ISSAP Online Practice Questions and Answers

Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?

A. Integrity

B. Confidentiality

C. Authentication

D. Non-repudiation

You are the Network Administrator for a college. You watch a large number of people (some not even students) going in and out of areas with campus computers (libraries, computer labs, etc.). You have had a problem with laptops being stolen. What is the most cost effective method to prevent this?

A. Smart card access to all areas with computers.

B. Use laptop locks.

C. Video surveillance on all areas with computers.

D. Appoint a security guard.

In your office, you are building a new wireless network that contains Windows 2003 servers. To establish a network for secure communication, you have to implement IPSec security policy on the servers. What authentication methods can you use for this implementation? Each correct answer represents a complete solution. Choose all that apply.

A. Public-key cryptography

B. Kerberos

C. Preshared keys

D. Digital certificates

Which of the following is the technology of indoor or automotive environmental comfort?

A. HIPS

B. HVAC

C. NIPS

D. CCTV

Which of the following security protocols provides confidentiality, integrity, and authentication of network traffic with end-to-end and intermediate-hop security?

A. IPSec

B. SET

C. SWIPE

D. SKIP

You are calculating the Annualized Loss Expectancy (ALE) using the following formula: ALE=AV * EF * ARO What information does the AV (Asset Value) convey?

A. It represents how many times per year a specific threat occurs.

B. It represents the percentage of loss that an asset experiences if an anticipated threat occurs.

C. It is expected loss for an asset due to a risk over a one year period.

D. It represents the total cost of an asset, including the purchase price, recurring maintenance, expenses, and all other costs.

What are the benefits of using AAA security service in a network? Each correct answer represents a part of the solution. Choose all that apply.

A. It provides scalability.

B. It supports a single backup system.

C. It increases flexibility and control of access configuration.

D. It supports RADIUS, TACACS+, and Kerberos authentication methods.

Which of the following are natural environmental threats that an organization faces? Each correct answer represents a complete solution. Choose two.

A. Strikes

B. Floods

C. Accidents

D. Storms

In which of the following phases of the SDLC does the software and other components of the system faithfully incorporate the design specifications and provide proper documentation and training?

A. Initiation

B. Programming and training

C. Design

D. Evaluation and acceptance

Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?

A. Eradication phase

B. Recovery phase

C. Containment phase

D. Preparation phase

E. Identification phase

Which of the following protocols supports encapsulation of encrypted packets in secure wrappers that can be transmitted over a TCP/IP connection?

A. PPTP

B. UDP

C. IPSec

D. PAP

Which of the following is an infrastructure system that allows the secure exchange of data over an unsecured network?

A. PMK

B. PTK

C. PKI

D. GTK

Which of the following techniques can be used by an administrator while working with the symmetric encryption cryptography? Each correct answer represents a complete solution. Choose all that apply.

A. Block cipher

B. Stream cipher

C. Transposition cipher

D. Message Authentication Code

Which of the following is the most secure method of authentication?

A. Smart card

B. Anonymous

C. Username and password

D. Biometrics

The security controls that are implemented to manage physical security are divided in various groups. Which of the following services are offered by the administrative physical security control group? Each correct answer represents a part of the solution. Choose all that apply.

A. Construction and selection

B. Site management

C. Awareness training

D. Access control

E. Intrusion detection

F. Personnel control