CISSP-ISSAP Practice Questions
244 real CISSP-ISSAP exam questions with expert-verified answers and explanations. Page 2 of 5.
- Question #51Infrastructure Security
(ISC)2 CISSP-ISSAP Exam You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to...
Disaster Recovery (DR)DR Site TypesCold SitesBudget Constraints - Question #52Identity and Access Management (IAM) Architecture
Which of the following are the centralized administration technologies? Each correct answer represents a complete solution. Choose all that apply.
AAARADIUSTACACS+Centralized Administration - Question #53Identity and Access Management (IAM) Architecture
You are implementing some security services in an organization, such as smart cards, biometrics, access control lists, firewalls, intrusion detection systems, and clipping levels....
Access ControlLogical Access ControlsAuthenticationNetwork Security Controls - Question #54Infrastructure Security
You work as a Network Administrator for Net World Inc. You are required to configure a VLAN for the company. Which of the following devices will you use to physically connect the c...
VLANsNetwork DevicesLayer 2/3 Networking - Question #55Infrastructure Security
Which of the following protocols work at the Network layer of the OSI model? (ISC)2 CISSP-ISSAP Exam
OSI ModelNetwork ProtocolsLayer 3 ProtocolsRouting Protocols - Question #56Infrastructure Security
Which of the following are used to suppress paper or wood fires? Each correct answer represents a complete solution. Choose two.
Fire safetyFire extinguishersClass A firesPhysical security - Question #57Infrastructure Security
Mark works as a Network Administrator for NetTech Inc. He wants to connect the company's headquarter and its regional offices using a WAN technology. For this, he uses packet-switc...
WAN TechnologiesPacket SwitchingNetwork ConnectivityInfrastructure Design - Question #58Identity and Access Management (IAM) Architecture
Fill in the blank with the appropriate security method. ____________ is a system, which enables an authority to control access to areas and resources in a given physical facility,...
Access ControlSecurity SystemsAuthorization - Question #59Security Operations Architecture
In which of the following types of tests are the disaster recovery checklists distributed to the members of disaster recovery team and asked to review the assigned checklist?
Disaster Recovery TestingChecklist TestBusiness Continuity PlanningOperational Resilience - Question #60Infrastructure Security
Which of the following heights of fence deters only casual trespassers?
Physical SecurityPerimeter SecurityFencesSecurity Controls - Question #61Infrastructure Security
In which of the following cryptographic attacking techniques does an attacker obtain encrypted messages that have been encrypted using the same encryption algorithm?
Cryptographic attacksCiphertext only attackCryptography fundamentalsAttack models - Question #62Architect for Governance, Risk, and Compliance
Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?
Risk ManagementQuantitative Risk AnalysisAnnualized Rate of Occurrence (ARO)Threat Frequency - Question #63Infrastructure Security
You work as a Chief Security Officer for Tech Perfect Inc. The company has a TCP/IP based network. You want to use a firewall that can track the state of active connections of the...
Firewall typesNetwork securityStateful inspectionDynamic packet filtering - Question #65Identity and Access Management (IAM) Architecture
Which of the following uses a Key Distribution Center (KDC) to authenticate a principle?
KerberosKey Distribution Center (KDC)Authentication ProtocolsIdentity Management - Question #66Identity and Access Management (IAM) Architecture
Which of the following is a network service that stores and organizes information about a network users and network resources and that allows administrators to manage users' access...
Directory ServicesIAMNetwork Services - Question #67Infrastructure Security
You work as a Network Administrator for Net Soft Inc. You are designing a data backup plan for your company's network. The backup policy of the company requires high security and e...
Backup StrategyDisaster RecoveryOffsite StorageData Protection - Question #68Security Architecture Modeling
Which of the following are types of asymmetric encryption algorithms? Each correct answer represents a complete solution. Choose two.
Asymmetric encryptionCryptographyRSAECC - Question #69Infrastructure Security
Which of the following attacks allows the bypassing of access control lists on servers or routers, and helps an attacker to hide? Each correct answer represents a complete solution...
Network AttacksIP SpoofingMAC SpoofingAccess Control Bypass - Question #70Identity and Access Management (IAM) Architecture
You are the Network Administrator at a large company. Your company has a lot of contractors and other outside parties that come in and out of the building. For this reason you are...
Authentication tokensHardware tokensAuthentication factorsAuthentication protocols - Question #71Infrastructure Security
Which of the following LAN protocols use token passing for exchanging signals among various stations on the network? Each correct answer represents a complete solution. Choose two.
LAN ProtocolsToken PassingNetwork Access MethodsIEEE Standards - Question #72Infrastructure Security
Which of the following components come under the network layer of the OSI model? Each correct answer represents a complete solution. Choose two.
OSI ModelNetwork LayerNetwork DevicesFirewalls - Question #73Infrastructure Security
Which of the following are examples of physical controls used to prevent unauthorized access to sensitive materials?
Physical securityAccess controlSecurity controlsInfrastructure protection - Question #74Infrastructure Security
At which of the following layers of the Open System Interconnection (OSI) model the Internet Control Message Protocol (ICMP) and the Internet Group Management Protocol (IGMP) work?
OSI ModelNetwork LayerICMPIGMP - Question #75Infrastructure Security
Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS) to encrypt the data stored on a disk on a file-by-file basis?
EFS (Encrypting File System)CryptographyPublic Key CryptographyDigital Certificates - Question #76Identity and Access Management (IAM) Architecture
Which of the following statements about Discretionary Access Control List (DACL) is true?
DACLAccess ControlIAM - Question #77Infrastructure Security
(ISC)2 CISSP-ISSAP Exam Which of the following methods will allow data to be sent on the Internet in a secure format?
VPNSecure CommunicationNetwork SecurityData Transmission - Question #78Infrastructure Security
Which of the following are used to suppress electrical and computer fires? Each correct answer represents a complete solution. Choose two.
Fire suppressionPhysical securityElectrical safety - Question #79Infrastructure Security
Which of the following are natural environmental threats that an organization faces? Each correct answer represents a complete solution. Choose two.
Natural ThreatsEnvironmental ThreatsRisk Identification - Question #80Infrastructure Security
Which of the following keys are included in a certificate revocation list (CRL) of a public key infrastructure (PKI)? Each correct answer represents a complete solution. Choose two...
PKICertificate Revocation ListDigital CertificatesCryptography - Question #81Architect for Application Security
Which of the following SDLC phases consists of the given security controls: Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requireme...
SDLC SecurityApplication SecurityThreat ModelingSecurity Design - Question #82Identity and Access Management (IAM) Architecture
A company named Money Builders Inc., hires you to provide consultancy for setting up their Windows network. The company's server room will be in a highly secured environment. You a...
Authentication MethodsBiometric AuthenticationIdentity and Access Management - Question #83Infrastructure Security
You are the Security Consultant and have been contacted by a client regarding their encryption and hashing algorithms. Their in-house network administrator tells you that their cur...
Hashing algorithmsMD5Cryptographic weaknessesCollision resistance - Question #84Infrastructure Security
You work as a Network Administrator for Net Perfect Inc. The company has a Linux-based network. You need to configure a firewall for the company. The firewall should be able to kee...
Firewall typesStateful inspectionNetwork securityPerimeter defense - Question #85Identity and Access Management (IAM) Architecture
Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptiti...
Shoulder surfingConfidentialityPhysical security attacksPassword compromise - Question #86Architect for Governance, Risk, and Compliance
Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavaila...
Business Continuity PlanningDisaster RecoveryOrganizational ResilienceRisk Management - Question #87Infrastructure Security
Which of the following processes is used by remote users to make a secure connection to internal resources after establishing an Internet connection?
TunnelingVPNRemote AccessNetwork Security - Question #88Architect for Governance, Risk, and Compliance
You work as a Security Manager for Tech Perfect Inc. A number of people are involved with you in the DRP efforts. You have maintained several different types of plan documents, int...
Disaster Recovery PlanningDocumentationStakeholder CommunicationExecutive Summary - Question #89Infrastructure Security
Which of the following protects against unauthorized access to confidential information via encryption and works at the network layer? (ISC)2 CISSP-ISSAP Exam
IPSecNetwork SecurityEncryptionOSI Network Layer - Question #90Infrastructure Security
Which of the following statements are true about Public-key cryptography? Each correct answer represents a complete solution. Choose two.
Public-key cryptographyAsymmetric encryptionConfidentialityDigital signatures - Question #91Infrastructure Security
Which of the following backup types backs up files that have been added and all data that have been modified since the most recent backup was performed?
Incremental BackupData BackupData ProtectionRecovery Strategy - Question #92Identity and Access Management (IAM) Architecture
You are responsible for security at a hospital. Since many computers are accessed by multiple employees 24 hours a day, 7 days a week, controlling physical access to computers is v...
Identity and Access ManagementAuthenticationSmart CardsAccess Control - Question #93Infrastructure Security
In which of the following cryptographic attacking techniques does the attacker pick up the information to be encrypted and take a copy of it with the encrypted data?
Cryptographic attacksChosen plaintext attackCryptography - Question #94Infrastructure Security
Which of the following are the goals of a public key infrastructure (PKI)? Each correct answer represents a part of the solution. Choose all that apply.
PKICryptographyDigital CertificatesSecurity Services - Question #95Infrastructure Security
Which of the following encryption modes has the property to allow many error correcting codes to function normally even when applied before encryption?
Encryption ModesOFB ModeError Correction CodesCryptography - Question #96Architect for Application Security
In which of the following phases of the SDLC does the software and other components of the system faithfully incorporate the design specifications and provide proper documentation...
SDLCSoftware Development Life CycleImplementation PhaseTraining and Documentation - Question #97Identity and Access Management (IAM) Architecture
You are the administrator for YupNo.com. You want to increase and enhance the security of your computers and simplify deployment. You are especially concerned with any portable com...
Smart CardsMulti-factor AuthenticationRemote Access SecurityIdentity and Access Management - Question #98Infrastructure Security
You have just set up a wireless network for customers at a coffee shop. Which of the following are good security measures to implement? Each correct answer represents a complete so...
Wireless SecurityNetwork EncryptionWi-Fi ProtocolsPublic Wi-Fi Security - Question #99Infrastructure Security
Which of the following protocols provides the highest level of VPN security with a VPN connection that uses the L2TP protocol?
VPN securityL2TPIPSecNetwork protocols - Question #100Infrastructure Security
Which of the following encryption methods comes under symmetric encryption algorithm? Each correct answer represents a complete solution. Choose three.
Symmetric EncryptionCryptographic AlgorithmsBlock CiphersData Encryption - Question #101Infrastructure Security
Which of the following uses public key cryptography to encrypt the contents of files?
File EncryptionEFSPublic Key Cryptography