Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. ISC
  3. CISSP-ISSAP

ISC CISSP-ISSAP Exam (page: 5)
ISC CISSP-ISSAP Information Systems Security Architecture Professional
Updated on: 15-Dec-2025

Viewing Page 5 of 50
CISSP-ISSAP PDF 241 Questions

Maria works as a Network Security Officer for Gentech Inc. She wants to encrypt her network traffic.

The specific requirement for the encryption algorithm is that it must be a symmetric key block cipher.
Which of the following techniques will she use to fulfill this requirement?

  1. IDEA
  2. PGP
  3. DES
  4. AES

Answer(s): C

Explanation:

The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976

and which has subsequently enjoyed widespread use internationally. It is based on a symmetric-key algorithm that uses a 56-bit key. The algorithm was initially controversial with classified design elements, a relatively short key length, and suspicions about a National Security Agency (NSA) backdoor. DES consequently came under intense academic scrutiny, which motivated the modern understanding of block ciphers and their cryptanalysis.



Which of the following protocols uses public-key cryptography to authenticate the remote computer?

  1. SSH
  2. Telnet
  3. SCP
  4. SSL

Answer(s): A

Explanation:

Secure Shell (SSH) is a protocol that provides strong authentication and secure communications over unsecured channels. It uses public key encryption as the main method for user authentication. SSH secures connections over the Internet by encrypting passwords and other data.
It also protects networks against IP spoofing, packet spoofing, password sniffing, and eavesdropping.
SSH uses TCP port 22 as the default port and operates at the application layer.
SSH protocol has the following three components:
1.Transport layer protocol
2.User authentication protocol
3.Connection protocol
Answer option C is incorrect. The SCP protocol sends data in encrypted format. It is used to prevent potential packet sniffers from extracting usable information from data packets. The protocol itself does not provide authentication and security; it relies on the underlying protocol,
SSH, to provide these features. SCP can interactively request any passwords or passphrases required to make a connection to a remote host,

unlike rcp that fails in this situation.
The SCP protocol implements file transfers only. It does so by connecting to the host using SSH and there executes an SCP server (scp). The
SCP server program is typically the same program as the SCP client. Answer option D is incorrect. Secure Sockets Layer (SSL), also known as Transport Layer Security (TLS) are cryptographic protocols that provide security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the
Transport Layer end-to-end. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport
Control Protocol (TCP) layers.
Answer option B is incorrect. The full form of Telnet is Teletype Network. It is used to connect a computer to a local network (LAN) or the
Internet. It can also be used for accessing servers by using a valid user name and password. It is a common way to control Web servers remotely.



Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?

  1. Authentication
  2. Non-repudiation
  3. Integrity
  4. Confidentiality

Answer(s): D

Explanation:

The confidentiality service of a cryptographic system ensures that information will not be disclosed to any unauthorized person on a local network.



Which of the following are the examples of technical controls? Each correct answer represents a complete solution. Choose three.

  1. Auditing
  2. Network acchitecture
  3. System access
  4. Data backups

Answer(s): A,B,C

Explanation:

The following are the examples of technical controls:
Network acchitecture

System access auditing



Which of the following tenets does the CIA triad provide for which security practices are measured? Each correct answer represents a part of the solution. Choose all that apply.

  1. Integrity
  2. Accountability
  3. Availability
  4. Confidentiality

Answer(s): A,C,D

Explanation:

The CIA triad provides the following three tenets for which security practices are measured:
Confidentiality: It is the property of preventing disclosure of information to unauthorized individuals or systems. Breaches of confidentiality take many forms. Permitting someone to look over your shoulder at your computer screen while you have confidential data displayed on it could be a breach of confidentiality. If a laptop computer containing sensitive information about a company's employees is stolen or sold, it could result in a breach of confidentiality. Integrity: It means that data cannot be modified without authorization. Integrity is violated when an employee accidentally or with malicious intent deletes important data files, when a computer virus infects a computer, when an employee is able to modify his own salary in a payroll database, when an unauthorized user vandalizes a web site, when someone is able to cast a very large number of votes in an online poll, and so on.
Availability: It means that data must be available at every time when it is needed.



Viewing Page 5 of 50



Share your comments for ISC CISSP-ISSAP exam with other users:

CiscoStudent 11/15/2023 5:29:00 AM

in question 272 the right answer states that an autonomous acces point is "configured and managed by the wlc" but this is not what i have learned in my ccna course. is this a mistake? i understand that lightweight aps are managed by wlc while autonomous work as standalones on the wlan.
Anonymous


pankaj 9/28/2023 4:36:00 AM

it was helpful
Anonymous


User123 10/8/2023 9:59:00 AM

good question
UNITED STATES


vinay 9/4/2023 10:23:00 AM

really nice
Anonymous


Usman 8/28/2023 10:07:00 AM

please i need dumps for isc2 cybersecuity
Anonymous


Q44 7/30/2023 11:50:00 AM

ans is coldline i think
UNITED STATES


Anuj 12/21/2023 1:30:00 PM

very helpful
Anonymous


Giri 9/13/2023 10:31:00 PM

can you please provide dumps so that it helps me more
UNITED STATES


Aaron 2/8/2023 12:10:00 AM

thank you for providing me with the updated question and answers. this version has all the questions from the exam. i just saw them in my exam this morning. i passed my exam today.
SOUTH AFRICA


Sarwar 12/21/2023 4:54:00 PM

how i can see exam questions?
CANADA


Chengchaone 9/11/2023 10:22:00 AM

can you please upload please?
Anonymous


Mouli 9/2/2023 7:02:00 AM

question 75: option c is correct answer
Anonymous


JugHead 9/27/2023 2:40:00 PM

please add this exam
Anonymous


sushant 6/28/2023 4:38:00 AM

please upoad
EUROPEAN UNION


John 8/7/2023 12:09:00 AM

has anyone recently attended safe 6.0 certification? is it the samq question from here.
Anonymous


Blessious Phiri 8/14/2023 3:49:00 PM

expository experience
Anonymous


concerned citizen 12/29/2023 11:31:00 AM

52 should be b&c. controller failure has nothing to do with this type of issue. degraded state tells us its a raid issue, and if the os is missing then the bootable device isnt found. the only other consideration could be data loss but thats somewhat broad whereas b&c show understanding of the specific issues the question is asking about.
UNITED STATES


deedee 12/23/2023 5:10:00 PM

great help!!!
UNITED STATES


Samir 8/1/2023 3:07:00 PM

very useful tools
UNITED STATES


Saeed 11/7/2023 3:14:00 AM

looks a good platform to prepare az-104
Anonymous


Matiullah 6/24/2023 7:37:00 AM

want to pass the exam
Anonymous


SN 9/5/2023 2:25:00 PM

good resource
UNITED STATES


Zoubeyr 9/8/2023 5:56:00 AM

question 11 : d
FRANCE


User 8/29/2023 3:24:00 AM

only the free dumps will be enough for pass, or have to purchase the premium one. please suggest.
Anonymous


CW 7/6/2023 7:37:00 PM

good questions. thanks.
Anonymous


Farooqi 11/21/2023 1:37:00 AM

good for practice.
INDIA


Isaac 10/28/2023 2:30:00 PM

great case study
UNITED STATES


Malviya 2/3/2023 9:10:00 AM

the questions in this exam dumps is valid. i passed my test last monday. i only whish they had their pricing in inr instead of usd. but it is still worth it.
INDIA


rsmyth 5/18/2023 12:44:00 PM

q40 the answer is not d, why are you giving incorrect answers? snapshot consolidation is used to merge the snapshot delta disk files to the vm base disk
IRELAND


Keny 6/23/2023 9:00:00 PM

thanks, very relevant
PERU


Muhammad Rawish Siddiqui 11/29/2023 12:14:00 PM

wrong answer. it is true not false.
SAUDI ARABIA


Josh 7/10/2023 1:54:00 PM

please i need the mo-100 questions
Anonymous


VINNY 6/2/2023 11:59:00 AM

very good use full
Anonymous


Andy 12/6/2023 5:56:00 AM

very valid questions
Anonymous