CISSP-ISSAP Exam Prep Free – 50 Practice Questions to Get You Ready for Exam Day
Getting ready for the CISSP-ISSAP certification? Our CISSP-ISSAP Exam Prep Free resource includes 50 exam-style questions designed to help you practice effectively and feel confident on test day
Effective CISSP-ISSAP exam prep free is the key to success. With our free practice questions, you can:
- Get familiar with exam format and question style
- Identify which topics you’ve mastered—and which need more review
- Boost your confidence and reduce exam anxiety
Below, you will find 50 realistic CISSP-ISSAP Exam Prep Free questions that cover key exam topics. These questions are designed to reflect the structure and challenge level of the actual exam, making them perfect for your study routine.
Which of the following refers to a location away from the computer center where document copies and backup media are kept?
A. Storage Area network
B. Off-site storage
C. On-site storage
D. Network attached storage
Which of the following attacks can be overcome by applying cryptography?
A. Web ripping
B. DoS
C. Sniffing
D. Buffer overflow
You work as a Network Consultant. A company named Tech Perfect Inc. hires you for security reasons. The manager of the company tells you to establish connectivity between clients and servers of the network which prevents eavesdropping and tampering of data on the Internet. Which of the following will you configure on the network to perform the given task?
A. WEP
B. IPsec
C. VPN
D. SSL
You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries. But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be involved in resolving this process and find a solution? Each correct answer represents a part of the solution. Choose all that apply.
A. Identification
B. Eradication
C. Recovery
D. Contamination
E. Preparation
Which of the following protocols is used to compare two values calculated using the Message Digest (MD5) hashing function?
A. CHAP
B. PEAP
C. EAP
D. EAP-TLS
Computer networks and the Internet are the prime mode of Information transfer today. Which of the following is a technique used for modifying messages, providing Information and Cyber security, and reducing the risk of hacking attacks during communications and message passing over the Internet?
A. Risk analysis
B. Firewall security
C. Cryptography
D. OODA loop
You have just set up a wireless network for customers at a coffee shop. Which of the following are good security measures to implement? Each correct answer represents a complete solution. Choose two.
A. MAC filtering the router
B. Not broadcasting SSID
C. Using WEP encryption
D. Using WPA encryption
You work as a Chief Security Officer for Tech Perfect Inc. The company has a TCP/IP based network. You want to use a firewall that can track the state of active connections of the network and then determine which network packets are allowed to enter through the firewall. Which of the following firewalls has this feature?
A. Stateful packet inspection firewall
B. Proxy-based firewall
C. Dynamic packet-filtering firewall
D. Application gateway firewall
Which of the following security protocols provides confidentiality, integrity, and authentication of network traffic with end-to-end and intermediate-hop security?
A. IPSec
B. SET
C. SWIPE
D. SKIP
Which of the following devices is a least expensive power protection device for filtering the electrical stream to control power surges, noise, power sags, and power spikes?
A. Line Conditioner
B. Surge Suppressor
C. Uninterrupted Power Supply (UPS)
D. Expansion Bus
Andrew works as a Network Administrator for Infonet Inc. The company's network has a Web server that hosts the company's Web site. Andrew wants to increase the security of the Web site by implementing Secure Sockets Layer (SSL). Which of the following types of encryption does SSL use? Each correct answer represents a complete solution. Choose two.
A. Synchronous
B. Secret
C. Asymmetric
D. Symmetric
Which of the following are man-made threats that an organization faces? Each correct answer represents a complete solution. Choose three.
A. Theft
B. Employee errors
C. Strikes
D. Frauds
Which of the following methods for identifying appropriate BIA interviewees' includes examining the organizational chart of the enterprise to understand the functional positions?
A. Executive management interviews
B. Overlaying system technology
C. Organizational chart reviews
D. Organizational process models
Which of the following is a method for transforming a message into a masked form, together with a way of undoing the transformation to recover the message?
A. Cipher
B. CrypTool
C. Steganography
D. MIME
In which of the following phases of the SDLC does the software and other components of the system faithfully incorporate the design specifications and provide proper documentation and training?
A. Initiation
B. Programming and training
C. Design
D. Evaluation and acceptance
Which of the following is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in business continuity?
A. RCO
B. RTO
C. RPO
D. RTA
You work as a Network Administrator for NetTech Inc. The company wants to encrypt its e-mails. Which of the following will you use to accomplish this?
A. PGP
B. PPTP
C. IPSec
D. NTFS
You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process to handle the events and incidents. You identify Denial of Service attack (DOS) from a network linked to your internal enterprise network. Which of the following phases of the Incident handling process should you follow next to handle this incident?
A. Containment
B. Preparation
C. Recovery
D. Identification
Which of the following does PEAP use to authenticate the user inside an encrypted tunnel? Each correct answer represents a complete solution. Choose two.
A. GTC
B. MS-CHAP v2
C. AES
D. RC4
Which of the following security architectures defines how to integrate widely disparate applications for a world that is Web-based and uses multiple implementation platforms?
A. Sherwood Applied Business Security Architecture
B. Service-oriented modeling and architecture
C. Enterprise architecture
D. Service-oriented architecture
You work as a Network Administrator for McNeil Inc. The company has a TCP/IP-based network. Performance of the network is slow because of heavy traffic. A hub is used as a central connecting device in the network. Which of the following devices can be used in place of a hub to control the network traffic efficiently?
A. Repeater
B. Bridge
C. Switch
D. Router
You have been assigned the task of selecting a hash algorithm. The algorithm will be specifically used to ensure the integrity of certain sensitive files. It must use a 128 bit hash value. Which of the following should you use?
A. AES
B. SHA
C. MD5
D. DES
You are the Network Administrator for a small business. You need a widely used, but highly secure hashing algorithm. Which of the following should you choose?
A. AES
B. SHA
C. EAP
D. CRC32
Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS) to encrypt the data stored on a disk on a file-by-file basis?
A. Twofish
B. Digital certificates
C. Public key
D. RSA
You are responsible for a Microsoft based network. Your servers are all clustered. Which of the following are the likely reasons for the clustering? Each correct answer represents a complete solution. Choose two.
A. Reduce power consumption
B. Ease of maintenance
C. Failover
D. Load balancing
Which of the following encryption modes has the property to allow many error correcting codes to function normally even when applied before encryption?
A. OFB mode
B. CFB mode
C. CBC mode
D. PCBC mode
Which of the following should the administrator ensure during the test of a disaster recovery plan?
A. Ensure that the plan works properly
B. Ensure that all the servers in the organization are shut down.
C. Ensure that each member of the disaster recovery team is aware of their responsibility.
D. Ensure that all client computers in the organization are shut down.
Which of the following is a correct sequence of different layers of Open System Interconnection (OSI) model?
A. Physical layer, data link layer, network layer, transport layer, presentation layer, session layer, and application layer
B. Physical layer, network layer, transport layer, data link layer, session layer, presentation layer, and application layer
C. application layer, presentation layer, network layer, transport layer, session layer, data link layer, and physical layer
D. Physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer
Which of the following protocols is an alternative to certificate revocation lists (CRL) and allows the authenticity of a certificate to be immediately verified?
A. RSTP
B. SKIP
C. OCSP
D. HTTP
An access control secures the confidentiality, integrity, and availability of the information and data of an organization. In which of the following categories can you deploy the access control? Each correct answer represents a part of the solution. Choose all that apply.
A. Detective access control
B. Corrective access control
C. Administrative access control
D. Preventive access control
Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?
A. Authentication
B. Non-repudiation
C. Integrity
D. Confidentiality
Which of the following protocols supports encapsulation of encrypted packets in secure wrappers that can be transmitted over a TCP/IP connection?
A. PPTP
B. UDP
C. IPSec
D. PAP
You work as a Network Administrator for McRoberts Inc. You are expanding your company's network. After you have implemented the network, you test the connectivity to a remote host by using the PING command. You get the ICMP echo reply message from the remote host. Which of the following layers of the OSI model are tested through this process? Each correct answer represents a complete solution. Choose all that apply.
A. Layer 3
B. Layer 2
C. Layer 4
D. Layer 1
Sam is creating an e-commerce site. He wants a simple security solution that does not require each customer to have an individual key. Which of the following encryption methods will he use?
A. Asymmetric encryption
B. Symmetric encryption
C. S/MIME
D. PGP
Which of the following layers of the OSI model corresponds to the Host-to-Host layer of the TCP/IP model?
A. The transport layer
B. The presentation layer
C. The session layer
D. The application layer
Which of the following techniques can be used by an administrator while working with the symmetric encryption cryptography? Each correct answer represents a complete solution. Choose all that apply.
A. Block cipher
B. Stream cipher
C. Transposition cipher
D. Message Authentication Code
Which of the following protocols provides certificate-based authentication for virtual private networks (VPNs)?
A. PPTP
B. SMTP
C. HTTPS
D. L2TP
You work as a Network Administrator for NetTech Inc. You want to have secure communication on the company's intranet. You decide to use public key and private key pairs. What will you implement to accomplish this?
A. Microsoft Internet Information Server (IIS)
B. VPN
C. FTP server
D. Certificate server
A user is sending a large number of protocol packets to a network in order to saturate its resources and to disrupt connections to prevent communications between services. Which type of attack is this?
A. Denial-of-Service attack
B. Vulnerability attack
C. Social Engineering attack
D. Impersonation attack
In which of the following network topologies does the data travel around a loop in a single direction and pass through each device?
A. Ring topology
B. Tree topology
C. Star topology
D. Mesh topology
Which of the following electrical events shows a sudden drop of power source that can cause a wide variety of problems on a PC or a network?
A. Blackout
B. Power spike
C. Power sag
D. Power surge
John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?
A. Email spoofing
B. Social engineering
C. Web ripping
D. Steganography
Which of the following protocols uses the Internet key Exchange (IKE) protocol to set up security associations (SA)?
A. IPSec
B. L2TP
C. LEAP
D. ISAKMP
Which of the following are types of access control attacks? Each correct answer represents a complete solution. Choose all that apply.
A. Dictionary attack
B. Mail bombing
C. Spoofing
D. Brute force attack
Which of the following keys are included in a certificate revocation list (CRL) of a public key infrastructure (PKI)? Each correct answer represents a complete solution. Choose two.
A. A foreign key
B. A private key
C. A public key
D. A primary key
In which of the following cryptographic attacking techniques does an attacker obtain encrypted messages that have been encrypted using the same encryption algorithm?
A. Chosen plaintext attack
B. Ciphertext only attack
C. Chosen ciphertext attack
D. Known plaintext attack
You are responsible for security at a building that has a lot of traffic. There are even a significant number of non-employees coming in and out of the building. You are concerned about being able to find out who is in the building at a particular time. What is the simplest way to accomplish this?
A. Implement a sign in sheet at the main entrance and route all traffic through there.
B. Have all people entering the building use smart cards for access.
C. Implement biometric access.
D. Implement cameras at all entrances.
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. John notices that the We-are- secure network is vulnerable to a man-in-the-middle attack since the key exchange process of the cryptographic algorithm it is using does not thenticate participants. Which of the following cryptographic algorithms is being used by the We-are-secure server?
A. Blowfish
B. Twofish
C. RSA
D. Diffie-Hellman
Which of the following protocols work at the Network layer of the OSI model?
A. Routing Information Protocol (RIP)
B. File Transfer Protocol (FTP)
C. Simple Network Management Protocol (SNMP)
D. Internet Group Management Protocol (IGMP)
You are the administrator for YupNo.com. You want to increase and enhance the security of your computers and simplify deployment. You are especially concerned with any portable computers that are used by remote employees. What can you use to increase security, while still allowing your users to perform critical tasks?
A. BitLocker
B. Smart Cards
C. Service Accounts
D. AppLocker
Access Full CISSP-ISSAP Exam Prep Free
Want to go beyond these 50 questions? Click here to unlock a full set of CISSP-ISSAP exam prep free questions covering every domain tested on the exam.
We continuously update our content to ensure you have the most current and effective prep materials.
Good luck with your CISSP-ISSAP certification journey!