CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. ISSAP

Free ISSAP Exam Braindumps

John works as a Programmer for We-are-secure Inc. On one of his routine visits to the company, he noted down the passwords of the employees while they were typing them on their computer screens.
Which of the following social engineering attacks did he just perform?

  1. Important user posing
  2. Shoulder surfing
  3. Dumpster diving
  4. Authorization by third party

Answer(s): B

Explanation:

In the given scenario, John was performing a shoulder surfing attack. Shoulder surfing is a type of in person attack in which an attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. An attacker can also gather information by looking at open documents on the employee's desk, posted notices on the notice boards, etc.
Answer option C is incorrect. John was not performing a dumpster diving attack. Dumpster diving is a term that refers to going through someone's trash to find out useful or confidential information. Dumpster divers check and separate items from commercial or residential trash to get any information they desire. This information may be used for identity theft and for breaking physical information security.
Answer option A is incorrect. John was not carrying out an Important user posing attack. In this attack, the attacker pretends to be an important member of the organization. These attacks work because there is a common belief that it is not good to question authority.
Answer option D is incorrect. John was not performing an Authorization by third party attack. In this attack, the attacker misleads the victim into believing that he has approval from a third party. Such types of attacks work because it is generally believed that most people are good and are being truthful about what they are saying.



Which of the following electrical events shows a sudden drop of power source that can cause a wide variety of problems on a PC or a network?

  1. Blackout
  2. Power spike
  3. Power sag
  4. Power surge

Answer(s): A

Explanation:

A blackout indicates a complete loss of PC's electrical source. It is an event that shows a sudden drop of power source that can cause a wide variety of problems on a PC or a network. A blackout is not a power failure over an entire area but it can be in a section or a part of a building,
city, or any other larger area. It is caused by electrical storms, traffic accidents in utility poles, or a total collapse of the power system due to demand overload.
Answer option D is incorrect. Power surge is a sharp increase in the voltage or an over voltage event.
It is a short and temporary increase in voltage on the power grid and it is like a rough wave. Different types of electrical disturbance such as lightning storm, distant lightning strikes,
or problems on the electrical power supply grid can cause the voltage to suddenly increase. Answer option B is incorrect. A power spike is a sudden isolated extremely high over voltage event on an electrical line. The primary cause of the power spike is lightning strikes. Lightning carries millions of volts, and if a home or office takes a direct hit, a PC along with other devices are likely to be heavily damaged. Direct striking is a rare event but a strike within a mile can create a sudden spike in the electrical current near the strike.



Which of the following is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in business continuity?

  1. RCO
  2. RTO
  3. RPO
  4. RTA

Answer(s): B

Explanation:

The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster or disruption in order to avoid unacceptable consequences associated with a break in business continuity. It includes the time for trying to fix the problem without a recovery, the recovery itself, tests and the communication to the users. Decision time for user representative is not included. The business continuity timeline usually runs parallel with an incident management timeline and may start at the same, or different, points.
In accepted business continuity planning methodology, the RTO is established during the Business Impact Analysis (BIA) by the owner of a process (usually in conjunction with the Business Continuity planner). The RTOs are then presented to senior management for acceptance.
The RTO attaches to the business process and not the resources required to support the process. Answer option D is incorrect. The Recovery Time Actual (RTA) is established during an exercise, actual event, or predetermined based on recovery methodology the technology support team develops. This is the time frame the technology support takes to deliver the recovered infrastructure to the business.
Answer option A is incorrect. The Recovery Consistency Objective (RCO) is used in Business Continuity Planning in addition to Recovery Point
Objective (RPO) and Recovery Time Objective (RTO). It applies data consistency objectives to Continuous Data Protection services.
Answer option C is incorrect. The Recovery Point Objective (RPO) describes the acceptable amount of data loss measured in time. It is the point in time to which data must be recovered as defined by the organization. The RPO is generally a definition of what an organization determines is an "acceptable loss" in a disaster situation. If the RPO of a company is 2 hours and the time it takes to get the data back into production is 5 hours, the RPO is still 2 hours. Based on this RPO the data must be restored to within 2 hours of the disaster.



You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process to handle the events and incidents. You identify Denial of Service attack (DOS) from a network linked to your internal enterprise network.
Which of the following phases of the Incident handling process should you follow next to handle this incident?

  1. Containment
  2. Preparation
  3. Recovery
  4. Identification

Answer(s): A

Explanation:

After the identification of the DOS attack, you need to disconnect the link to the network from which the attack is being performed. The
Containment phase should be followed until the eradication and recovery from the attack is done. The Containment phase of the Incident handling process is responsible for supporting and building up the incident combating process. It ensures the stability of the system and also confirms that the incident does not get any worse. The Containment phase includes the process of preventing further contamination of the system or network, and preserving the evidence of the contamination.

Answer option D is incorrect. The Identification phase of the Incident handling process is the stage at which the Incident handler evaluates the critical level of an incident for an enterprise or system. It is an important stage where the distinction between an event and an incident is determined, measured and tested.
Answer option C is incorrect. The Recovery phase of the Incident handling process is the stage at which the enterprise or the system is settled back to its balanced production state. It involves the quality assurance tests and re-evaluation of the system for the purpose of the system revival or recovery.
Answer option B is incorrect. The preparation phase of the Incident handling process is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise. Preparation is the phase of the Incident handling, which involves different processes that are as follows:
Establishing applicable policies
Building relationships with key players
Building a response kit
Establish communication plan
Creating incident checklists
Performing threat modeling
Building an incident response team






Post your Comments and Discuss ISC2 ISSAP exam with other Community members:

Terry commented on May 24, 2023
i can practice for exam
Anonymous
upvote

Rahul Kumar commented on August 31, 2023
need certification.
CANADA
upvote

Rahul Kumar commented on August 31, 2023
need certification.
CANADA
upvote

Terry commented on May 24, 2023
I can practice for exam
Anonymous
upvote