Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. ISC
  3. CISSP-ISSAP

ISC CISSP-ISSAP Exam (page: 4)
ISC CISSP-ISSAP Information Systems Security Architecture Professional
Updated on: 15-Dec-2025

Viewing Page 4 of 50
CISSP-ISSAP PDF 241 Questions

You want to implement a network topology that provides the best balance for regional topologies in terms of the number of virtual circuits, redundancy, and performance while establishing a WAN network.
Which of the following network topologies will you use to accomplish the task?

  1. Bus topology
  2. Fully meshed topology
  3. Star topology
  4. Partially meshed topology

Answer(s): D

Explanation:

According to the scenario, you want to implement a network topology that provides the best balance for regional topologies in terms of the number of virtual circuits, redundancy, and performance while establishing a WAN network.
Therefore, you will use the partially meshed topology. Since in the partially meshed topology, all nodes are not connected to each other, nonmeshed node communicates with another nonmeshed node by sending traffic through one of the fully connected routers. Answer option A is incorrect. This topology is not used for WAN networking. Answer option B is incorrect. In the fully meshed topology, every node has a direct path to one another. However, this topology has the following disadvantages:
It requires a large number of virtual circuits that are required for every connection between routers. Due to this approach, there will be a large number of packets and broadcast replications.
It increases routers' overhead.
Answer option D is incorrect. In the star topology, a single internetworking hub provides access from remote networks into the core router.
The star topology minimizes tariff costs. However, it has the following disadvantages:
If the central router fails, there will be no other backup. Since all traffic intended for the centralized resources goes through the central router, it becomes the bottleneck of overall performance for accessing the centralized resources.
The star topology is not scalable.



Which of the following protocols is an alternative to certificate revocation lists (CRL) and allows the authenticity of a certificate to be immediately verified?

  1. RSTP
  2. SKIP
  3. OCSP
  4. HTTP

Answer(s): C

Explanation:

The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 2560 and is on the Internet standards track. It was created as an alternative to certificate revocation lists (CRL),
specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI). The OCSP allows the authenticity of a certificate to be immediately verified.
Answer option A is incorrect. Rapid Spanning Tree Protocol (RSTP) is an evolution of the Spanning Tree Protocol, which provides for faster spanning tree convergence after a topology change. RSTP is also known as the IEEE 802.1w. It provides a loop-free switching environment.
Standard IEEE 802.1D-2004 incorporates RSTP and obsoletes STP.
While STP can take 30 to 50 seconds to respond to a topology change,
RSTP is typically able to respond to changes within 6 seconds. Answer option D is incorrect. Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port. Answer option B is incorrect. SKIP (Simple Key-Management for Internet Protocol) is developed by the IETF Security Working Group for the sharing of encryption keys. It is used to protect sessionless datagram protocols. SKIP works at Layer 3 of the OSI model. It integrates with the IPSec (Internet Protocol Security).



Which of the following does PEAP use to authenticate the user inside an encrypted tunnel? Each correct answer represents a complete solution. Choose two.

  1. GTC
  2. MS-CHAP v2
  3. AES
  4. RC4

Answer(s): A,B

Explanation:

PEAP uses only a server-side certificate. This certificate creates an encrypted tunnel in which the user is authenticated. PEAP (Protected EAP)
uses Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) or Generic Token Card (GTC) to authenticate the user inside an encrypted tunnel.



Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?

  1. Integrity
  2. Confidentiality
  3. Authentication
  4. Non-repudiation

Answer(s): D

Explanation:

Non-repudiation is a mechanism which proves that the sender really sent a message. It provides an evidence of the identity of the senderand message integrity. It also prevents a person from denying the submission or delivery of the message and the integrity of its contents.
Answer option C is incorrect. Authentication is a process of verifying the identity of a person or network host.
Answer option B is incorrect. Confidentiality ensures that no one can read a message except the intended receiver.
Answer option A is incorrect. Integrity assures the receiver that the received message has not been altered in any way from the original.



Adam works as a Security Analyst for Umbrella Inc. CEO of the company ordered him to implement two-factor authentication for the employees to access their networks. He has told him that he would like to use some type of hardware device in tandem with a security or identifying pin number. Adam decides to implement smart cards but they are not cost effective.
Which of the following types of hardware devices will Adam use to implement two-factor authentication?

  1. Biometric device
  2. One Time Password
  3. Proximity cards
  4. Security token

Answer(s): D

Explanation:

Security token can be a physical device that an authorized user of computer services is given to ease authentication. The term may also refer to software tokens. Security tokens are used to prove one's identity electronically (as in the case of a customer trying to access his bank account). The token is used in addition to or in place of a password to prove that the customer is who he claims to be. The token acts like an electronic key to access something.
Answer option A is incorrect. A biometric device is used for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. Biometrics is used as a form of identity access management and access control. It is also used to identify individuals in groups that are under surveillance. Biometric characteristics can be divided into two main classes:
1.Physiological: These devices are related to the shape of the body. But these are not limited to fingerprint, face recognition, DNA, hand and palm geometry, iris recognition, which has largely replaced retina, and odor/scent. 2.Behavioral: These are related to the behavior of a person. But they are not limited to typing rhythm, gait, and voice.
Answer option C is incorrect. Proximity card (or Prox Card) is a generic name for contactless integrated circuit devices used for security access or payment systems. It can refer to the older 125 kHz devices or the newer 13.56 MHz contactless RFID cards, most commonly known as contactless smartcards.
Modern proximity cards are covered by the ISO/IEC 14443 (Proximity Card) standard. There is also a related ISO/IEC 15693 (Vicinity
Card) standard. Proximity cards are powered by resonant energy transfer and have a range of 0-3 inches in most instances. The user will usually be able to leave the card inside a wallet or purse. The price of the cards is also low, usually US$2-$5, allowing them to be used in applications such as identification cards, keycards, payment cards and public transit fare cards.
Answer option B is incorrect. A one-time password (OTP) is a password that is only valid for a single login session or transaction. OTP
avoid a number of shortcomings that are associated with traditional (static) passwords. The most important shortcoming that is addressed by OTP is that, in contrast to static passwords, they are not vulnerable to replay attacks.
This means that, if a potential intruder manages to record an OTP that was already used to log into a service or to conduct a transaction, he will not be able to abuse it since it will be no longer valid. OTP cannot be memorized by human beings. Therefore they require additional technology in order to work.



Viewing Page 4 of 50



Share your comments for ISC CISSP-ISSAP exam with other users:

Ram 11/3/2023 5:10:00 AM

good content
Anonymous


Nagendra Pedipina 7/13/2023 2:12:00 AM

q:32 answer has to be option c
INDIA


Tamer Barakat 12/7/2023 5:17:00 PM

nice questions
Anonymous


Daryl 8/1/2022 11:33:00 PM

i really like the support team in this website. they are fast in communication and very helpful.
UNITED KINGDOM


Curtis Nakawaki 6/29/2023 9:13:00 PM

a good contemporary exam review
UNITED STATES


x-men 5/23/2023 1:02:00 AM

q23, its an array, isnt it? starts with [ and end with ]. its an array of objects, not object.
UNITED STATES


abuti 7/21/2023 6:24:00 PM

cool very helpfull
Anonymous


Krishneel 3/17/2023 10:34:00 AM

i just passed. this exam dumps is the same one from prepaway and examcollection. it has all the real test questions.
INDIA


Regor 12/4/2023 2:01:00 PM

is this a valid prince2 practitioner dumps?
UNITED KINGDOM


asl 9/14/2023 3:59:00 PM

all are relatable questions
CANADA


Siyya 1/19/2024 8:30:00 PM

might help me to prepare for the exam
Anonymous


Ted 6/21/2023 11:11:00 PM

just paid and downlaod the 2 exams using the 50% sale discount. so far i was able to download the pdf and the test engine. all looks good.
GERMANY


Paul K 11/27/2023 2:28:00 AM

i think it should be a,c. option d goes against the principle of building anything custom unless there are no work arounds available
INDIA


ph 6/16/2023 12:41:00 AM

very legible
Anonymous


sephs2001 7/31/2023 10:42:00 PM

is this exam accurate or helpful?
Anonymous


ash 7/11/2023 3:00:00 AM

please upload dump, i have exam in 2 days
INDIA


Sneha 8/17/2023 6:29:00 PM

this is useful
CANADA


sachin 12/27/2023 2:45:00 PM

question 232 answer should be perimeter not netowrk layer. wrong answer selected
Anonymous


tomAws 7/18/2023 5:05:00 AM

nice questions
BRAZIL


Rahul 6/11/2023 2:07:00 AM

hi team, could you please provide this dump ?
INDIA


TeamOraTech 12/5/2023 9:49:00 AM

very helpful to clear the exam and understand the concept.
Anonymous


Curtis 7/12/2023 8:20:00 PM

i think it is great that you are helping people when they need it. thanks.
UNITED STATES


sam 7/17/2023 6:22:00 PM

cannot evaluate yet
Anonymous


nutz 7/20/2023 1:54:00 AM

a laptops wireless antenna is most likely located in the bezel of the lid
UNITED STATES


rajesh soni 1/17/2024 6:53:00 AM

good examplae to learn basic
INDIA


Tanya 10/25/2023 7:07:00 AM

this is useful information
Anonymous


Nasir Mahmood 12/11/2023 7:32:00 AM

looks usefull
Anonymous


Jason 9/30/2023 1:07:00 PM

question 81 should be c.
CANADA


TestPD1 8/10/2023 12:22:00 PM

question 18 : response isnt a ?
EUROPEAN UNION


ally 8/19/2023 5:31:00 PM

plaese add questions
TURKEY


DIA 10/7/2023 5:59:00 AM

is dumps still valid ?
FRANCE


Annie 7/7/2023 8:33:00 AM

thanks for this
EUROPEAN UNION


arnie 9/17/2023 6:38:00 AM

please upload questions
Anonymous


Tanuj Rana 7/22/2023 2:33:00 AM

please upload the question dump for professional machinelearning
Anonymous