ISSAP Dumps ISSAP Braindumps ISSAP Real Questions ISSAP Practice Test ISSAP Actual Questions ISC2 ISSAP Information Systems Security Architecture Professional (ISSAP) https://killexams.com/pass4sure/exam-detail/ISSAP environment the customer will not even know the main database server is down. Clustering also provides load balancing. This is critical for Web servers in high volume e-commerce situations. Clustering allows the load to be distributed over many computers rather than focused on a single server. QUESTION: 240 Drag and drop the appropriate DRP (disaster recovery plan) documents in front of their respective functions. Answer: 162 Explanation: The different types of DRP (disaster recovery plan) documents are as follows: Executive summary: It is a simple document which provides a high-level view of the entire organization's disaster recovery efforts. It is useful for the security managers and DRP leaders as well as public relations personnel who require a non-technical perspective on the disaster recovery effort. Department-specific plan: It helps the IT personnel in refreshing themselves on the disaster recovery procedures that affect various parts of the organization. Technical guide: It helps the IT personnel in getting the alternate sites up and running. Checklist: It helps critical disaster recovery team members in guiding their actions along with the chaotic atmosphere of a disaster. QUESTION: 241 Which of the following is the most secure method of authentication? A. Smart card B. Anonymous C. Username and password D. Biometrics Answer: D Explanation: Biometrics is a method of authentication that uses physical characteristics, such as fingerprints, scars, retinal patterns, and other forms of biophysical qualities to identify a user. Nowadays, the usage of biometric devices such as hand scanners and retinal scanners is becoming more common in the business environment. It is the most secure method of authentication. Answer option C is incorrect. Username and password is the least secure method of authentication in comparison of smart card and biometrics authentication. Username and password can be intercepted. Answer option A is incorrect. Smart card authentication is not as reliable as biometrics authentication. Answer option B is incorrect. Anonymous authentication does not provide security as a user can log on to the system anonymously and he is not prompted for credentials. QUESTION: 242 Which of the following are the phases of the Certification and Accreditation (C&A) process? Each correct answer represents a complete solution. Choose two. A. Detection B. Continuous Monitoring C. Initiation D. Auditing 163 Answer: C, B Explanation: The Certification and Accreditation (C&A) process consists of four distinct phases: 1.Initiation 2.Security Certification 3.Security Accreditation 4.Continuous Monitoring The C&A activities can be applied to an information system at appropriate phases in the system development life cycle by selectively tailoring the various tasks and subtasks. Answer options D and A are incorrect. Auditing and detection are not phases of the Certification and Accreditation process. QUESTION: 243 Which of the following cryptographic algorithm uses public key and private key to encrypt or decrypt data ? A. Asymmetric B. Hashing C. Numeric D. Symmetric Answer: A Explanation: Asymmetric algorithm uses two keys, public key and private key, to encrypt and decrypt data. QUESTION: 244 Sonya, a user, reports that she works in an electrically unstable environment where brownouts are a regular occurrence. Which of the following will you tell her to use to protect her computer? A. UPS B. Multimeter C. SMPS D. CMOS battery Answer: A Explanation: 164 UPS stands for Uninterruptible Power Supply. It is a device that provides uninterrupted electric power even after power failure. When a power failure occurs, the UPS is switched to the battery provided inside the device. It is used with computers, as power failure can cause loss of data, which has not been saved by a user. Answer option C is incorrect. Switch Mode Power Supply (SMPS) is a device that converts raw input power to controlled voltage and current for the operation of electronic equipment. SMPS uses switches for high efficiency. Answer option D is incorrect. Complimentary Metal Oxide Semiconductor (CMOS) is a chip installed on the motherboard, which stores the hardware configuration of a computer. QUESTION: 245 Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using? A. Risk acceptance B. Risk avoidance C. Risk transfer D. Risk mitigation Answer: C Explanation: Risk transfer is the practice of passing risk from one entity to another entity. In other words, if a company is covered under a liability insurance policy providing various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc., it means it has transferred its security risks to the insurance company. Answer option B is incorrect. Risk avoidance is the practice of not performing an activity that could carry risk. Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed. Answer option D is incorrect. Risk mitigation is the practice of reducing the severity of the loss or the likelihood of the loss from occurring. Answer option A is incorrect. Risk acceptance is the practice of accepting certain risk(s), typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way. QUESTION: 246 Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major goal of a disaster recovery plan is to provide an organized way to make decisions if a disruptive event occurs and asks for the other objectives of the DRP. If you are among some of the newly recruited personnel in SoftTech Inc, what 165 will be your answer for her question? Each correct answer represents a part of the solution. Choose three. A. Guarantee the reliability of standby systems through testing and simulation. B. Protect an organization from major computer services failure. C. Minimize the risk to the organization from delays in providing services. D. Maximize the decision-making required by personnel during a disaster. Answer: B, C, A Explanation: The goals of Disaster Recovery Plan include the following : It protects an organization from major computer services failure. It minimizes the risk to the organization from delays in providing services. It guarantees the reliability of standby systems through testing and simulation. It minimizes decision-making required by personnel during a disaster. QUESTION: 247 You work as a Network Consultant. A company named Tech Perfect Inc. hires you for security reasons. The manager of the company tells you to establish connectivity between clients and servers of the network which prevents eavesdropping and tampering of data on the Internet. Which of the following will you configure on the network to perform the given task? A. WEP B. IPsec C. VPN D. SSL Answer: D Explanation: In order to perform the given task, you will have to configure the SSL protocol on the network. Secure Sockets Layer (SSL) is a protocol used to transmit private documents via the Internet. SSL uses a combination of public key and symmetric encryption to provide communication privacy, authentication, and message integrity. Using the SSL protocol, clients and servers can communicate in a way that prevents eavesdropping and tampering of data on the Internet. Many Web sites use the SSL protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:. By default, SSL uses port 443 for secured communication. Answer option B is incorrect. Internet Protocol Security 166 (IPSec) is a method of securing data. It secures traffic by using encryption and digital signing. It enhances the security of data as if an IPSec packet is captured, its contents cannot be read. IPSec also provides sender verification that ensures the certainty of the datagram's origin to the receiver. Answer option A is incorrect. Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security, which is equivalent to wired networks, for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. WEP incorporates a checksum in each frame to provide protection against the attacks that attempt to reveal the key stream. Answer option C is incorrect. VPN stands for virtual private network. It allows users to use the Internet as a secure pipeline to their corporate local area networks (LANs). Remote users can dial-in to any local Internet Service Provider (ISP) and initiate a VPN session to connect to their corporate LAN over the Internet. Companies using VPNs significantly reduce long- distance dial-up charges. VPNs also provide remote employees with an inexpensive way of remaining connected to their company's LAN for extended periods. QUESTION: 248 The security controls that are implemented to manage physical security are divided in various groups. Which of the following services are offered by the administrative physical security control group? Each correct answer represents a part of the solution. Choose all that apply. A. Construction and selection B. Site management C. Awareness training D. Access control E. Intrusion detection F:Personnel control Answer: A, B, F, C Explanation: The administrative physical security control group offers the following services: Construction and selection Site management Personnel control Awareness training Emergency response and procedure Answer options E and D are incorrect. Intrusion detection and access control are offered by the technical physical security control group. QUESTION: 249 Jasmine is creating a presentation. She wants to ensure the integrity and authenticity of the presentation. Which of the following will she use to accomplish the task? A. Mark as final B. Digital Signature 167 C. Restrict Permission D. Encrypt Document Answer: B Explanation: Digital signature uses the cryptography mechanism to ensure the integrity of a presentation. Digital signature is an authentication tool that is used to ensure the integrity and non-repudiation of a presentation. It is used to authenticate the presentation by using a cryptographic mechanism. The document for a digital signature can be a presentation, a message, or an email. 168 6$03/( 48(67,216 7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV .LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP $FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP ([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP 3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV *XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV 8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV 7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\ 'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU .LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG