最新的CISSP Concentrations認證 CISSP-ISSAP考試題庫

問題1

Single Loss Expectancy (SLE) represents an organization's loss from a single threat. Which of the following formulas best describes the Single Loss Expectancy (SLE)?

A. SLE = Asset Value (AV) * Annualized Rate of Occurrence (ARO)

B. SLE = Annualized Loss Expectancy (ALE) * Annualized Rate of Occurrence (ARO)

C. SLE = Annualized Loss Expectancy (ALE) * Exposure Factor (EF)

D. SLE = Asset Value (AV) * Exposure Factor (EF)

正確答案: D

問題2

Which of the following encryption modes can make protocols without integrity protection even more susceptible to replay attacks, since each block gets decrypted in exactly the same way?

A. Electronic codebook mode

B. Cipher block chaining mode

C. Cipher feedback mode

D. Output feedback mode

正確答案: A

問題3

Which of the following protocols work at the Network layer of the OSI model?

A. File Transfer Protocol (FTP)

B. Simple Network Management Protocol (SNMP)

C. Internet Group Management Protocol (IGMP)

D. Routing Information Protocol (RIP)

正確答案: C,D

問題4

Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major goal of a disaster recovery plan is to provide an organized way to make decisions if a disruptive event occurs and asks for the other objectives of the DRP. If you are among some of the newly recruited personnel in SoftTech Inc, what will be your answer for her question? Each correct answer represents a part of the solution. Choose three.

A. Guarantee the reliability of standby systems through testing and simulation.

B. Protect an organization from major computer services failure.

C. Maximize the decision-making required by personnel during a disaster.

D. Minimize the risk to the organization from delays in providing services.

正確答案: A,B,D

問題5

You are the administrator for YupNo.com. You want to increase and enhance the security of your computers and simplify deployment. You are especially concerned with any portable computers that are used by remote employees. What can you use to increase security, while still allowing your users to perform critical tasks?

A. Smart Cards

B. Service Accounts

C. BitLocker

D. AppLocker

正確答案: A

問題6

Which of the following attacks can be overcome by applying cryptography?

A. DoS

B. Sniffing

C. Buffer overflow

D. Web ripping

正確答案: B

問題7

Fill in the blank with the appropriate phrase. The is a simple document that provides a high-level view of the entire organization's disaster recovery efforts.

A. Executive summary

正確答案: A

問題8

You are calculating the Annualized Loss Expectancy (ALE) using the following formula: ALE=AV * EF * ARO What information does the AV (Asset Value) convey?

A. It represents how many times per year a specific threat occurs.

B. It represents the percentage of loss that an asset experiences if an anticipated threat occurs.

C. It represents the total cost of an asset, including the purchase price, recurring maintenance, expenses, and all other costs.

D. It is expected loss for an asset due to a risk over a one year period.

正確答案: C

問題9

Which of the following is the most secure method of authentication?

A. Anonymous

B. Username and password

C. Smart card

D. Biometrics

正確答案: D

問題10

You work as a Network Administrator for company Inc. The company has deployed an ASA at the network perimeter. Which of the following types of firewall will you use to create two different communications, one between the client and the firewall, and the other between the firewall and the end server?

A. Endian firewall

B. Stateful firewall

C. Proxy-based firewall

D. Packet filter firewall

正確答案: C

問題11

Which of the following types of firewall functions at the Session layer of OSI model?

A. Switch-level firewall

B. Circuit-level firewall

C. Packet filtering firewall

D. Application-level firewall

正確答案: B

問題12

In which of the following SDLC phases are the software and other components of the system faithfully incorporated into the design specifications?

A. Programming and training

B. Definition

C. Evaluation and acceptance

D. Initiation

正確答案: A

問題13

Which of the following algorithms is found to be suitable for both digital signature and encryption?

A. AES

B. RSA

C. MD5

D. SHA-1

正確答案: B

問題14

Which of the following techniques can be used by an administrator while working with the symmetric encryption cryptography? Each correct answer represents a complete solution. Choose all that apply.

A. Message Authentication Code

B. Stream cipher

C. Block cipher

D. Transposition cipher

正確答案: A,B,C

最新的ISC CISSP-ISSAP - Information Systems Security Architecture Professional - CISSP-ISSAP免費考試真題

最新更新

站內鏈接

聯系我們