Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. ISSAP

ISC2 ISSAP Exam
ISC2 Information Systems Security Architecture Professional Exam (Page 12 )

Updated On: 1-Feb-2026
Page 10 of 50
PDF with 241 Questions

You work as a Chief Security Officer for Tech Perfect Inc. The company has a TCP/IP based network. You want to use a firewall that can track the state of active connections of the network and then determine which network packets are allowed to enter through the firewall.
Which of the following firewalls has this feature?

  1. Stateful packet inspection firewall
  2. Proxy-based firewall
  3. Dynamic packet-filtering firewall
  4. Application gateway firewall

Answer(s): C

Explanation:

A dynamic packet-filtering firewall is a fourth generation firewall technology. It is also known as a stateful firewall. The dynamic packet-filtering firewall tracks the state of active connections and then determines which network packets are allowed to enter through the firewall. It records session information such as IP addresses and port numbers to implement a more secure network.
The dynamic packet-filtering firewall operates at Layer3, Layer4, and Layer5.
Answer option D is incorrect. An application gateway firewall applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose performance degradation. It allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer "control/data" protocols such as FTP, BitTorrent, SIP, RTSP, file transfer in IM applications, etc. It works on the application layer. Answer option A is incorrect. Stateful packet inspection (SPI) is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected.
Answer option B is incorrect. A proxy-based firewall running either on a dedicated hardware or as software on a general-purpose machine responds to input packets in the manner of an application, whilst blocking other packets. Proxies make tampering with an internal system from the external network more difficult and misuse of one internal system would not necessarily cause a security breach exploitable from outside the firewall. Conversely, intruders may hijack a publicly-reachable system and use it as a proxy for their own purposes; the proxy then masquerades as that system to other internal machines.
While use of internal address spaces enhances security, attackers may still employ methods such as IP spoofing to attempt to pass packets to a target network. The proxy firewall functions by maintaining two separate conversations, which are as follows:
One between the client and the firewall
One between the firewall and the end server



Fill in the blank with the appropriate security device. ___________ is a device that contains a physical mechanism or electronic sensor that quantifies motion that can be either integrated with or connected to other devices that alert the user of the presence of a moving object within the field of view.

  1. Motion detector

Answer(s): A

Explanation:

A motion detector is a device that contains a physical mechanism or electronic sensor that quantifies motion that can be either ntegrated with or connected to other devices that alert the user of the presence of a moving object within the field of view. They form a vital component of comprehensive security systems, for both homes and businesses.



Which of the following uses a Key Distribution Center (KDC) to authenticate a principle?

  1. CHAP
  2. PAP
  3. Kerberos
  4. TACACS

Answer(s): C

Explanation:

Kerberos uses a Key Distribution Center (KDC) to authenticate a principle. Kerberos is a computer network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos builds on symmetric key cryptography and requires a trusted third party. Kerberos uses as its basis the Needham-Schroeder protocol. It makes use of a trusted third party, termed a key distribution center (KDC), which consists of two logically separate parts:
Authentication Server (AS)
Ticket Granting Server (TGS)
Kerberos works on the basis of tickets, which serve to prove the identity of users. The KDC maintains a database of secret keys; each entity on the network, whether a client or a server, shares a secret key known only to itself and to the KDC.
Knowledge of this key serves to prove an entity's identity. For communication between two entities, the KDC generates a session key, which they can use to secure their interactions.
Answer option D is incorrect. Terminal Access Controller Access-Control System (TACACS) is a remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network. TACACS allows a client to accept a username and password and send a query to a TACACS authentication server, sometimes called a TACACS daemon. It uses UDP port 49 as the default port.
Answer option A is incorrect. Challenge Handshake Authentication Protocol (CHAP) is an authentication protocol that uses a secure form of encrypted authentication. Using CHAP, network dial-up connections are able to securely connect to almost all PPP servers.
Answer option B is incorrect. Password Authentication Protocol (PAP) is the least sophisticated authentication protocol, used mostly when a client calls a server running an operating system other than Windows. PAP uses plain text passwords.



Which of the following SDLC phases consists of the given security controls: Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases Generation

  1. Design
  2. Maintenance
  3. Deployment
  4. Requirements Gathering

Answer(s): A

Explanation:

The various security controls in the SDLC design phase are as follows:
Misuse Case Modeling: It is important that the inverse of the misuse cases be modeled to understand and address the security aspects of the software. The requirements traceability matrix can be used to track the misuse cases to the functionality of the software.
Security Design and Architecture Review: This control can be introduced when the teams are engaged in the "functional" design and architecture review of the software.
Threat and Risk Modeling: Threat modeling determines the attack surface of the software by examining its functionality for trust boundaries, data flow, entry points, and exit points. Risk modeling is performed by ranking the threats as they pertain to the users organization's business objectives, compliance and regulatory requirements and security exposures. Security Requirements and Test Cases Generation: All the above three security controls, i.e., Misuse Case Modeling, Security Design and Architecture Review, and Threat and Risk Modeling are used to produce the security requirements.



Which of the following is a network service that stores and organizes information about a network users and network resources and that allows administrators to manage users' access to the resources?

  1. SMTP service
  2. Terminal service
  3. Directory service
  4. DFS service

Answer(s): C

Explanation:

Directory service is a network service that stores and organizes information about a computer network's users and network resources, and that allows network administrators to manage users' access to the resources. It identifies all resources on a network and makes them accessible to users and applications. Directory service is physically distributed, logically centralized repository of data that is used to manage a directory. It provides rules-based access to the data stored within the directory. Answer option B is incorrect. Terminal Services provides multi-session environment that allows remote computers to access Windows-based programs running on a server.
Answer option A is incorrect. The Simple Mail Transport Protocol (SMTP) service is used for transferring e-mails between the intranet and the Internet.
Answer option D is incorrect. The Distributed File System (DFS) service is used to manage logical volumes distributed across a local or wide area network. It permits the linking of servers and shares into a simpler, more meaningful name space. Dfs provides improved load sharing and data availability.



Viewing page 12 of 50
Viewing questions 56 - 60 out of 241 questions



Post your Comments and Discuss ISC2 ISSAP exam prep with other Community members:

Join the ISSAP Discussion