISC CISSP-ISSAP Exam
C. Availability
D. Confidentiality
Answer: A,C,D
Explanation:
QUESTION NO: 26
Which of the following types of attacks cannot be prevented by technical measures only?
A. Social engineering
B. Brute force
C. Smurf DoS
D. Ping flood attack
Answer: A
Explanation:
QUESTION NO: 27
Which of the following attacks can be overcome by applying cryptography?
A. Web ripping
B. DoS
C. Sniffing
D. Buffer overflow
Answer: C
Explanation:
QUESTION NO: 28
Which of the following authentication methods prevents unauthorized execution of code on remote
systems?
A. TACACS
B. S-RPC
C. RADIUS
D. CHAP
Answer: B
"Pass Any Exam. Any Time." - www.actualtests.com 10
ISC CISSP-ISSAP Exam
Explanation:
QUESTION NO: 29
The simplest form of a firewall is a packet filtering firewall. Typically a router works as a packet-
filtering firewall and has the capability to filter on some of the contents of packets. On which of the
following layers of the OSI reference model do these routers filter information? Each correct
answer represents a complete solution. Choose all that apply.
A. Transport layer
B. Physical layer
C. Data Link layer
D. Network layer
Answer: A,D
Explanation:
QUESTION NO: 30
Andrew works as a Network Administrator for Infonet Inc. The company's network has a Web
server that hosts the company's Web site. Andrew wants to increase the security of the Web site
by implementing Secure Sockets Layer (SSL). Which of the following types of encryption does
SSL use? Each correct answer represents a complete solution. Choose two.
A. Synchronous
B. Secret
C. Asymmetric
D. Symmetric
Answer: C,D
Explanation:
QUESTION NO: 31
John works as a professional Ethical Hacker. He has been assigned the project of testing the
security of www.we-are-secure.com. John notices that the We-are-secure network is vulnerable to
a man-in-the-middle attack since the key exchange process of the cryptographic algorithm it is
using does not thenticate participants. Which of the following cryptographic algorithms is being
used by the We-are-secure server?
A. Blowfish
"Pass Any Exam. Any Time." - www.actualtests.com 11
ISC CISSP-ISSAP Exam
B. Twofish
C. RSA
D. Diffie-Hellman
Answer: D
Explanation:
QUESTION NO: 32
Which of the following electrical events shows a sudden drop of power source that can cause a
wide variety of problems on a PC or a network?
A. Blackout
B. Power spike
C. Power sag
D. Power surge
Answer: A
Explanation:
QUESTION NO: 33
Which of the following is the duration of time and a service level within which a business process
must be restored after a disaster in order to avoid unacceptable consequences associated with a
break in business continuity?
A. RCO
B. RTO
C. RPO
D. RTA
Answer: B
Explanation:
QUESTION NO: 34
You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process
to handle the events and incidents. You identify Denial of Service attack (DOS) from a network
linked to your internal enterprise network. Which of the following phases of the Incident handling
process should you follow next to handle this incident?
"Pass Any Exam. Any Time." - www.actualtests.com 12
ISC CISSP-ISSAP Exam
A. Containment
B. Preparation
C. Recovery
D. Identification
Answer: A
Explanation:
QUESTION NO: 35
You have decided to implement video surveillance in your company in order to enhance network
security. Which of the following locations must have a camera in order to provide the minimum
level of security for the network resources? Each correct answer represents a complete solution.
Choose two.
A. Parking lot
B. All hallways
C. Server Rooms
D. All offices
E. All entrance doors
Answer: C,E
Explanation:
QUESTION NO: 36
You work as a Network Administrator for NetTech Inc. You want to have secure communication on
the company's intranet. You decide to use public key and private key pairs. What will you
implement to accomplish this?
A. Microsoft Internet Information Server (IIS)
B. VPN
C. FTP server
D. Certificate server
Answer: D
Explanation:
QUESTION NO: 37
Which of the following protocols is used to compare two values calculated using the Message
Digest (MD5) hashing function?
"Pass Any Exam. Any Time." - www.actualtests.com 13
ISC CISSP-ISSAP Exam
A. CHAP
B. PEAP
C. EAP
D. EAP-TLS
Answer: A
Explanation:
QUESTION NO: 38
Which of the following is a technique used for modifying messages, providing Information and
Cyber security, and reducing the risk of hacking attacks during communications and message
passing over the Internet?
A. Risk analysis
B. OODA loop
C. Cryptography
D. Firewall security
Answer: C
Explanation:
QUESTION NO: 39
Which of the following statements about Public Key Infrastructure (PKI) are true? Each correct
answer represents a complete solution. Choose two.
A. It uses symmetric key pairs.
B. It provides security using data encryption and digital signature.
C. It uses asymmetric key pairs.
D. It is a digital representation of information that identifies users.
Answer: B,C
Explanation:
QUESTION NO: 40
Which of the following types of halon is found in portable extinguishers and is stored as a liquid?
A. Halon-f
B. Halon 1301
"Pass Any Exam. Any Time." - www.actualtests.com 14
ISC CISSP-ISSAP Exam
C. Halon 11
D. Halon 1211
Answer: D
Explanation:
QUESTION NO: 41
Mark has been hired by a company to work as a Network Assistant. He is assigned the task to
configure a dial-up connection. He is configuring a laptop. Which of the following protocols should
he disable to ensure that the password is encrypted during remote access?
A. SPAP
B. MSCHAP
C. PAP
D. MSCHAP V2
Answer: C
Explanation:
QUESTION NO: 42
Which of the following disaster recovery tests includes the operations that shut down at the
primary site, and are shifted to the recovery site according to the disaster recovery plan?
A. Structured walk-through test
B. Simulation test
C. Full-interruption test
D. Parallel test
Answer: C
Explanation:
QUESTION NO: 43
In which of the following network topologies does the data travel around a loop in a single direction
and pass through each device?
A. Ring topology
B. Tree topology
C. Star topology
"Pass Any Exam. Any Time." - www.actualtests.com 15
ISC CISSP-ISSAP Exam
D. Mesh topology
Answer: A
Explanation:
QUESTION NO: 44
You are the Network Administrator for a small business. You need a widely used, but highly
secure hashing algorithm. Which of the following should you choose?
A. AES
B. SHA
C. EAP
D. CRC32
Answer: B
Explanation:
QUESTION NO: 45
Which of the following can be configured so that when an alarm is activated, all doors lock and the
suspect or intruder is caught between the doors in the dead-space?
A. Man trap
B. Biometric device
C. Host Intrusion Detection System (HIDS)
D. Network Intrusion Detection System (NIDS)
Answer: A
Explanation:
QUESTION NO: 46
Which of the following refers to a location away from the computer center where document copies
and backup media are kept?
A. Storage Area network
B. Off-site storage
C. On-site storage
D. Network attached storage
"Pass Any Exam. Any Time." - www.actualtests.com 16
ISC CISSP-ISSAP Exam
Answer: B
Explanation:
QUESTION NO: 47
Which of the following encryption methods does the SSL protocol use in order to provide
communication privacy, authentication, and message integrity? Each correct answer represents a
part of the solution. Choose two.
A. Public key
B. IPsec
C. MS-CHAP
D. Symmetric
Answer: A,D
Explanation:
QUESTION NO: 48
John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from
the company for personal reasons. He wants to send out some secret information of the company.
To do so, he takes an image file and simply uses a tool image hide and embeds the secret file
within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since
he is using the image file to send the data, the mail server of his company is unable to filter this
mail. Which of the following techniques is he performing to accomplish his task?
A. Email spoofing
B. Social engineering
C. Web ripping
D. Steganography
Answer: D
Explanation:
QUESTION NO: 49
Which of the following intrusion detection systems (IDS) monitors network traffic and compares it
against an established baseline?
"Pass Any Exam. Any Time." - www.actualtests.com 17
ISC CISSP-ISSAP Exam
A. Network-based
B. Anomaly-based
C. File-based
D. Signature-based
Answer: B
Explanation:
QUESTION NO: 50
Which of the following are the initial steps required to perform a risk analysis process? Each
correct answer represents a part of the solution. Choose three.
A. Estimate the potential losses to assets by determining their value.
B. Establish the threats likelihood and regularity.
C. Valuations of the critical assets in hard costs.
D. Evaluate potential threats to the assets.
Answer: A,B,D
Explanation:
QUESTION NO: 51
Which of the following protocols uses the Internet key Exchange (IKE) protocol to set up security
associations (SA)?
A. IPSec
B. L2TP
C. LEAP
D. ISAKMP
Answer: D
Explanation:
QUESTION NO: 52
Sam is creating an e-commerce site. He wants a simple security solution that does not require
each customer to have an individual key. Which of the following encryption methods will he use?
"Pass Any Exam. Any Time." - www.actualtests.com 18
ISC CISSP-ISSAP Exam
A. Asymmetric encryption
B. Symmetric encryption
C. S/MIME
D. PGP
Answer: B
Explanation:
QUESTION NO: 53
Computer networks and the Internet are the prime mode of Information transfer today. Which of
the following is a technique used for modifying messages, providing Information and Cyber
security, and reducing the risk of hacking attacks during communications and message passing
over the Internet?
A. Risk analysis
B. Firewall security
C. Cryptography
D. OODA loop
Answer: C
Explanation:
QUESTION NO: 54
An organization wants to allow a certificate authority to gain access to the encrypted data and
create digital signatures on behalf of the user. The data is encrypted using the public key from a
user's certificate. Which of the following processes fulfills the above requirements?
A. Key escrow
B. Key storage
C. Key revocation
D. Key recovery
Answer: A
Explanation:
QUESTION NO: 55
Which of the following are the primary components of a discretionary access control (DAC)
model? Each correct answer represents a complete solution. Choose two.
"Pass Any Exam. Any Time." - www.actualtests.com 19
ISC CISSP-ISSAP Exam
A. User's group
B. File and data ownership
C. Smart card
D. Access rights and permissions
Answer: B,D
Explanation:
QUESTION NO: 56
Which of the following encryption modes can make protocols without integrity protection even
more susceptible to replay attacks, since each block gets decrypted in exactly the same way?
A. Cipher feedback mode
B. Cipher block chaining mode
C. Output feedback mode
D. Electronic codebook mode
Answer: D
Explanation:
QUESTION NO: 57
You work as a technician for Trade Well Inc. The company is in the business of share trading. To
enhance security, the company wants users to provide a third key (apart from ID and password) to
access the company's Web site. Which of the following technologies will you implement to
accomplish the task?
A. Smart cards
B. Key fobs
C. VPN
D. Biometrics
Answer: B
Explanation:
QUESTION NO: 58
Which of the following layers of the OSI model corresponds to the Host-to-Host layer of the
TCP/IP model?
"Pass Any Exam. Any Time." - www.actualtests.com 20
ISC CISSP-ISSAP Exam
A. The transport layer
B. The presentation layer
C. The session layer
D. The application layer
Answer: A
Explanation:
QUESTION NO: 59
You are the Network Administrator for a college. You watch a large number of people (some not
even students) going in and out of areas with campus computers (libraries, computer labs, etc.).
You have had a problem with laptops being stolen. What is the most cost effective method to
prevent this?
A. Smart card access to all areas with computers.
B. Use laptop locks.
C. Video surveillance on all areas with computers.
D. Appoint a security guard.
Answer: B
Explanation:
QUESTION NO: 60
The ATM of a bank is robbed by breaking the ATM machine. Which of the following physical
security devices can now be used for verification and historical analysis of the ATM robbery?
A. Key card
B. Biometric devices
C. Intrusion detection systems
D. CCTV Cameras
Answer: D
Explanation:
QUESTION NO: 61
You have been assigned the task of selecting a hash algorithm. The algorithm will be specifically
used to ensure the integrity of certain sensitive files. It must use a 128 bit hash value. Which of the
following should you use?
"Pass Any Exam. Any Time." - www.actualtests.com 21
ISC CISSP-ISSAP Exam
A. AES
B. SHA
C. MD5
D. DES
Answer: C
Explanation:
QUESTION NO: 62
Which of the following are the countermeasures against a man-in-the-middle attack? Each correct
answer represents a complete solution. Choose all that apply.
A. Using public key infrastructure authentication.
B. Using basic authentication.
C. Using Secret keys for authentication.
D. Using Off-channel verification.
Answer: A,C,D
Explanation:
QUESTION NO: 63
Which of the following is an electrical event shows that there is enough power on the grid to
prevent from a total power loss but there is no enough power to meet the current electrical
demand?
A. Power Surge
B. Power Spike
C. Blackout
D. Brownout
Answer: D
Explanation:
QUESTION NO: 64
Which of the following protocols is designed to efficiently handle high-speed data over wide area
networks (WANs)?
A. PPP
"Pass Any Exam. Any Time." - www.actualtests.com 22
ISC CISSP-ISSAP Exam
B. X.25
C. Frame relay
D. SLIP
Answer: C
Explanation:
QUESTION NO: 65
Which of the following statements best describes a certification authority?
A. A certification authority is a technique to authenticate digital documents by using computer
cryptography.
B. A certification authority is a type of encryption that uses a public key and a private key pair for
data encryption.
C. A certification authority is an entity that issues digital certificates for use by other parties.
D. A certification authority is a type of encryption that uses a single key to encrypt and decrypt
data.
Answer: C
Explanation:
QUESTION NO: 66 CORRECT TEXT
In which of the following alternative processing sites is the backup facility maintained in a constant
order, with a full complement of servers, workstations, and communication links ready to assume
the primary operations responsibility? A. Hot Site B. Mobile Site C. Warm Site D. Cold Site
Answer: A
QUESTION NO: 67
Which of the following should the administrator ensure during the test of a disaster recovery plan?
A. Ensure that the plan works properly
B. Ensure that all the servers in the organization are shut down.
C. Ensure that each member of the disaster recovery team is aware of their responsibility.
D. Ensure that all client computers in the organization are shut down.
Answer: A,C
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 23
ISC CISSP-ISSAP Exam
QUESTION NO: 68
The service-oriented modeling framework (SOMF) provides a common modeling notation to
address alignment between business and IT organizations. Which of the following principles does
the SOMF concentrate on? Each correct answer represents a part of the solution. Choose all that
apply.
A. Disaster recovery planning
B. SOA value proposition
C. Software assets reuse
D. Architectural components abstraction
E. Business traceability
Answer: B,C,D,E
Explanation:
QUESTION NO: 69
You want to connect a twisted pair cable segment to a fiber-optic cable segment. Which of the
following networking devices will you use to accomplish the task?
A. Hub
B. Switch
C. Repeater
D. Router
Answer: C
Explanation:
QUESTION NO: 70
In your office, you are building a new wireless network that contains Windows 2003 servers. To
establish a network for secure communication, you have to implement IPSec security policy on the
servers. What authentication methods can you use for this implementation? Each correct answer
represents a complete solution. Choose all that apply.
A. Public-key cryptography
B. Kerberos
C. Preshared keys
D. Digital certificates
"Pass Any Exam. Any Time." - www.actualtests.com 24
ISC CISSP-ISSAP Exam
Answer: B,C,D
Explanation:
QUESTION NO: 71
Which of the following two components does Kerberos Key Distribution Center (KDC) consist of?
Each correct answer represents a complete solution. Choose two.
A. Data service
B. Ticket-granting service
C. Account service
D. Authentication service
Answer: B,D
Explanation:
QUESTION NO: 72
Kerberos is a computer network authentication protocol that allows individuals communicating
over a non-secure network to prove their identity to one another in a secure manner. Which of the
following statements are true about the Kerberos authentication scheme? Each correct answer
represents a complete solution. Choose all that apply.
A. Kerberos requires continuous availability of a central server.
B. Dictionary and brute force attacks on the initial TGS response to a client may reveal the
subject's passwords.
C. Kerberos builds on Asymmetric key cryptography and requires a trusted third party.
D. Kerberos requires the clocks of the involved hosts to be synchronized.
Answer: A,B,D
Explanation:
QUESTION NO: 73
An organization is seeking to implement a hot site and wants to maintain a live database server at
the backup site. Which of the following solutions will be the best for the organization?
A. Electronic vaulting
B. Remote journaling
"Pass Any Exam. Any Time." - www.actualtests.com 25
ISC CISSP-ISSAP Exam
C. Remote mirroring
D. Transaction logging
Answer: C
Explanation:
QUESTION NO: 74
A helpdesk technician received a phone call from an administrator at a remote branch office. The
administrator claimed to have forgotten the password for the root account on UNIX servers and
asked for it. Although the technician didn't know any administrator at the branch office, the guy
sounded really friendly and since he knew the root password himself, he supplied the caller with
the password. What type of attack has just occurred?
A. Social Engineering attack
B. Brute Force attack
C. War dialing attack
D. Replay attack
Answer: A
Explanation:
QUESTION NO: 75
You work as a Network Administrator of a TCP/IP network. You are having DNS resolution
problem. Which of the following utilities will you use to diagnose the problem?
A. TRACERT
B. PING
C. IPCONFIG
D. NSLOOKUP
Answer: D
Explanation:
QUESTION NO: 76
The IPSec protocol is configured in an organization's network in order to maintain a complete
infrastructure for secured network communications. IPSec uses four components for this. Which of
the following components reduces the size of data transmitted over congested network
connections and increases the speed of such networks without losing data?
"Pass Any Exam. Any Time." - www.actualtests.com 26
ISC CISSP-ISSAP Exam
A. AH
B. ESP
C. IPcomp
D. IKE
Answer: C
Explanation:
QUESTION NO: 77
You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You want to perform the following
tasks: Develop a risk-driven enterprise information security architecture. Deliver security
infrastructure solutions that support critical business initiatives. Which of the following methods will
you use to accomplish these tasks?
A. Service-oriented architecture
B. Sherwood Applied Business Security Architecture
C. Service-oriented modeling framework
D. Service-oriented modeling and architecture
Answer: B
Explanation:
QUESTION NO: 78
A network is configured on a Bus topology. Which of the following conditions could cause a
network failure? Each correct answer represents a complete solution. Choose all that apply.
A. A break in a network cable
B. 75 ohm terminators at open ends
C. A powered off workstation
D. An open-ended cable without terminators
Answer: A,B,D
Explanation:
QUESTION NO: 79
Which of the following is an input device that is used for controlling machines such as cranes,
trucks, underwater unmanned vehicles, wheelchairs, surveillance cameras, and zero turning
radius lawn mowers?
"Pass Any Exam. Any Time." - www.actualtests.com 27
ISC CISSP-ISSAP Exam
A. PS/2
B. Joystick
C. Microphone
D. AGP
Answer: B
Explanation:
QUESTION NO: 80
Which of the following types of attacks is often performed by looking surreptitiously at the
keyboard or monitor of an employee's computer?
A. Buffer-overflow attack
B. Man-in-the-middle attack
C. Shoulder surfing attack
D. Denial-of-Service (DoS) attack
Answer: C
Explanation:
QUESTION NO: 81
A digital signature is a type of public key cryptography. Which of the following statements are true
about digital signatures? Each correct answer represents a complete solution. Choose all that
apply.
A. In order to digitally sign an electronic record, a person must use his/her public key.
B. In order to verify a digital signature, the signer's private key must be used.
C. In order to digitally sign an electronic record, a person must use his/her private key.
D. In order to verify a digital signature, the signer's public key must be used.
Answer: C,D
Explanation:
QUESTION NO: 82
An authentication method uses smart cards as well as usernames and passwords for
authentication. Which of the following authentication methods is being referred to?
"Pass Any Exam. Any Time." - www.actualtests.com 28
ISC CISSP-ISSAP Exam
A. Mutual
B. Anonymous
C. Multi-factor
D. Biometrics
Answer: C
Explanation:
QUESTION NO: 83
You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident
in the network of your company. You develop a signature based on the characteristics of the
detected virus. Which of the following phases in the Incident handling process will utilize the
signature to resolve this incident?
A. Eradication
B. Identification
C. Recovery
D. Containment
Answer: A
Explanation:
QUESTION NO: 84
In which of the following access control models can a user not grant permissions to other users to
see a copy of an object marked as secret that he has received, unless they have the appropriate
permissions?
A. Discretionary Access Control (DAC)
B. Role Based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Access Control List (ACL)
Answer: C
Explanation:
QUESTION NO: 85
Which of the following protocols provides connectionless integrity and data origin authentication of
IP packets?
"Pass Any Exam. Any Time." - www.actualtests.com 29
ISC CISSP-ISSAP Exam
A. ESP
B. AH
C. IKE
D. ISAKMP
Answer: B
Explanation:
QUESTION NO: 86
The network you administer allows owners of objects to manage the access to those objects via
access control lists. This is an example of what type of access control?
A. RBAC
B. MAC
C. CIA
D. DAC
Answer: D
Explanation:
QUESTION NO: 87
Which of the following processes is used to identify relationships between mission critical
applications, processes, and operations and all supporting elements?
A. Critical path analysis
B. Functional analysis
C. Risk analysis
D. Business impact analysis
Answer: A
Explanation:
QUESTION NO: 88
Which of the following devices is a least expensive power protection device for filtering the
electrical stream to control power surges, noise, power sags, and power spikes?
A. Line Conditioner
B. Surge Suppressor
"Pass Any Exam. Any Time." - www.actualtests.com 30
ISC CISSP-ISSAP Exam
C. Uninterrupted Power Supply (UPS)
D. Expansion Bus
Answer: C
Explanation:
QUESTION NO: 89
You work as a Project Manager for Tech Perfect Inc. You are creating a document which
emphasizes the formal study of what your organization is doing currently and where it will be in the
future. Which of the following analysis will help you in accomplishing the task?
A. Cost-benefit analysis
B. Gap analysis
C. Requirement analysis
D. Vulnerability analysis
Answer: B
Explanation:
QUESTION NO: 90
SSH is a network protocol that allows data to be exchanged between two networks using a secure
channel. Which of the following encryption algorithms can be used by the SSH protocol? Each
correct answer represents a complete solution. Choose all that apply.
A. Blowfish
B. DES
C. IDEA
D. RC4
Answer: A,B,C
Explanation:
QUESTION NO: 91
Which of the following firewalls inspects the actual contents of packets?
A. Packet filtering firewall
B. Stateful inspection firewall
C. Application-level firewall
"Pass Any Exam. Any Time." - www.actualtests.com 31
ISC CISSP-ISSAP Exam
D. Circuit-level firewall
Answer: C
Explanation:
QUESTION NO: 92
Which of the following statements about incremental backup are true? Each correct answer
represents a complete solution. Choose two.
A. It is the fastest method of backing up data.
B. It is the slowest method for taking a data backup.
C. It backs up the entire database, including the transaction log.
D. It backs up only the files changed since the most recent backup and clears the archive bit.
Answer: A,D
Explanation:
QUESTION NO: 93
You work as a Network Administrator for Blue Bell Inc. The company has a TCP-based network.
The company has two offices in different cities. The company wants to connect the two offices by
using a public network. You decide to configure a virtual private network (VPN) between the
offices. Which of the following protocols is used by VPN for tunneling?
A. L2TP
B. HTTPS
C. SSL
D. IPSec
Answer: A
Explanation:
QUESTION NO: 94
John works as a Network Administrator for NetPerfect Inc. The company has a Windows-based
network. John has been assigned a project to build a network for the sales department of the
company. It is important for the LAN to continue working even if there is a break in the cabling.
Which of the following topologies should John use to accomplish the task?
A. Star
"Pass Any Exam. Any Time." - www.actualtests.com 32
ISC CISSP-ISSAP Exam
B. Mesh
C. Bus
D. Ring
Answer: B
Explanation:
Topic 2, Volume B
QUESTION NO: 95
Which of the following encryption algorithms are based on block ciphers?
A. RC4
B. Twofish
C. Rijndael
D. RC5
Answer: B,C,D
Explanation:
QUESTION NO: 96
Adam works as a Network Administrator. He discovers that the wireless AP transmits 128 bytes of
plaintext, and the station responds by encrypting the plaintext. It then transmits the resulting
ciphertext using the same key and cipher that are used by WEP to encrypt subsequent network
traffic. Which of the following types of authentication mechanism is used here?
A. Pre-shared key authentication
B. Open system authentication
C. Shared key authentication
D. Single key authentication
Answer: C
Explanation:
QUESTION NO: 97
The OSI model is the most common networking model used in the industry. Applications, network
"Pass Any Exam. Any Time." - www.actualtests.com 33
ISC CISSP-ISSAP Exam
functions, and protocols are typically referenced using one or more of the seven OSI layers. Of the
following, choose the two best statements that describe the OSI layer functions. Each correct
answer represents a complete solution. Choose two.
A. Layers 1 and 2 deal with application functionality and data formatting. These layers reside at
the top of the model.
B. Layers 4 through 7 define the functionality of IP Addressing, Physical Standards, and Data Link
protocols.
C. Layers 5, 6, and 7 focus on the Network Application, which includes data formatting and
session control.
D. Layers 1, 2, 3, and 4 deal with physical connectivity, encapsulation, IP Addressing, and Error
Recovery. These layers define the end-to-end functions of data delivery.
Answer: C,D
Explanation:
QUESTION NO: 98
Which of the following is the technology of indoor or automotive environmental comfort?
A. HIPS
B. HVAC
C. NIPS
D. CCTV
Answer: B
Explanation:
QUESTION NO: 99
Which of the following protocols provides certificate-based authentication for virtual private
networks (VPNs)?
A. PPTP
B. SMTP
C. HTTPS
D. L2TP
Answer: D
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 34
ISC CISSP-ISSAP Exam
QUESTION NO: 100
Which of the following types of ciphers are included in the historical ciphers? Each correct answer
represents a complete solution. Choose two.
A. Block ciphers
B. Transposition ciphers
C. Stream ciphers
D. Substitution ciphers
Answer: B,D
Explanation:
QUESTION NO: 101
John works as a security manager for SoftTech Inc. He is working with his team on the disaster
recovery management plan. One of his team members has a doubt related to the most cost
effective DRP testing plan. According to you, which of the following disaster recovery testing plans
is the most cost-effective and efficient way to identify areas of overlap in the plan before
conducting more demanding training exercises?
A. Evacuation drill
B. Walk-through drill
C. Structured walk-through test
D. Full-scale exercise
Answer: C
Explanation:
QUESTION NO: 102
Which of the following security protocols provides confidentiality, integrity, and authentication of
network traffic with end-to-end and intermediate-hop security?
A. IPSec
B. SET
C. SWIPE
D. SKIP
Answer: C
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 35
ISC CISSP-ISSAP Exam
QUESTION NO: 103
You are calculating the Annualized Loss Expectancy (ALE) using the following formula: ALE=AV *
EF * ARO What information does the AV (Asset Value) convey?
A. It represents how many times per year a specific threat occurs.
B. It represents the percentage of loss that an asset experiences if an anticipated threat occurs.
C. It is expected loss for an asset due to a risk over a one year period.
D. It represents the total cost of an asset, including the purchase price, recurring maintenance,
expenses, and all other costs.
Answer: D
Explanation:
QUESTION NO: 104
You work as a Network Administrator for NetTech Inc. When you enter http://66.111.64.227 in the
browser's address bar, you are able to access the site. But, you are unable to access the site
when you enter http://www.company.com. What is the most likely cause?
A. The site's Web server is offline.
B. The site's Web server has heavy traffic.
C. WINS server has no NetBIOS name entry for the server.
D. DNS entry is not available for the host name.
Answer: D
Explanation:
QUESTION NO: 105
In software development, which of the following analysis is used to document the services and
functions that have been accidentally left out, deliberately eliminated or still need to be developed?
A. Gap analysis
B. Requirement analysis
C. Cost-benefit analysis
D. Vulnerability analysis
Answer: A
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 36
ISC CISSP-ISSAP Exam
QUESTION NO: 106
Which of the following processes identifies the threats that can impact the business continuity of
operations?
A. Function analysis
B. Risk analysis
C. Business impact analysis
D. Requirement analysis
Answer: C
Explanation:
QUESTION NO: 107
What are the benefits of using AAA security service in a network? Each correct answer represents
a part of the solution. Choose all that apply.
A. It provides scalability.
B. It supports a single backup system.
C. It increases flexibility and control of access configuration.
D. It supports RADIUS, TACACS+, and Kerberos authentication methods.
Answer: A,C,D
Explanation:
QUESTION NO: 108
In which of the following SDLC phases are the software and other components of the system
faithfully incorporated into the design specifications?
A. Programming and training
B. Evaluation and acceptance
C. Definition
D. Initiation
Answer: A
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 37
ISC CISSP-ISSAP Exam
QUESTION NO: 109
Which of the following life cycle modeling activities establishes service relationships and message
exchange paths?
A. Service-oriented logical design modeling
B. Service-oriented conceptual architecture modeling
C. Service-oriented discovery and analysis modeling
D. Service-oriented business integration modeling
Answer: A
Explanation:
QUESTION NO: 110
Which of the following authentication methods support mutual authentication? Each correct
answer represents a complete solution. Choose two.
A. MS-CHAP v2
B. NTLM
C. EAP-MD5
D. EAP-TLS
Answer: A,D
Explanation:
QUESTION NO: 111
Which of the following keys is derived from a preshared key and Extensible Authentication
Protocol (EAP)?
A. Pairwise Transient Key
B. Group Temporal Key
C. Private Key
D. Pairwise Master Key
Answer: D
Explanation:
QUESTION NO: 112
Which of the following schemes is used by the Kerberos authentication?
"Pass Any Exam. Any Time." - www.actualtests.com 38
ISC CISSP-ISSAP Exam
A. Public key cryptography
B. One time password
C. Private key cryptography
D. OPIE
Answer: C
Explanation:
QUESTION NO: 113
You are advising a school district on disaster recovery plans. In case a disaster affects the main IT
centers for the district they will need to be able to work from an alternate location. However,
budget is an issue. Which of the following is most appropriate for this client?
A. Warm site
B. Cold site
C. Off site
D. Hot site
Answer: B
Explanation:
QUESTION NO: 114
Which of the following are the centralized administration technologies? Each correct answer
represents a complete solution. Choose all that apply.
A. RADIUS
B. TACACS+
C. Media Access control
D. Peer-to-Peer
Answer: A,B
Explanation:
QUESTION NO: 115
You are implementing some security services in an organization, such as smart cards, biometrics,
access control lists, firewalls, intrusion detection systems, and clipping levels. Which of the
following categories of implementation of the access control includes all these security services?
"Pass Any Exam. Any Time." - www.actualtests.com 39
ISC CISSP-ISSAP Exam
A. Administrative access control
B. Logical access control
C. Physical access control
D. Preventive access control
Answer: B
Explanation:
QUESTION NO: 116
You work as a Network Administrator for Net World Inc. You are required to configure a VLAN for
the company. Which of the following devices will you use to physically connect the computers in
the VLAN? Each correct answer represents a complete solution. Choose two.
A. Switch
B. Router
C. Bridge
D. Hub E. Repeater
Answer: A,B
Explanation:
QUESTION NO: 117
Which of the following protocols work at the Network layer of the OSI model?
A. Routing Information Protocol (RIP)
B. File Transfer Protocol (FTP)
C. Simple Network Management Protocol (SNMP)
D. Internet Group Management Protocol (IGMP)
Answer: A,D
Explanation:
QUESTION NO: 118
Which of the following are used to suppress paper or wood fires? Each correct answer represents
a complete solution. Choose two.
A. Soda acid
B. Kerosene
"Pass Any Exam. Any Time." - www.actualtests.com 40
ISC CISSP-ISSAP Exam
C. Water
D. CO2
Answer: A,C
Explanation:
QUESTION NO: 119
Mark works as a Network Administrator for NetTech Inc. He wants to connect the company's
headquarter and its regional offices using a WAN technology. For this, he uses packet-switched
connection. Which of the following WAN technologies will Mark use to connect the offices? Each
correct answer represents a complete solution. Choose two.
A. ISDN
B. X.25
C. Frame Relay
D. Leased line
Answer: B,C
Explanation:
QUESTION NO: 120
Fill in the blank with the appropriate security method. ____________ is a system, which enables
an authority to control access to areas and resources in a given physical facility, or computer-
based information system.
A. Access control
Answer: A
Explanation:
QUESTION NO: 121
In which of the following types of tests are the disaster recovery checklists distributed to the
members of disaster recovery team and asked to review the assigned checklist?
A. Parallel test
B. Simulation test
C. Full-interruption test
D. Checklist test
"Pass Any Exam. Any Time." - www.actualtests.com 41
ISC CISSP-ISSAP Exam
Answer: D
Explanation:
QUESTION NO: 122
Which of the following heights of fence deters only casual trespassers?
A. 8 feet
B. 3 to 4 feet
C. 2 to 2.5 feet
D. 6 to 7 feet
Answer: B
Explanation:
QUESTION NO: 123
In which of the following cryptographic attacking techniques does an attacker obtain encrypted
messages that have been encrypted using the same encryption algorithm?
A. Chosen plaintext attack
B. Ciphertext only attack
C. Chosen ciphertext attack
D. Known plaintext attack
Answer: B
Explanation:
QUESTION NO: 124
Which of the following terms related to risk management represents the estimated frequency at
which a threat is expected to occur?
A. Safeguard
B. Annualized Rate of Occurrence (ARO)
C. Single Loss Expectancy (SLE)
D. Exposure Factor (EF)
Answer: B
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 42
ISC CISSP-ISSAP Exam
QUESTION NO: 125
You work as a Chief Security Officer for Tech Perfect Inc. The company has a TCP/IP based
network. You want to use a firewall that can track the state of active connections of the network
and then determine which network packets are allowed to enter through the firewall. Which of the
following firewalls has this feature?
A. Stateful packet inspection firewall
B. Proxy-based firewall
C. Dynamic packet-filtering firewall
D. Application gateway firewall
Answer: C
Explanation:
QUESTION NO: 126
Fill in the blank with the appropriate security device. ___________ is a device that contains a
physical mechanism or electronic sensor that quantifies motion that can be either integrated with
or connected to other devices that alert the user of the presence of a moving object within the field
of view.
A. Motion detector
Answer: A
Explanation:
QUESTION NO: 127
Which of the following uses a Key Distribution Center (KDC) to authenticate a principle?
A. CHAP
B. PAP
C. Kerberos
D. TACACS
Answer: C
Explanation:
QUESTION NO: 128
"Pass Any Exam. Any Time." - www.actualtests.com 43
ISC CISSP-ISSAP Exam
Which of the following is a network service that stores and organizes information about a network
users and network resources and that allows administrators to manage users' access to the
resources?
A. SMTP service
B. Terminal service
C. Directory service
D. DFS service
Answer: C
Explanation:
QUESTION NO: 129
You work as a Network Administrator for Net Soft Inc. You are designing a data backup plan for
your company's network. The backup policy of the company requires high security and easy
recovery of data. Which of the following options will you choose to accomplish this?
A. Take a full backup daily and use six-tape rotation.
B. Take a full backup on Monday and a differential backup on each of the following weekdays.
Keep Monday's backup offsite.
C. Take a full backup daily with the previous night's tape taken offsite.
D. Take a full backup on alternate days and keep rotating the tapes.
E. Take a full backup on Monday and an incremental backup on each of the following weekdays.
Keep Monday's backup offsite.
F. Take a full backup daily with one tape taken offsite weekly.
Answer: C
Explanation:
QUESTION NO: 130
Which of the following are types of asymmetric encryption algorithms? Each correct answer
represents a complete solution. Choose two.
A. RSA
B. AES
C. ECC
D. DES
Answer: A,C
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 44
ISC CISSP-ISSAP Exam
QUESTION NO: 131
Which of the following attacks allows the bypassing of access control lists on servers or routers,
and helps an attacker to hide? Each correct answer represents a complete solution. Choose two.
A. DNS cache poisoning
B. MAC spoofing
C. IP spoofing attack
D. DDoS attack
Answer: B,C
Explanation:
QUESTION NO: 132
You are the Network Administrator at a large company. Your company has a lot of contractors and
other outside parties that come in and out of the building. For this reason you are concerned that
simply having usernames and passwords is not enough and want to have employees use tokens
for authentication. Which of the following is not an example of tokens?
A. Smart card
B. USB device with cryptographic data
C. CHAP
D. Key fob
Answer: C
Explanation:
QUESTION NO: 133
Which of the following LAN protocols use token passing for exchanging signals among various
stations on the network? Each correct answer represents a complete solution. Choose two.
A. Ethernet (IEEE 802.3)
B. Token ring (IEEE 802.5)
C. Fiber Distributed Data Interface (FDDI)
D. Wireless LAN (IEEE 802.11b)
Answer: B,C
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 45
ISC CISSP-ISSAP Exam
QUESTION NO: 134
Which of the following components come under the network layer of the OSI model? Each correct
answer represents a complete solution. Choose two.
A. Routers
B. MAC addresses
C. Firewalls
D. Hub
Answer: A,C
Explanation:
QUESTION NO: 135
Which of the following are examples of physical controls used to prevent unauthorized access to
sensitive materials?
A. Thermal alarm systems
B. Security Guards
C. Closed circuit cameras
D. Encryption
Answer: A,B,C
Explanation:
QUESTION NO: 136
At which of the following layers of the Open System Interconnection (OSI) model the Internet
Control Message Protocol (ICMP) and the Internet Group Management Protocol (IGMP) work?
A. The Physical layer
B. The Data-Link layer
C. The Network layer
D. The Presentation layer
Answer: C
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 46
ISC CISSP-ISSAP Exam
QUESTION NO: 137
Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS)
to encrypt the data stored on a disk on a file-by-file basis?
A. Twofish
B. Digital certificates
C. Public key
D. RSA
Answer: B,C
Explanation:
QUESTION NO: 138
Which of the following statements about Discretionary Access Control List (DACL) is true?
A. It specifies whether an audit activity should be performed when an object attempts to access a
resource.
B. It is a unique number that identifies a user, group, and computer account.
C. It is a list containing user accounts, groups, and computers that are allowed (or denied) access
to the object.
D. It is a rule list containing access control entries.
Answer: C
Explanation:
QUESTION NO: 139
Which of the following methods will allow data to be sent on the Internet in a secure format?
A. Serial Line Interface Protocol
B. Point-to-Point Protocol
C. Browsing
D. Virtual Private Networks
Answer: D
Explanation:
QUESTION NO: 140
Which of the following are used to suppress electrical and computer fires? Each correct answer
"Pass Any Exam. Any Time." - www.actualtests.com 47
ISC CISSP-ISSAP Exam
represents a complete solution. Choose two.
A. Halon
B. Water
C. CO2
D. Soda acid
Answer: A,C
Explanation:
QUESTION NO: 141
Which of the following are natural environmental threats that an organization faces? Each correct
answer represents a complete solution. Choose two.
A. Strikes
B. Floods
C. Accidents
D. Storms
Answer: B,D
Explanation:
QUESTION NO: 142
Which of the following keys are included in a certificate revocation list (CRL) of a public key
infrastructure (PKI)? Each correct answer represents a complete solution. Choose two.
A. A foreign key
B. A private key
C. A public key
D. A primary key
Answer: B,C
Explanation:
QUESTION NO: 143
Which of the following SDLC phases consists of the given security controls: Misuse Case
Modeling Security Design and Architecture Review Threat and Risk Modeling Security
Requirements and Test Cases Generation
"Pass Any Exam. Any Time." - www.actualtests.com 48
ISC CISSP-ISSAP Exam
A. Design
B. Maintenance
C. Deployment
D. Requirements Gathering
Answer: A
Explanation:
QUESTION NO: 144
A company named Money Builders Inc., hires you to provide consultancy for setting up their
Windows network. The company's server room will be in a highly secured environment. You are
required to suggest an authentication method for it. The CFO of the company wants the server to
use thumb impressions for authentication. Which of the following authentication methods will you
suggest?
A. Certificate
B. Smart card
C. Two-factor
D. Biometrics
Answer: D
Explanation:
QUESTION NO: 145
You are the Security Consultant and have been contacted by a client regarding their encryption
and hashing algorithms. Their in-house network administrator tells you that their current hashing
algorithm is an older one with known weaknesses and is not collision resistant.Which algorithm
are they most likely using for hashing?
A. PKI
B. SHA
C. Kerberos
D. MD5
Answer: D
Explanation:
QUESTION NO: 146
You work as a Network Administrator for Net Perfect Inc. The company has a Linux-based
"Pass Any Exam. Any Time." - www.actualtests.com 49
ISC CISSP-ISSAP Exam
network. You need to configure a firewall for the company. The firewall should be able to keep
track of the state of network connections traveling across the network. Which of the following types
of firewalls will you configure to accomplish the task?
A. Stateful firewall
B. Host-based application firewall
C. A network-based application layer firewall
D. An application firewall
Answer: A
Explanation:
QUESTION NO: 147
Shoulder surfing is a type of in-person attack in which the attacker gathers information about the
premises of an organization. This attack is often performed by looking surreptitiously at the
keyboard of an employee's computer while he is typing in his password at any access point such
as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?
A. Integrity
B. Availability
C. Authenticity
D. Confidentiality
Answer: D
Explanation:
QUESTION NO: 148
Which of the following plans is designed to protect critical business processes from natural or
man-made failures or disasters and the resultant loss of capital due to the unavailability of normal
business processes?
A. Disaster recovery plan
B. Contingency plan
C. Business continuity plan
D. Crisis communication plan
Answer: C
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 50
ISC CISSP-ISSAP Exam
QUESTION NO: 149
Which of the following processes is used by remote users to make a secure connection to internal
resources after establishing an Internet connection?
A. Spoofing
B. Packet sniffing
C. Tunneling
D. Packet filtering
Answer: C
Explanation:
QUESTION NO: 150
You work as a Security Manager for Tech Perfect Inc. A number of people are involved with you in
the DRP efforts. You have maintained several different types of plan documents, intended for
different audiences. Which of the following documents will be useful for you as well as public
relations personnel who require a non-technical perspective on the entire organization's disaster
recovery efforts?
A. Technical guide
B. Executive summary
C. Checklist
D. Department-specific plan
Answer: B
Explanation:
QUESTION NO: 151
Which of the following protects against unauthorized access to confidential information via
encryption and works at the network layer?
A. Firewall
B. NAT
C. MAC address
D. IPSec
Answer: D
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 51
ISC CISSP-ISSAP Exam
QUESTION NO: 152
Which of the following statements are true about Public-key cryptography? Each correct answer
represents a complete solution. Choose two.
A. Data encrypted with the secret key can only be decrypted by another secret key.
B. The secret key can encrypt a message, and anyone with the public key can decrypt it.
C. The distinguishing technique used in public key-private key cryptography is the use of
symmetric key algorithms.
D. Data encrypted by the public key can only be decrypted by the secret key.
Answer: B,D
Explanation:
QUESTION NO: 153
Which of the following backup types backs up files that have been added and all data that have
been modified since the most recent backup was performed?
A. Differential backup
B. Incremental backup
C. Daily backup
D. Full backup
Answer: B
Explanation:
QUESTION NO: 154
You are responsible for security at a hospital. Since many computers are accessed by multiple
employees 24 hours a day, 7 days a week, controlling physical access to computers is very
difficult. This is compounded by a high number of non employees moving through the building.
You are concerned about unauthorized access to patient records. What would best solve this
problem?
A. The use of CHAP.
B. Time of day restrictions.
C. The use of smart cards.
D. Video surveillance of all computers.
Answer: C
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 52
ISC CISSP-ISSAP Exam
QUESTION NO: 155
In which of the following cryptographic attacking techniques does the attacker pick up the
information to be encrypted and take a copy of it with the encrypted data?
A. Chosen ciphertext attack
B. Known plaintext attack
C. Chosen plaintext attack
D. Ciphertext only attack
Answer: C
Explanation:
QUESTION NO: 156
Which of the following are the goals of a public key infrastructure (PKI)? Each correct answer
represents a part of the solution. Choose all that apply.
A. Authenticity
B. Globalization
C. Mobility
D. Integrity
E. Confidentiality
F. Nonrepudiation
Answer: A,D,E,F
Explanation:
QUESTION NO: 157
Which of the following encryption modes has the property to allow many error correcting codes to
function normally even when applied before encryption?
A. OFB mode
B. CFB mode
C. CBC mode
D. PCBC mode
Answer: A
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 53
ISC CISSP-ISSAP Exam
QUESTION NO: 158
In which of the following phases of the SDLC does the software and other components of the
system faithfully incorporate the design specifications and provide proper documentation and
training?
A. Initiation
B. Programming and training
C. Design
D. Evaluation and acceptance
Answer: B
Explanation:
QUESTION NO: 159
You are the administrator for YupNo.com. You want to increase and enhance the security of your
computers and simplify deployment. You are especially concerned with any portable computers
that are used by remote employees. What can you use to increase security, while still allowing
your users to perform critical tasks?
A. BitLocker
B. Smart Cards
C. Service Accounts
D. AppLocker
Answer: B
Explanation:
QUESTION NO: 160
You have just set up a wireless network for customers at a coffee shop. Which of the following are
good security measures to implement? Each correct answer represents a complete solution.
Choose two.
A. MAC filtering the router
B. Not broadcasting SSID
C. Using WEP encryption
D. Using WPA encryption
"Pass Any Exam. Any Time." - www.actualtests.com 54
ISC CISSP-ISSAP Exam
Answer: C,D
Explanation:
QUESTION NO: 161
Which of the following protocols provides the highest level of VPN security with a VPN connection
that uses the L2TP protocol?
A. IPSec
B. PPPoE
C. PPP
D. TFTP
Answer: A
Explanation:
QUESTION NO: 162
Which of the following encryption methods comes under symmetric encryption algorithm? Each
correct answer represents a complete solution. Choose three.
A. DES
B. Blowfish
C. RC5
D. Diffie-Hellman
Answer: A,B,C
Explanation:
QUESTION NO: 163
Which of the following uses public key cryptography to encrypt the contents of files?
A. EFS
B. DFS
C. NTFS
D. RFS
Answer: A
"Pass Any Exam. Any Time." - www.actualtests.com 55
ISC CISSP-ISSAP Exam
Explanation:
QUESTION NO: 164
An access control secures the confidentiality, integrity, and availability of the information and data
of an organization. In which of the following categories can you deploy the access control? Each
correct answer represents a part of the solution. Choose all that apply.
A. Detective access control
B. Corrective access control
C. Administrative access control
D. Preventive access control
Answer: A,B,D
Explanation:
QUESTION NO: 165
You are the Network Administrator for a bank. In addition to the usual security issues, you are
concerned that your customers could be the victim of phishing attacks that use fake bank Web
sites. Which of the following would protect against this?
A. MAC
B. Mutual authentication
C. Three factor authentication
D. Two factor authentication
Answer: B
Explanation:
QUESTION NO: 166
You are responsible for security at a defense contracting firm. You are evaluating various possible
encryption algorithms to use. One of the algorithms you are examining is not integer based, uses
shorter keys, and is public key based. What type of algorithm is this?
A. Symmetric
B. None - all encryptions are integer based.
C. Elliptic Curve
D. RSA
"Pass Any Exam. Any Time." - www.actualtests.com 56
ISC CISSP-ISSAP Exam
Answer: C
Explanation:
QUESTION NO: 167
Single Loss Expectancy (SLE) represents an organization's loss from a single threat. Which of the
following formulas best describes the Single Loss Expectancy (SLE)?
A. SLE = Asset Value (AV) * Exposure Factor (EF)
B. SLE = Asset Value (AV) * Annualized Rate of Occurrence (ARO)
C. SLE = Annualized Loss Expectancy (ALE) * Annualized Rate of Occurrence (ARO)
D. SLE = Annualized Loss Expectancy (ALE) * Exposure Factor (EF)
Answer: A
Explanation:
QUESTION NO: 168
Which of the following are man-made threats that an organization faces? Each correct answer
represents a complete solution. Choose three.
A. Theft
B. Employee errors
C. Strikes
D. Frauds
Answer: A,B,D
Explanation:
QUESTION NO: 169
Which of the following methods for identifying appropriate BIA interviewees' includes examining
the organizational chart of the enterprise to understand the functional positions?
A. Executive management interviews
B. Overlaying system technology
C. Organizational chart reviews
D. Organizational process models
Answer: C
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 57
ISC CISSP-ISSAP Exam
QUESTION NO: 170
Which of the following describes the acceptable amount of data loss measured in time?
A. Recovery Consistency Objective (RCO)
B. Recovery Time Objective (RTO)
C. Recovery Point Objective (RPO)
D. Recovery Time Actual (RTA)
Answer: C
Explanation:
QUESTION NO: 171
In which of the following access control models, owner of an object decides who is allowed to
access the object and what privileges they have?
A. Access Control List (ACL)
B. Mandatory Access Control (MAC)
C. Role Based Access Control (RBAC)
D. Discretionary Access Control (DAC)
Answer: D
Explanation:
QUESTION NO: 172
Which of the following is the process of finding weaknesses in cryptographic algorithms and
obtaining the plaintext or key from the ciphertext?
A. Kerberos
B. Cryptography
C. Cryptographer
D. Cryptanalysis
Answer: D
Explanation:
QUESTION NO: 173
"Pass Any Exam. Any Time." - www.actualtests.com 58
ISC CISSP-ISSAP Exam
Which of the following encryption algorithms is used by the Clipper chip, which supports the
escrowed encryption standard?
A. Skipjack
B. Blowfish
C. AES
D. IDEA
Answer: A
Explanation:
QUESTION NO: 174
Which of the following statements about Network Address Translation (NAT) are true? Each
correct answer represents a complete solution. Choose three.
A. It hides the internal IP addressing scheme.
B. It protects network from the password guessing attacks.
C. It is used to connect private networks to the public Internet.
D. It shares public Internet addresses with a large number of internal network clients.
Answer: A,C,D
Explanation:
QUESTION NO: 175
An organization has implemented a hierarchical-based concept of privilege management in which
administrators have full access, HR managers have less permission than the administrators, and
data entry operators have no access to resources. Which of the following access control models is
implemented in the organization?
A. Role-based access control (RBAC)
B. Network-based access control (NBAC)
C. Mandatory Access Control (MAC)
D. Discretionary access control (DAC)
Answer: A
Explanation:
QUESTION NO: 176
"Pass Any Exam. Any Time." - www.actualtests.com 59
ISC CISSP-ISSAP Exam
Which of the following Incident handling process phases is responsible for defining rules,
collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?
A. Eradication phase
B. Recovery phase
C. Containment phase
D. Preparation phase
E. Identification phase
Answer: D
Explanation:
QUESTION NO: 177
Which of the following is an entry in an object's discretionary access control list (DACL) that grants
permissions to a user or group?
A. Access control entry (ACE)
B. Discretionary access control entry (DACE)
C. Access control list (ACL)
D. Security Identifier (SID)
Answer: A
Explanation:
QUESTION NO: 178
Access control systems enable an authority to control access to areas and resources in a given
physical facility or computer-based information system. Which of the following services provided
by access control systems is used to determine what a subject can do?
A. Authentication
B. Authorization
C. Accountability
D. Identification
Answer: B
Explanation:
QUESTION NO: 179
"Pass Any Exam. Any Time." - www.actualtests.com 60
ISC CISSP-ISSAP Exam
You work as a Security Manager for Tech Perfect Inc. The management tells you to implement a
hashing method in the organization that can resist forgery and is not open to the man-in-the-
middle attack. Which of the following methods will you use to accomplish the task?
A. MD
B. NTLM
C. MAC
D. SHA
Answer: C
Explanation:
QUESTION NO: 180
You work as a Network Administrator for company Inc. The company has deployed an ASA at the
network perimeter. Which of the following types of firewall will you use to create two different
communications, one between the client and the firewall, and the other between the firewall and
the end server?
A. Stateful firewall
B. Endian firewall
C. Packet filter firewall
D. Proxy-based firewall
Answer: D
Explanation:
QUESTION NO: 181
You are the Security Administrator for a consulting firm. One of your clients needs to encrypt
traffic. However, he has specific requirements for the encryption algorithm. It must be a symmetric
key block cipher. Which of the following should you choose for this client?
A. PGP
B. SSH
C. DES
D. RC4
Answer: C
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 61
ISC CISSP-ISSAP Exam
QUESTION NO: 182
You work as an administrator for Techraft Inc. Employees of your company create 'products',
which are supposed to be given different levels of access. You need to configure a security policy
in such a way that an employee (producer of the product) grants accessing privileges (such as
read, write, or alter) for his product. Which of the following access control models will you use to
accomplish this task?
A. Discretionary access control (DAC)
B. Role-based access control (RBAC)
C. Mandatory access control (MAC)
D. Access control list (ACL)
Answer: A
Explanation:
QUESTION NO: 183
Which of the following decides access control on an object in the mandatory access control (MAC)
environment?
A. Sensitivity label
B. Event log
C. System Access Control List (SACL)
D. Security log
Answer: A
Explanation:
QUESTION NO: 184
Which of the following protocols should a Chief Security Officer configure in the network of his
company to protect sessionless datagram protocols?
A. SWIPE
B. S/MIME
C. SKIP
D. SLIP
Answer: C
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 62
ISC CISSP-ISSAP Exam
QUESTION NO: 185
Which of the following protocols supports encapsulation of encrypted packets in secure wrappers
that can be transmitted over a TCP/IP connection?
A. PPTP
B. UDP
C. IPSec
D. PAP
Answer: A
Explanation:
QUESTION NO: 186
You work as a remote support technician. A user named Rick calls you for support. Rick wants to
connect his LAN connection to the Internet. Which of the following devices will you suggest that he
use?
A. Hub
B. Repeater
C. Bridge
D. Switch
E. Router
Answer: E
Explanation:
QUESTION NO: 187
Which of the following user authentications are supported by the SSH-1 protocol but not by the
SSH-2 protocol? Each correct answer represents a complete solution. Choose all that apply.
A. TIS authentication
B. Rhosts (rsh-style) authentication
C. Kerberos authentication
D. Password-based authentication
Answer: A,B,C
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 63
ISC CISSP-ISSAP Exam
QUESTION NO: 188
Fill in the blank with the appropriate encryption system. The ______ encryption system is an
asymmetric key encryption algorithm for the public-key cryptography, which is based on the Diffie-
Hellman key agreement.
A. ElGamal
Answer: A
Explanation:
QUESTION NO: 189
You are the Network Administrator for a large corporate network. You want to monitor all network
traffic on your local network for suspicious activities and receive a notification when a possible
attack is in process. Which of the following actions will you take for this?
A. Install a network-based IDS
B. Install a host-based IDS
C. Install a DMZ firewall
D. Enable verbose logging on the firewall
Answer: A
Explanation:
QUESTION NO: 190
You work as a Network Administrator for McRoberts Inc. You are expanding your company's
network. After you have implemented the network, you test the connectivity to a remote host by
using the PING command. You get the ICMP echo reply message from the remote host. Which of
the following layers of the OSI model are tested through this process? Each correct answer
represents a complete solution. Choose all that apply.
A. Layer 3
B. Layer 2
C. Layer 4
D. Layer 1
Answer: A,B,D
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 64
ISC CISSP-ISSAP Exam
QUESTION NO: 191
In which of the following Person-to-Person social engineering attacks does an attacker pretend to
be an outside contractor, delivery person, etc., in order to gain physical access to the
organization?
A. In person attack
B. Third-party authorization attack
C. Impersonation attack
D. Important user posing attack
Answer: C
Explanation:
QUESTION NO: 192
You work as a Chief Security Officer for Tech Perfect Inc. The company has an internal room
without any window and is totally in darkness. For security reasons, you want to place a device in
the room. Which of the following devices is best for that room?
A. Photoelectric motion detector
B. Badge
C. Closed-circuit television
D. Alarm
Answer: A
Explanation:
QUESTION NO: 193
John works as an Ethical Hacker for company Inc. He wants to find out the ports that are open in
company's server using a port scanner. However, he does not want to establish a full TCP
connection. Which of the following scanning techniques will he use to accomplish this task?
A. TCP FIN
B. Xmas tree
C. TCP SYN/ACK
D. TCP SYN
Answer: D
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 65
ISC CISSP-ISSAP Exam
QUESTION NO: 194
Which of the following layers of the OSI model provides non-repudiation services?
A. The application layer
B. The data-link layer
C. The presentation layer
D. The physical layer
Answer: A
Explanation:
QUESTION NO: 195
You work as a Network Administrator for McNeil Inc. The company has a TCP/IP-based network.
Performance of the network is slow because of heavy traffic. A hub is used as a central connecting
device in the network. Which of the following devices can be used in place of a hub to control the
network traffic efficiently?
A. Repeater
B. Bridge
C. Switch
D. Router
Answer: C
Explanation:
QUESTION NO: 196
Which of the following categories of access controls is deployed in the organization to prevent all
direct contacts with systems?
A. Detective access control
B. Physical access control
C. Technical access control
D. Administrative access control
Answer: B
Explanation:
QUESTION NO: 197
"Pass Any Exam. Any Time." - www.actualtests.com 66
ISC CISSP-ISSAP Exam
Which of the following is an infrastructure system that allows the secure exchange of data over an
unsecured network?
A. PMK
B. PTK
C. PKI
D. GTK
Answer: C
Explanation:
QUESTION NO: 198
Which of the following algorithms is found to be suitable for both digital signature and encryption?
A. SHA-1
B. MD5
C. AES
D. RSA
Answer: D
Explanation:
QUESTION NO: 199
Which of the following is responsible for maintaining certificates in a public key infrastructure
(PKI)?
A. Domain Controller
B. Certificate User
C. Certification Authority
D. Internet Authentication Server
Answer: C
Explanation:
QUESTION NO: 200
Which of the following authentication methods is based on physical appearance of a user?
A. Key fob
"Pass Any Exam. Any Time." - www.actualtests.com 67
ISC CISSP-ISSAP Exam
B. Biometrics
C. ID/password combination
D. Smart card
Answer: B
Explanation:
QUESTION NO: 201
Which of the following is a correct sequence of different layers of Open System Interconnection
(OSI) model?
A. Physical layer, data link layer, network layer, transport layer, presentation layer, session layer,
and application layer
B. Physical layer, network layer, transport layer, data link layer, session layer, presentation layer,
and application layer
C. application layer, presentation layer, network layer, transport layer, session layer, data link
layer, and physical layer
D. Physical layer, data link layer, network layer, transport layer, session layer, presentation layer,
and application layer
Answer: D
Explanation:
QUESTION NO: 202
Which of the following are used to suppress gasoline and oil fires? Each correct answer
represents a complete solution. Choose three.
A. Water
B. CO2
C. Halon
D. Soda acid
Answer: B,C,D
Explanation:
QUESTION NO: 203
Fill in the blank with the appropriate phrase. The is a simple document that provides a high-level
view of the entire organization's disaster recovery efforts.
"Pass Any Exam. Any Time." - www.actualtests.com 68
ISC CISSP-ISSAP Exam
A. Executive summary
Answer: A
Explanation:
QUESTION NO: 204
You work as a Chief Security Officer for Tech Perfect Inc. You have configured IPSec and
ISAKMP protocol in the company's network in order to establish a secure communication
infrastructure. ccording to the Internet RFC 2408, which of the following services does the
ISAKMP protocol offer to the network? Each correct answer represents a part of the solution.
Choose all that apply.
A. It relies upon a system of security associations.
B. It provides key generation mechanisms.
C. It authenticates communicating peers.
D. It protects against threats, such as DoS attack, replay attack, etc.
Answer: B,C,D
Explanation:
QUESTION NO: 205
Which of the following methods offers a number of modeling practices and disciplines that
contribute to a successful service-oriented life cycle management and modeling?
A. Service-oriented modeling framework (SOMF)
B. Service-oriented modeling and architecture (SOMA)
C. Sherwood Applied Business Security Architecture (SABSA)
D. Service-oriented architecture (SOA)
Answer: A
Explanation:
QUESTION NO: 206
The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and
procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Which
of the following components does the PKI use to list those certificates that have been revoked or
are no longer valid?
"Pass Any Exam. Any Time." - www.actualtests.com 69
ISC CISSP-ISSAP Exam
A. Certification Practice Statement
B. Certificate Policy
C. Certificate Revocation List
D. Certification Authority
Answer: C
Explanation:
QUESTION NO: 207
You work as an Incident handling manager for a company. The public relations process of the
company includes an event that responds to the e-mails queries. But since few days, it is identified
that this process is providing a way to spammers to perform different types of e-mail attacks.
Which of the following phases of the Incident handling process will now be involved in resolving
this process and find a solution? Each correct answer represents a part of the solution. Choose all
that apply.
A. Identification
B. Eradication
C. Recovery
D. Contamination
E. Preparation
Answer: B,C,D
Explanation:
QUESTION NO: 208
Which of the following ports must be opened on the firewall for the VPN connection using Point-to-
Point Tunneling Protocol (PPTP)?
A. TCP port 110
B. TCP port 443
C. TCP port 5060
D. TCP port 1723
Answer: D
Explanation:
QUESTION NO: 209
Which of the following plans is a comprehensive statement of consistent actions to be taken
"Pass Any Exam. Any Time." - www.actualtests.com 70
ISC CISSP-ISSAP Exam
before, during, and after a disruptive event that causes a significant loss of information systems
resources?
A. Disaster recovery plan
B. Contingency plan
C. Business Continuity plan
D. Continuity of Operations plan
Answer: A
Explanation:
QUESTION NO: 210
Which of the following types of ciphers operates on a group of bits rather than an individual
character or bit of a message?
A. Block cipher
B. Classical cipher
C. Substitution cipher
D. Stream cipher
Answer: A
Explanation:
QUESTION NO: 211
Which of the following techniques can be used by an administrator while working with the
symmetric encryption cryptography? Each correct answer represents a complete solution. Choose
all that apply.
A. Block cipher
B. Stream cipher
C. Transposition cipher
D. Message Authentication Code
Answer: A,B,D
Explanation:
QUESTION NO: 212
Which of the following are types of access control attacks? Each correct answer represents a
"Pass Any Exam. Any Time." - www.actualtests.com 71
ISC CISSP-ISSAP Exam
complete solution. Choose all that apply.
A. Dictionary attack
B. Mail bombing
C. Spoofing
D. Brute force attack
Answer: B,C,D
Explanation:
QUESTION NO: 213
Which of the following authentication protocols sends a user certificate inside an encrypted
tunnel?
A. PEAP
B. EAP-TLS
C. WEP
D. EAP-FAST
Answer: B
Explanation:
QUESTION NO: 214
Which of the following is a form of gate that allows one person to pass at a time?
A. Biometric
B. Man-trap
C. Turnstile
D. Fence
Answer: C
Explanation:
QUESTION NO: 215
Which of the following algorithms can be used to check the integrity of a file?
158
"Pass Any Exam. Any Time." - www.actualtests.com 72
ISC CISSP-ISSAP Exam
Each correct answer represents a complete solution. Choose two.
A. md5
B. rsa
C. blowfish
D. sha
Answer: A,D
Explanation:
QUESTION NO: 216
You work as a Network Administrator for NetTech Inc. The company's network is connected to the
Internet. For security, you want to restrict unauthorized access to the network with minimum
administrative effort. You want to implement a hardware-based solution. What will you do to
accomplish this?
A. Connect a brouter to the network.
B. Implement a proxy server on the network.
C. Connect a router to the network.
D. Implement firewall on the network.
Answer: D
Explanation:
QUESTION NO: 217
The service-oriented modeling framework (SOMF) introduces five major life cycle modeling
activities that drive a service evolution during design-time and run-time. Which of the following
activities integrates SOA software assets and establishes SOA logical environment
dependencies?
A. Service-oriented business integration modeling
B. Service-oriented logical design modeling
C. Service-oriented discovery and analysis modeling
D. Service-oriented logical architecture modeling
Answer: D
Explanation:
QUESTION NO: 218
"Pass Any Exam. Any Time." - www.actualtests.com 73
ISC CISSP-ISSAP Exam
You are responsible for security at a building that has a lot of traffic. There are even a significant
number of non-employees coming in and out of the building. You are concerned about being able
to find out who is in the building at a particular time. What is the simplest way to accomplish this?
A. Implement a sign in sheet at the main entrance and route all traffic through there.
B. Have all people entering the building use smart cards for access.
C. Implement biometric access.
D. Implement cameras at all entrances.
Answer: A
Explanation:
QUESTION NO: 219
Which of the following security architectures defines how to integrate widely disparate applications
for a world that is Web-based and uses multiple implementation platforms?
A. Sherwood Applied Business Security Architecture
B. Service-oriented modeling and architecture
C. Enterprise architecture
D. Service-oriented architecture
Answer: D
Explanation:
QUESTION NO: 220
Which of the following methods of encryption uses a single key to encrypt and decrypt data?
A. Asymmetric
B. Symmetric
C. S/MIME
D. PGP
Answer: B
Explanation:
QUESTION NO: 221
The OSI reference model is divided into layers and each layer has a specific task to perform. At
which layer of OSI model is the File and Print service performed?
"Pass Any Exam. Any Time." - www.actualtests.com 74
ISC CISSP-ISSAP Exam
A. Session layer
B. Presentation layer
C. Transport layer
D. Application layer
Answer: D
Explanation:
QUESTION NO: 222
Which of the following cables provides maximum security against electronic eavesdropping on a
network?
A. Fibre optic cable
B. STP cable
C. UTP cable
D. NTP cable
Answer: A
Explanation:
QUESTION NO: 223
Which of the following password authentication schemes enables a user with a domain account to
log on to a network once, using a password or smart card, and to gain access to multiple
computers in the domain without being prompted to log in again?
A. Single Sign-On
B. One-time password
C. Dynamic
D. Kerberos
Answer: A
Explanation:
QUESTION NO: 224
Which of the following authentication methods provides credentials that are only valid during a
single session?
A. Kerberos v5
"Pass Any Exam. Any Time." - www.actualtests.com 75
ISC CISSP-ISSAP Exam
B. Smart card
C. Certificate
D. Token
Answer: D
Explanation:
QUESTION NO: 225
Perfect World Inc., provides its sales managers access to the company's network from remote
locations. The sales managers use laptops to connect to the network. For security purposes, the
company's management wants the sales managers to log on to the network using smart cards
over a remote connection. Which of the following authentication protocols should be used to
accomplish this?
A. Challenge Handshake Authentication Protocol (CHAP)
B. Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
C. Open Shortest Path First (OSPF)
D. Extensible Authentication Protocol (EAP)
Answer: D
Explanation:
QUESTION NO: 226
You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disaster scenario and
you want to discuss it with your team members for getting appropriate responses of the disaster.
In which of the following disaster recovery tests can this task be performed?
A. Full-interruption test
B. Parallel test
C. Simulation test
D. Structured walk-through test
Answer: C
Explanation:
QUESTION NO: 227
Your customer is concerned about security. He wants to make certain no one in the outside world
can see the IP addresses inside his network. What feature of a router would accomplish this?
"Pass Any Exam. Any Time." - www.actualtests.com 76
ISC CISSP-ISSAP Exam
A. Port forwarding
B. NAT
C. MAC filtering
D. Firewall
Answer: B
Explanation:
QUESTION NO: 228
You are responsible for a Microsoft based network. Your servers are all clustered. Which of the
following are the likely reasons for the clustering? Each correct answer represents a complete
solution. Choose two.
A. Reduce power consumption
B. Ease of maintenance
C. Failover
D. Load balancing
Answer: A,B
Explanation:
QUESTION NO: 229
Which of the following is the most secure method of authentication?
A. Smart card
B. Anonymous
C. Username and password
D. Biometrics
Answer: D
Explanation:
QUESTION NO: 230
Which of the following are the phases of the Certification and Accreditation (C&A) process? Each
correct answer represents a complete solution. Choose two.
"Pass Any Exam. Any Time." - www.actualtests.com 77
ISC CISSP-ISSAP Exam
A. Detection
B. Continuous Monitoring
C. Initiation
D. Auditing
Answer: B,C
Explanation:
QUESTION NO: 231
Which of the following cryptographic algorithm uses public key and private key to encrypt or
decrypt data ?
A. Asymmetric
B. Hashing
C. Numeric
D. Symmetric
Answer: A
Explanation:
QUESTION NO: 232
Sonya, a user, reports that she works in an electrically unstable environment where brownouts are
a regular occurrence. Which of the following will you tell her to use to protect her computer?
A. UPS
B. Multimeter
C. SMPS
D. CMOS battery
Answer: A
Explanation:
QUESTION NO: 233
Your company is covered under a liability insurance policy, which provides various liability
coverage for information security risks, including any physical damage of assets, hacking attacks,
etc. Which of the following risk management techniques is your company using?
A. Risk acceptance
"Pass Any Exam. Any Time." - www.actualtests.com 78
ISC CISSP-ISSAP Exam
B. Risk avoidance
C. Risk transfer
D. Risk mitigation
Answer: C
Explanation:
QUESTION NO: 234
Della works as a security manager for SoftTech Inc. She is training some of the newly recruited
personnel in the field of security management. She is giving a tutorial on DRP. She explains that
the major goal of a disaster recovery plan is to provide an organized way to make decisions if a
disruptive event occurs and asks for the other objectives of the DRP. If you are among some of
the newly recruited personnel in SoftTech Inc, what will be your answer for her question? Each
correct answer represents a part of the solution. Choose three.
A. Guarantee the reliability of standby systems through testing and simulation.
B. Protect an organization from major computer services failure.
C. Minimize the risk to the organization from delays in providing services.
D. Maximize the decision-making required by personnel during a disaster.
Answer: A,B,C
Explanation:
QUESTION NO: 235
You work as a Network Consultant. A company named Tech Perfect Inc. hires you for security
reasons. The manager of the company tells you to establish connectivity between clients and
servers of the network which prevents eavesdropping and tampering of data on the Internet.
Which of the following will you configure on the network to perform the given task?
A. WEP
B. IPsec
C. VPN
D. SSL
Answer: D
Explanation:
QUESTION NO: 236
The security controls that are implemented to manage physical security are divided in various
"Pass Any Exam. Any Time." - www.actualtests.com 79
ISC CISSP-ISSAP Exam
groups. Which of the following services are offered by the administrative physical security control
group? Each correct answer represents a part of the solution. Choose all that apply.
A. Construction and selection
B. Site management
C. Awareness training
D. Access control
E. Intrusion detection
F. Personnel control
Answer: A,B,C,F
Explanation:
QUESTION NO: 237
Jasmine is creating a presentation. She wants to ensure the integrity and authenticity of the
presentation. Which of the following will she use to accomplish the task?
A. Mark as final
B. Digital Signature
C. Restrict Permission
D. Encrypt Document
Answer: B
Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com 80
You might also like
- ORDS Configuration With Apache Tomcat and APEX in Linux ServerNo ratings yetORDS Configuration With Apache Tomcat and APEX in Linux Server4 pages
- Comptia Testkings cv0-003 Sample Question 2023-May-01 by Enoch 88q VceNo ratings yetComptia Testkings cv0-003 Sample Question 2023-May-01 by Enoch 88q Vce12 pages
- Cisco Testkings 210-260 v2016-06-06 by HSV 155qNo ratings yetCisco Testkings 210-260 v2016-06-06 by HSV 155q112 pages
- Pass4Test: IT Certification Guaranteed, The Easy Way!No ratings yetPass4Test: IT Certification Guaranteed, The Easy Way!7 pages
- EC-Council Computer Incident Handler Exam by DFAT1No ratings yetEC-Council Computer Incident Handler Exam by DFAT117 pages
- Securing Artificial Intelligence Systems Tda Cyber SnapshotNo ratings yetSecuring Artificial Intelligence Systems Tda Cyber Snapshot10 pages
- Actualtests - Sun.310 301.examcheatsheet.v12.28.04No ratings yetActualtests - Sun.310 301.examcheatsheet.v12.28.0448 pages
- Complete Download of Test Bank for Computer Security: Principles and Practice, 4th Edition, William Stallings, Lawrie Brown Full Chapters in PDF DOCX100% (14)Complete Download of Test Bank for Computer Security: Principles and Practice, 4th Edition, William Stallings, Lawrie Brown Full Chapters in PDF DOCX31 pages
- 18CSC364J - Information Security MCQ UNIT 4No ratings yet18CSC364J - Information Security MCQ UNIT 45 pages
- Explorning The Role of Machine Learning in Enhancing Cloud SecurityNo ratings yetExplorning The Role of Machine Learning in Enhancing Cloud Security5 pages
- Notes On Network Security Issues: From Security Courses At: Stern School of Business, NYU Georgia Tech100% (4)Notes On Network Security Issues: From Security Courses At: Stern School of Business, NYU Georgia Tech59 pages
- Cryptography An Introduction Continued : Shon Harris Cissp, 5 EditionNo ratings yetCryptography An Introduction Continued : Shon Harris Cissp, 5 Edition19 pages
- CISSP Practice - 2,250 Questions, Answers, and Explanations For Passing The Test - S. Rao VallabhaneniNo ratings yetCISSP Practice - 2,250 Questions, Answers, and Explanations For Passing The Test - S. Rao Vallabhaneni1,316 pages
- CEH Certified Ethical Hacker all in one exam guide 2nd edition Edition Horton download pdf100% (3)CEH Certified Ethical Hacker all in one exam guide 2nd edition Edition Horton download pdf81 pages
- Chapter 14: Key Management and DistributionNo ratings yetChapter 14: Key Management and Distribution6 pages
- CompTIA Security Plus SY0-601 - StudylibNo ratings yetCompTIA Security Plus SY0-601 - Studylib221 pages
- Ain Dumps 2024-Jan-08 by Robin 258q VceNo ratings yetAin Dumps 2024-Jan-08 by Robin 258q Vce19 pages
- Ec Council.2passeasy.312 50v12.PDF.2022 Oct 21.by - Christopher.169q.vceNo ratings yetEc Council.2passeasy.312 50v12.PDF.2022 Oct 21.by - Christopher.169q.vce16 pages
- Download (Ebook) CISSP All-in-One Exam Guide by Harris, Shon;Maymi, Fernando ISBN 9780071849265, 9780071849272, 0071849262, 0071849270 ebook All Chapters PDF100% (5)Download (Ebook) CISSP All-in-One Exam Guide by Harris, Shon;Maymi, Fernando ISBN 9780071849265, 9780071849272, 0071849262, 0071849270 ebook All Chapters PDF65 pages
- Full download Test Bank for Network Security Essentials Applications and Standards, 5/E 5th Edition William Stallings pdf docx100% (16)Full download Test Bank for Network Security Essentials Applications and Standards, 5/E 5th Edition William Stallings pdf docx42 pages
- CISSP 2024 Practice Exam Questions and AnswersNo ratings yetCISSP 2024 Practice Exam Questions and Answers14 pages
- Explain Each of The Following Symmetric Key Algorithms in 50-100 and List at Least Two (2) Usages For Each of Symmetric Key Algorithms100% (1)Explain Each of The Following Symmetric Key Algorithms in 50-100 and List at Least Two (2) Usages For Each of Symmetric Key Algorithms9 pages
- Be It Certified ECCouncil 312-49 Free Questions DumpsNo ratings yetBe It Certified ECCouncil 312-49 Free Questions Dumps10 pages
- CompTIA Security+ Certification Exam SY0-601 Cryptographic Concepts QuizNo ratings yetCompTIA Security+ Certification Exam SY0-601 Cryptographic Concepts Quiz15 pages
- This Study Resource Was: Chapter 14 - IT Security Management and Risk AssessmentNo ratings yetThis Study Resource Was: Chapter 14 - IT Security Management and Risk Assessment6 pages
- ISC - Actualtests.cissp ISSAP.v2015!03!13.by - Adella.237qNo ratings yetISC - Actualtests.cissp ISSAP.v2015!03!13.by - Adella.237q68 pages
- Beacon Pharmaceuticals Limited_Bishwanath DasNo ratings yetBeacon Pharmaceuticals Limited_Bishwanath Das8 pages
- Impact of Agent Banking On Bank Profitability in BangladeshNo ratings yetImpact of Agent Banking On Bank Profitability in Bangladesh42 pages
- ALU - DMX - 7 1 Metropolis DMX Installation Guide100% (1)ALU - DMX - 7 1 Metropolis DMX Installation Guide408 pages
- Antennas in Satellite Communication TypeNo ratings yetAntennas in Satellite Communication Type16 pages
- 3.0.1 Welcome 3.0.1.1 Chapter 3: Network Protocols and CommunicationsNo ratings yet3.0.1 Welcome 3.0.1.1 Chapter 3: Network Protocols and Communications23 pages
- Hybrid Combiner 4:4 698 - 2690 MHZ 4 X 150 W: Technical Data Type No. 78210534No ratings yetHybrid Combiner 4:4 698 - 2690 MHZ 4 X 150 W: Technical Data Type No. 782105342 pages
- Rockspay Business Proposal: Executive SummaryNo ratings yetRockspay Business Proposal: Executive Summary1 page
- Class Range Example Number of Networks Number of Hosts in Each Subnet ANo ratings yetClass Range Example Number of Networks Number of Hosts in Each Subnet A8 pages
- IMC100 Series V1.0.0 Datasheet - 20210402No ratings yetIMC100 Series V1.0.0 Datasheet - 202104026 pages
- Manual de Transferencia de Datos de AMS Machinery Healt ManagerNo ratings yetManual de Transferencia de Datos de AMS Machinery Healt Manager106 pages
- Task 1 - Configuring and Testing Remote Desktop RDSNo ratings yetTask 1 - Configuring and Testing Remote Desktop RDS4 pages
- 28.8 A 21dBm-OP1dB 20.3-Efficiency - 131.8dBm Hz-Noise X-Band Cartesian-Error-Feedback Transmitter With Fully Integrated Power Amplifier in 65nm CMOSNo ratings yet28.8 A 21dBm-OP1dB 20.3-Efficiency - 131.8dBm Hz-Noise X-Band Cartesian-Error-Feedback Transmitter With Fully Integrated Power Amplifier in 65nm CMOS3 pages
- Reliance F271i (B191) Chino-E Circuit Diagram DVT2 SCHNo ratings yetReliance F271i (B191) Chino-E Circuit Diagram DVT2 SCH25 pages
- A6. How To Configure Voucher Portal For Different Privilege Users Via Omada SDN ControllerNo ratings yetA6. How To Configure Voucher Portal For Different Privilege Users Via Omada SDN Controller11 pages
- E108-GN02D User Manual: GK9501 Positioning ModuleNo ratings yetE108-GN02D User Manual: GK9501 Positioning Module11 pages
- 2025 - Satellite Communications and Networks by Hoyhtya MNo ratings yet2025 - Satellite Communications and Networks by Hoyhtya M173 pages
- UWB Performance of Compact L-Shaped Wide Slot AntennasNo ratings yetUWB Performance of Compact L-Shaped Wide Slot Antennas5 pages
