CISSP-ISSAP Exam - Information Systems Security Architecture Professional

NEW QUESTION 1
Which of the following is used to authenticate asymmetric keys?

• A. Digital signature
• B. MAC Address
• C. Demilitarized zone (DMZ)
• D. Password

Answer: A

NEW QUESTION 2
The service-oriented modeling framework (SOMF) introduces five major life cycle modeling activities that drive a service evolution during design-time and run-time. Which of the following activities integrates SOA software assets and establishes SOA logical environment dependencies?

• A. Service-oriented business integration modeling
• B. Service-oriented logical design modeling
• C. Service-oriented discovery and analysis modeling
• D. Service-oriented logical architecture modeling

Answer: D

NEW QUESTION 3
Sonya, a user, reports that she works in an electrically unstable environment where brownouts are a regular occurrence. Which of the following will you tell her to use to protect her computer?

• A. UPS
• B. Multimeter
• C. SMPS
• D. CMOS battery

Answer: A

NEW QUESTION 4
Which of the following types of ciphers operates on a group of bits rather than an individual character or bit of a message?

• A. Block cipher
• B. Classical cipher
• C. Substitution cipher
• D. Stream cipher

Answer: A

NEW QUESTION 5
Which of the following processes is used to identify relationships between mission critical applications, processes, and operations and all supporting elements?

• A. Critical path analysis
• B. Functional analysis
• C. Risk analysis
• D. Business impact analysis

Answer: A

NEW QUESTION 6
Fill in the blank with the appropriate security method. ______ is a system, which enables an authority to control access to areas and resources in a given physical facility, or computer- based information system.

• A. Access control

Answer: A

NEW QUESTION 7
You work as a Network Administrator of a TCP/IP network. You are having DNS resolution problem. Which of the following utilities will you use to diagnose the problem?

• A. TRACERT
• B. PING
• C. IPCONFIG
• D. NSLOOKUP

Answer: D

NEW QUESTION 8
You are the Security Consultant advising a company on security methods. This is a highly secure location that deals with sensitive national defense related data. They are very concerned about physical security as they had a breach last month. In that breach an individual had simply grabbed a laptop and ran out of the building. Which one of the following would have been most effective in preventing this?

• A. Not using laptop
• B. Keeping all doors locked with a guar
• C. Using a man-tra
• D. A sign in lo

Answer: C

NEW QUESTION 9
Which of the following methods of encryption uses a single key to encrypt and decrypt data?

• A. Asymmetric
• B. Symmetric
• C. S/MIME
• D. PGP

Answer: B

NEW QUESTION 10
John works as a Network Administrator for NetPerfect Inc. The company has a Windows-based network. John has been assigned a project to build a network for the sales department of the company. It is important for the LAN to continue working even if there is a break in the cabling. Which of the following topologies should John use to accomplish the task?

• A. Star
• B. Mesh
• C. Bus
• D. Ring

Answer: B

NEW QUESTION 11
Which of the following should the administrator ensure during the test of a disaster recovery plan?

• A. Ensure that the plan works properly
• B. Ensure that all the servers in the organization are shut dow
• C. Ensure that each member of the disaster recovery team is aware of their responsibilit
• D. Ensure that all client computers in the organization are shut dow

Answer: AC

NEW QUESTION 12
Which of the following is an electrical event shows that there is enough power on the grid to prevent from a total power loss but there is no enough power to meet the current electrical demand?

• A. Power Surge
• B. Power Spike
• C. Blackout
• D. Brownout

Answer: D

NEW QUESTION 13
Which of the following are the initial steps required to perform a risk analysis process? Each correct answer represents a part of the solution. Choose three.

• A. Estimate the potential losses to assets by determining their valu
• B. Establish the threats likelihood and regularit
• C. Valuations of the critical assets in hard cost
• D. Evaluate potential threats to the asset

Answer: ABD

NEW QUESTION 14
Andrew works as a Network Administrator for Infonet Inc. The company's network has a Web server that hosts the company's Web site. Andrew wants to increase the security of the Web site by implementing Secure Sockets Layer (SSL). Which of the following types of encryption does SSL use? Each correct answer represents a complete solution. Choose two.

• A. Synchronous
• B. Secret
• C. Asymmetric
• D. Symmetric

Answer: CD

NEW QUESTION 15
Which of the following are used to suppress paper or wood fires? Each correct answer represents a complete solution. Choose two.

• A. Soda acid
• B. Kerosene
• C. Water
• D. CO2

Answer: AC

NEW QUESTION 16
Which of the following are the phases of the Certification and Accreditation (C&A) process? Each correct answer represents a complete solution. Choose two.

• A. Detection
• B. Continuous Monitoring
• C. Initiation
• D. Auditing

Answer: BC

NEW QUESTION 17
The ATM of a bank is robbed by breaking the ATM machine. Which of the following physical security devices can now be used for verification and historical analysis of the ATM robbery?

• A. Key card
• B. Biometric devices
• C. Intrusion detection systems
• D. CCTV Cameras

Answer: D

NEW QUESTION 18
In which of the following Person-to-Person social engineering attacks does an attacker pretend to be an outside contractor, delivery person, etc., in order to gain physical access to the organization?

• A. In person attack
• B. Third-party authorization attack
• C. Impersonation attack
• D. Important user posing attack

Answer: C

NEW QUESTION 19
Which of the following is a method for transforming a message into a masked form, together with a way of undoing the transformation to recover the message?

• A. Cipher
• B. CrypTool
• C. Steganography
• D. MIME

Answer: A

NEW QUESTION 20
Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

• A. Integrity
• B. Availability
• C. Authenticity
• D. Confidentiality

Answer: D

NEW QUESTION 21
Which of the following password authentication schemes enables a user with a domain account to log on to a network once, using a password or smart card, and to gain access to multiple computers in the domain without being prompted to log in again?

• A. Single Sign-On
• B. One-time password
• C. Dynamic
• D. Kerberos

Answer: A

NEW QUESTION 22
You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disaster scenario and you want to discuss it with your team members for getting appropriate responses of the disaster. In which of the following disaster recovery tests can this task be performed?

• A. Full-interruption test
• B. Parallel test
• C. Simulation test
• D. Structured walk-through test

Answer: C

NEW QUESTION 23
Which of the following encryption methods comes under symmetric encryption algorithm? Each correct answer represents a complete solution. Choose three.

• A. DES
• B. Blowfish
• C. RC5
• D. Diffie-Hellman

Answer: ABC

NEW QUESTION 24
Which of the following is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in business continuity?

• A. RCO
• B. RTO
• C. RPO
• D. RTA

Answer: B

NEW QUESTION 25
Which of the following are used to suppress gasoline and oil fires? Each correct answer represents a complete solution. Choose three.

• A. Water
• B. CO2
• C. Halon
• D. Soda acid

Answer: BCD

NEW QUESTION 26
You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the Incident handling process will utilize the signature to resolve this incident?

• A. Eradication
• B. Identification
• C. Recovery
• D. Containment

Answer: A

NEW QUESTION 27
Which of the following methods will allow data to be sent on the Internet in a secure format?

• A. Serial Line Interface Protocol
• B. Point-to-Point Protocol
• C. Browsing
• D. Virtual Private Networks

Answer: D

NEW QUESTION 28
Which of the following statements about Discretionary Access Control List (DACL) is true?

• A. It specifies whether an audit activity should be performed when an object attempts to access a resourc
• B. It is a unique number that identifies a user, group, and computer accoun
• C. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the objec
• D. It is a rule list containing access control entrie

Answer: C

NEW QUESTION 29
Which of the following is the process of finding weaknesses in cryptographic algorithms and obtaining the plaintext or key from the ciphertext?

• A. Kerberos
• B. Cryptography
• C. Cryptographer
• D. Cryptanalysis

Answer: D

NEW QUESTION 30
Which of the following protocols supports encapsulation of encrypted packets in secure wrappers that can be transmitted over a TCP/IP connection?

• A. PPTP
• B. UDP
• C. IPSec
• D. PAP

Answer: A

NEW QUESTION 31
......