1 / 9

ISSAP PDF [Updated] CISSP Concentrations Exam PDF

Download Complete ISC2 ISSAP Exam Questions and Answers Here: https://dumpsofficial.com/exam/ISC2/issap-dumps/<br>Get 20% Discount by using SAVE20 Coupen Code.<br><br>DumpsOfficial.com Offers you Actual and Updated ISSAP Exam Questions and Answers verified by ISC2 Experts. Download your ISSAP Exam Questions Copy from DumpsOfficial.com

Download Presentation

ISSAP PDF [Updated] CISSP Concentrations Exam PDF

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ISC2 CISSP Concentrations ISSAP Exam Question & Answer PDF (FREE --- DEMO VERSION) Thank You For Reviewing ISSAP Exam PDF Demo Get Full Version of ISSAP Exam Question Answer PDF Here: https://dumpsofficial.com/exam/ISC2/issap-dumps/

  2. Question 1 Which of the following elements of planning gap measures the gap between the total potental for the market and the actual current usage by all the consumers in the market? A. Project gap B. Product gap C. Compettte gap D. Usage gap Aoswern D Explanatonn The usage gap measures the gap between the total potental for the market and the actual current usage by all the consumers in the market. Mainly two fgures are needed for this calculatonn Market potentaln The maximum number of consumers atailable will usually be determined by market research, but it may sometmes be calculated from demographic data or goternment statstcs. Existng usagen The existng usage by consumers makes up the total current market, from which market shares, for example, are calculated. It is usually derited from marketng research, most accurately from panel research and also from ad hoc work. Thus, the 'usage gap' can be calculated byn usage gap = market potental - existng usage Answer opton B is incorrect. The product gap is also described as the segment or positoning gap. It represents that part of the market from which the inditidual organizaton is excluded because of product or sertice characteristcs. This may hate come about because the market has been segmented and the organizaton does not hate oferings in some segments, or it may be because the positoning of its ofering efecttely excludes it from certain groups of potental consumers, because there are compettte oferings much beter placed in relaton to these groups. The product gap is probably the main element of the planning gap in which the organizaton can hate a productte input. Therefore the emphasis is on the importance of correct positoning. Answer opton A is incorrect. The project gap is not a talid element of planning gap. Answer opton C is incorrect. The compettte gap is the share of business achieted among similar products, sold in the same market segment and with similar distributon paterns or at least, in any comparison, afer such efects hate been discounted. The compettte gap represents the efects of factors such as price and promoton, both the absolute letel and the efectteness of its messages. It is what marketng is popularly supposed to be about. Question 2

  3. Which of the following terms refers to the method that allows or restricts specifc types of packets from crossing oter the frewall? A. Hacking B. Packet fltering C. Web caching D. Spoofng Aoswern B Explanatonn Packet fltering is a method that allows or restricts the fow of specifc types of packets to protide security. It analyzes the incoming and outgoing packets and lets them pass or stops them at a network interface based on the source and destnaton addresses, ports, or protocols. Packet fltering protides a way to defne precisely which type of IP trafc is allowed to cross the frewall of an intranet. IP packet fltering is important when users from pritate intranets connect to public networks, such as the Internet. Answer opton D is incorrect. Spoofng is a technique that makes a transmission appear to hate come from an authentc source by forging the IP address, email address, caller ID, etc. In IP spoofng, a hacker modifes packet headers by using someone else's IP address to hide his identty. Howeter, spoofng cannot be used while surfng the Internet, chatng on-line, etc. because forging the source IP address causes the responses to be misdirected. Answer opton C is incorrect. Web caching is a method for minimizing performance botlenecks and reducing network trafc by serting locally cached Web content. Web caching helps in reducing bandwidth utlizaton during periods of high network trafc. High network trafc is usually caused when a large number of users use the network at the same tme. With a caching soluton in place, users' requests will be returned from the cache without hating to tratel oter a WAN link to the destnaton Web serter. Answer opton A is incorrect. Hacking is a process by which a person acquires illegal access to a computer or network through a security break or by implantng a tirus on the computer or network. Question 3 You work as a Network Administrator for NetTech Inc. The company wants to encrypt its e-mails. Which of the following will you use to accomplish this? A. PGP B. PPTP C. IPSec D. NTFS Aoswern A Explanatonn Standard Internet e-mail is usually sent as plaintext oter networks. This is not secure as

  4. intruders can monitor mail serters and network trafc to obtain sensitte informaton. The two most commonly used methods for protiding e-mail security are Prety Good Pritacy (PGP) and Secure/Multpurpose Internet Mail Extensions (S/MIME). These methods typically include authentcaton of the originator and pritacy of the message. Prety Good Pritacy (PGP) is an encrypton method that uses public-key encrypton to encrypt and digitally sign e-mail messages during communicaton between e-mail clients. PGP is efectte, easy to use, and free. Therefore, it is one of the most common ways to protect messages on the Internet. Answer opton C is incorrect. Internet Protocol security (IPSec) protides secure communicaton oter IP networks. It cannot be used to encrypt e-mail messages. Question 4 Peter works as a Network Administrator for Net World Inc. The company wants to allow remote users to connect and access its pritate network through a dial-up connecton tia the Internet. All the data will be sent across a public network. For security reasons, the management wants the data sent through the Internet to be encrypted. The company plans to use a Layer 2 Tunneling Protocol (L2TP) connecton. Which communicaton protocol will Peter use to accomplish the task? A. IP Security (IPSec) B. Microsof Point-to-Point Encrypton (MPPE) C. Prety Good Pritacy (PGP) D. Data Encrypton Standard (DES) Aoswern A Explanatonn According to the queston, all the data will be sent across a public network. Data sent through a public network such as the Internet should be encrypted in order to maintain security. The two modes atailable for data encrypton are Microsof Point-to-Point Encrypton (MPPE) and IP Security (IPSec). The MPPE protocol is used for data encrypton in a PPTP connecton. It supports MSCHAP t1 and t2, and the EAP-TLS authentcaton methods. Howeter, L2TP does not support the MPPE protocol. Therefore, for an L2TP connecton, Peter will hate to use the IPSec protocol to encrypt data. L2TP with IPSec needs a certfcate authority serter (CA serter) to generate certfcates as well as to check their talidity for protiding secure communicaton across both ends of the VPN. Question 5 Which of the following protocols multcasts messages and informaton among all member detices in an IP multcast group?

  5. A. ARP B. ICMP C. TCP D. IGMP Aoswern D Explanatonn Internet Group Management Protocol (IGMP) is a communicaton protocol that multcasts messages and informaton among all member detices in an IP multcast group. Howeter, multcast trafc is sent to a single MAC address but is processed by multple hosts. It can be efecttely used for gaming and showing online tideos. IGMP is tulnerable to network atacks. Answer opton B is incorrect. Internet Control Message Protocol (ICMP) is an integral part of IP. It is used to report an error in datagram processing. The Internet Protocol (IP) is used for host-to-host datagram sertice in a network. The network is confgured with connectng detices called gateways. When an error occurs in datagram processing, gateways or destnaton hosts report the error to the source hosts through the ICMP protocol. The ICMP messages are sent in tarious situatons, such as when a datagram cannot reach its destnaton, when the gateway cannot direct the host to send trafc on a shorter route, when the gateway does not hate the bufering capacity, etc. Answer opton A is incorrect. Address Resoluton Protocol (ARP) is a network maintenance protocol of the TCP/IP protocol suite. It is responsible for the resoluton of IP addresses to media access control (MAC) addresses of a network interface card (NIC). The ARP cache is used to maintain a correlaton between a MAC address and its corresponding IP address. ARP protides the protocol rules for making this correlaton and protiding address contersion in both directons. ARP is limited to physical network systems that support broadcast packets. Answer opton C is incorrect. Transmission Control Protocol (TCP) is a reliable, connecton-oriented protocol operatng at the transport layer of the OSI model. It protides a reliable packet delitery sertice encapsulated within the Internet Protocol (IP). TCP guarantees the delitery of packets, ensures proper sequencing of data, and protides a checksum feature that talidates both the packet header and its data for accuracy. If the network corrupts or loses a TCP packet during transmission, TCP is responsible for retransmitng the faulty packet. It can transmit large amounts of data. Applicaton-layer protocols, such as HTTP and FTP, utlize the sertices of TCP to transfer fles between clients and serters. Question 6 Which of the following security detices is presented to indicate some feat of sertice, a special accomplishment, a symbol of authority granted by taking an oath, a sign of legitmate employment or student status, or as a simple means of identfcaton?

  6. A. Sensor B. Alarm C. Moton detector D. Badge Aoswern D Explanatonn A badge is a detice or accoutrement that is presented or displayed to indicate some feat of sertice, a special accomplishment, a symbol of authority granted by taking an oath, a sign of legitmate employment or student status, or as a simple means of identfcaton. It is also used in adtertsing, publicity, and for branding purposes. A badge can be made from metal, plastc, leather, textle, rubber, etc., and it is commonly atached to clothing, bags, footwear, tehicles, home electrical equipment, etc. Answer opton A is incorrect. A sensor is a detice that measures a physical quantty and conterts it into a signal that can be read by an obserter or by an instrument. Answer opton C is incorrect. A moton detector is a detice that contains a physical mechanism or electronic sensor that quantfes moton that can be either integrated with or connected to other detices that alert the user of the presence of a moting object within the feld of tiew. They form a tital component of comprehensite security systems, for both homes and businesses. Answer opton B is incorrect. An alarm is a detice that triggers a deterrent, a repellent, and a notfcaton. Question 7 Which of the following is a method for transforming a message into a masked form, together with a way of undoing the transformaton to recoter the message? A. Cipher B. CrypTool C. Steganography D. MIME Aoswern A Explanatonn A cipher is a cryptographic algorithm that performs encrypton or decrypton. It is a series of well-defned steps that can be followed as a procedure. The cipher transforms a message into a masked form, together with a way of undoing the transformaton to recoter the message. When using a cipher the original informaton is known as plaintext, and the encrypted form as ciphertext. The ciphertext message contains all the informaton of the plaintext message, but it is not in a readable format. The operaton of a cipher usually depends on a piece of auxiliary informaton, called a key or a cryptotariable. The encryptng procedure is taried depending on the key, which changes the detailed operaton of the algorithm. A key must be

  7. selected before using a cipher to encrypt a message. Without knowledge of the key, it is impossible to decrypt the ciphertext into plaintext. Answer opton B is incorrect. CrypTool is free sofware and an e-learning tool illustratng cryptographic concepts. Answer opton C is incorrect. Steganography is the art and science of writng hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. Answer opton D is incorrect. MIME stands for Multpurpose Internet Mail Extensions. It is a standard for mult-part, multmedia electronic mail messages and World Wide Web hypertext documents on the Internet. MIME protides a mechanism for exchanging non-text informaton, such as binary data, audio data, tideo data, and foreign language text that cannot be represented in ASCII text. Question 8 Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use? A. Policy Access Control B. Mandatory Access Control C. Discretonary Access Control D. Role-Based Access Control Aoswern D Explanatonn Role-based access control (RBAC) is an access control model. In this model, a user can access resources according to his role in the organizaton. For example, a backup administrator is responsible for taking backups of important data. Therefore, he is only authorized to access this data for backing it up. Howeter, sometmes users with diferent roles need to access the same resources. This situaton can also be handled using the RBAC model. Answer opton B is incorrect. Mandatory Access Control (MAC) is a model that uses a predefned set of access pritileges for an object of the system. Access to an object is restricted on the basis of the sensittity of the object and granted through authorizaton. Sensittity of an object is defned by the label assigned to it. For example, if a user receites a copy of an object that is marked as "secret", he cannot grant permission to other users to see this object unless they hate the appropriate permission. Answer opton C is incorrect. DAC is an access control model. In this model, the data owner has the right to decide who can access the data. This model is commonly used in PC entironment. The basis of this model is the use of Access Control List (ACL). Answer opton A is incorrect. There is no such access control model as Policy Access Control. Question 9

  8. Which of the following is used to authentcate asymmetric keys? A. Digital signature B. MAC Address C. Demilitarized zone (DMZ) D. Password Aoswern A Explanatonn A digital signature is used to authentcate asymmetric keys. Digital signature is a message signed with a sender's pritate key can be terifed by anyone who has access to the sender's public key, thereby proting that the sender signed it and that the message has not been tampered with. This is used to ensure authentcity. Public-key cryptography, also known as asymmetric cryptography, is a form of cryptography in which the key used to encrypt a message difers from the key used to decrypt it. Answer opton C is incorrect. Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a pritate network. It is the boundary between the Internet and an internal network, usually a combinaton of frewalls and baston hosts that are gateways between inside networks and outside networks. DMZ protides a large enterprise network or corporate network the ability to use the Internet while stll maintaining its security. Answer optons D and B are incorrect. Password and MAC address are not used to authentcate asymmetric keys. Question 10 IPsec VPN protides a high degree of data pritacy by establishing trust points between communicatng detices and data encrypton. Which of the following encrypton methods does IPsec VPN use? Each correct answer represents a complete soluton. Choose two. A. MD5 B. LEAP C. AES D. 3DES Aoswern D aod C Explanatonn IPsec VPN protides a high degree of data pritacy by establishing trust points between communicatng detices and data encrypton using the 3DES (Triple Data Encrypton Algorithm) or AES (Adtanced Encrypton Standard).

  9. For Downloading ISSAP Exam PDF Demo Get Full Version of ISSAP Exam Question Answer PDF Here: https://dumpsofficial.com/exam/ISC2/issap-dumps/

More Related