The Actual Exam Version included actual exam questions verified by IT Experts. We verified questions and updated frequently each month and also based on members’ feedback to keep updating with the real exam. We are offering money back immediately if questions in our Actual Exam Version do not appear in your exam. Highly recommend you take the Actual Exam Version then go to the exam as soon as possible.

CISSP-ISSAP Information Systems Security Architecture Professional Actual Exam

QUESTION NO: 61
You have been assigned the task of selecting a hash algorithm. The algorithm will be specifically used to ensure the integrity of certain sensitive files. It must use a 128 bit hash value. Which of the following should you use?

A. AES
B. SHA
C. MD5
D. DES

QUESTION NO: 62
Which of the following are the countermeasures against a man-in-the-middle attack? Each correct answer represents a complete solution. Choose all that apply.

A. Using public key infrastructure authentication.
B. Using basic authentication.
C. Using Secret keys for authentication.
D. Using Off-channel verification.

QUESTION NO: 63
Which of the following is an electrical event that shows that there is enough power on the grid to prevent from a total power loss but there is not enough power to meet the current electrical demand?

A. Power Surge
B. Power Spike
C. Blackout
D. Brownout

QUESTION NO: 64
Which of the following protocols is designed to efficiently handle high-speed data over wide area networks (WANs)?

A. PPP
B. X.25
C. Frame relay
D. SLIP

QUESTION NO: 65
Which of the following statements best describes a certification authority?

A. A certification authority is a technique to authenticate digital documents by using computer cryptography.
B. A certification authority is a type of encryption that uses a public key and a private key pair for data encryption.
C. A certification authority is an entity that issues digital certificates for use by other parties.
D. A certification authority is a type of encryption that uses a single key to encrypt and decrypt data.

QUESTION NO: 66
In which of the following alternative processing sites is the backup facility maintained in a constant order, with a full complement of servers, workstations, and communication links ready to assume the primary operations responsibility?

A. Hot Site
B. Mobile Site
C. Warm Site
D. Cold Site

QUESTION NO: 67
Which of the following should the administrator ensure during the test of a disaster recovery plan?

A. Ensure that the plan works properly
B. Ensure that all the servers in the organization are shut down.
C. Ensure that each member of the disaster recovery team is aware of their responsibility.
D. Ensure that all client computers in the organization are shut down.

QUESTION NO: 68
The service-oriented modeling framework (SOMF) provides a common modeling notation to address alignment between business and IT organizations. Which of the following principles does the SOMF concentrate on? Each correct answer represents a part of the solution. Choose all that apply.

A. Disaster recovery planning
B. SOA value proposition
C. Software assets reuse
D. Architectural components abstraction
E. Business traceability

QUESTION NO: 69
You want to connect a twisted pair cable segment to a fiber-optic cable segment. Which of the following networking devices will you use to accomplish the task?

A. Hub
B. Switch
C. Repeater
D. Router

QUESTION NO: 70
In your office, you are building a new wireless network that contains Windows 2003 servers. To establish a network for secure communication, you have to implement IPSec security policy on the servers. What authentication methods can you use for this implementation? Each correct answer represents a complete solution. Choose all that apply.

A. Public-key cryptography
B. Kerberos
C. Preshared keys
D. Digital certificates

QUESTION NO: 71
Which of the following two components does Kerberos Key Distribution Center (KDC) consist of? Each correct answer represents a complete solution. Choose two.

A. Data service
B. Ticket-granting service
C. Account service
D. Authentication service

QUESTION NO: 72
Kerberos is a computer network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Which of the following statements are true about the Kerberos authentication scheme? Each correct answer represents a complete solution. Choose all that apply.

A. Kerberos requires continuous availability of a central server.
B. Dictionary and brute force attacks on the initial TGS response to a client may reveal the subject’s passwords.
C. Kerberos builds on Asymmetric key cryptography and requires a trusted third party.
D. Kerberos requires the clocks of the involved hosts to be synchronized.

QUESTION NO: 73
An organization is seeking to implement a hot site and wants to maintain a live database server at the backup site. Which of the following solutions will be the best for the organization?

A. Electronic vaulting
B. Remote journaling
C. Remote mirroring
D. Transaction logging

QUESTION NO: 74
A helpdesk technician received a phone call from an administrator at a remote branch office. The administrator claimed to have forgotten the password for the root account on UNIX servers and asked for it. Although the technician didn’t know any administrator at the branch office, the guy sounded really friendly and since he knew the root password himself, he supplied the caller with the password. What type of attack has just occurred?

A. Social Engineering attack
B. Brute Force attack
C. War dialing attack
D. Replay attack

QUESTION NO: 75
You work as a Network Administrator of a TCP/IP network. You are having a DNS resolution problem. Which of the following utilities will you use to diagnose the problem?

A. TRACERT
B. PING
C. IPCONFIG
D. NSLOOKUP

QUESTION NO: 76
The IPSec protocol is configured in an organization’s network in order to maintain a complete infrastructure for secured network communications. IPSec uses four components for this. Which of the following components reduces the size of data transmitted over congested network connections and increases the speed of such networks without losing data?

A. AH
B. ESP
C. IPcomp
D. IKE

QUESTION NO: 77
You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You want to perform the following tasks: Develop a risk-driven enterprise information security architecture. Deliver security infrastructure solutions that support critical business initiatives. Which of the following methods will you use to accomplish these tasks?

A. Service-oriented architecture
B. Sherwood Applied Business Security Architecture
C. Service-oriented modeling framework
D. Service-oriented modeling and architecture

QUESTION NO: 78
A network is configured on a Bus topology. Which of the following conditions could cause a network failure? Each correct answer represents a complete solution. Choose all that apply.

A. A break in a network cable
B. 75 ohm terminators at open ends
C. A powered off workstation
D. An open-ended cable without terminators

QUESTION NO: 79
Which of the following is an input device that is used for controlling machines such as cranes, trucks, underwater unmanned vehicles, wheelchairs, surveillance cameras, and zero turning radius lawn mowers?

A. PS/2
B. Joystick
C. Microphone
D. AGP

QUESTION NO: 80
Which of the following types of attacks is often performed by looking surreptitiously at the keyboard or monitor of an employee’s computer?

A. Buffer-overflow attack
B. Man-in-the-middle attack
C. Shoulder surfing attack
D. Denial-of-Service (DoS) attack

QUESTION NO: 81
A digital signature is a type of public key cryptography. Which of the following statements are true about digital signatures? Each correct answer represents a complete solution. Choose all that apply.

A. In order to digitally sign an electronic record, a person must use his/her public key.
B. In order to verify a digital signature, the signer’s private key must be used.
C. In order to digitally sign an electronic record, a person must use his/her private key.
D. In order to verify a digital signature, the signer’s public key must be used.

QUESTION NO: 82
An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to?

A. Mutual
B. Anonymous
C. Multi-factor
D. Biometrics

QUESTION NO: 83
You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the Incident handling process will utilize the signature to resolve this incident?

A. Eradication
B. Identification
C. Recovery
D. Containment

QUESTION NO: 84
In which of the following access control models can a user not grant permissions to other users to see a copy of an object marked as secret that he has received, unless they have the appropriate permissions?

A. Discretionary Access Control (DAC)
B. Role Based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Access Control List (ACL)

QUESTION NO: 85
Which of the following protocols provides connectionless integrity and data origin authentication of IP packets?

A. ESP
B. AH
C. IKE
D. ISAKMP

QUESTION NO: 86
The network you administer allows owners of objects to manage the access to those objects via access control lists. This is an example of what type of access control?

A. RBAC
B. MAC
C. CIA
D. DAC

QUESTION NO: 87
Which of the following processes is used to identify relationships between mission critical applications, processes, and operations and all supporting elements?

A. Critical path analysis
B. Functional analysis
C. Risk analysis
D. Business impact analysis

QUESTION NO: 88
Which of the following devices is a least expensive power protection device for filtering the electrical stream to control power surges, noise, power sags, and power spikes?

A. Line Conditioner
B. Surge Suppressor
C. Uninterrupted Power Supply (UPS)
D. Expansion Bus

QUESTION NO: 89
You work as a Project Manager for Tech Perfect Inc. You are creating a document which emphasizes the formal study of what your organization is doing currently and where it will be in the future. Which of the following analysis will help you in accomplishing the task?

A. Cost-benefit analysis
B. Gap analysis
C. Requirement analysis
D. Vulnerability analysis

QUESTION NO: 90
SSH is a network protocol that allows data to be exchanged between two networks using a secure channel. Which of the following encryption algorithms can be used by the SSH protocol? Each correct answer represents a complete solution. Choose all that apply.

A. Blowfish
B. DES
C. IDEA
D. RC4

What next?

• https://www.awslagi.com/cissp-issap-information-systems-security-architecture-professional-exam-question-part-1
• https://www.awslagi.com/cissp-issap-information-systems-security-architecture-professional-exam-question-part-2
• https://www.awslagi.com/cissp-issap-information-systems-security-architecture-professional-exam-question-part-3