CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. ISSAP

Free ISSAP Exam Braindumps (page: 22)

Page 22 of 61
PDF with 241 Questions

Which of the following types of attacks is often performed by looking surreptitiously at the keyboard or monitor of an employee's computer?

  1. Buffer-overflow attack
  2. Man-in-the-middle attack
  3. Shoulder surfing attack
  4. Denial-of-Service (DoS) attack

Answer(s): C

Explanation:

The Shoulder surfing attack is often performed by looking surreptitiously at the keyboard or monitor of an employee's computer.
Shoulder surfing is a type of in person attack in which an attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard or monitor screen of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. An attacker can also gather information by looking at open documents on the employee's desk, posted notices on the notice boards, etc.
Answer option B is incorrect. Man-in-the-middle attacks occur when an attacker successfully inserts an intermediary software or program between two communicating hosts. The intermediary software or program allows attackers to listen to and modify the communication packets passing between the two hosts. The software intercepts the communication packets and then sends the information to the receiving host.
The receiving host responds to the software, presuming it to be the legitimate client. Answer option A is incorrect. A buffer-overflow attack is performed when a hacker fills a field, typically an address bar, with more characters than it can accommodate. The excess characters can be run as executable code, effectively giving the hacker control of the computer and overriding any security measures set.
Answer option D is incorrect. A Denial-of-Service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network. It is also known as network saturation attack or bandwidth consumption attack. Attackers make Denial-of-Service attacks by sending a large number of protocol packets to a network. A DoS attack can cause the following to occur:
Saturate network resources.
Disrupt connections between two computers, thereby preventing communications between services.
Disrupt services to a specific computer.

A SYN attack is a common DoS technique in which an attacker sends multiple SYN packets to a target computer. For each SYN packet received, the target computer allocates resources and sends an acknowledgement (SYN-ACK) to the source IP address. Since the target computer does not receive a response from the attacking computer, it attempts to resend the SYN-ACK. This leaves TCP ports in the half-open state.
When an attacker sends TCP SYNs repeatedly before the half-open connections are timed out, the target computer eventually runs out of resources and is unable to handle any more connections, thereby denying service to legitimate users.



Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major goal of a disaster recovery plan is to provide an organized way to make decisions if a disruptive event occurs and asks for the other objectives of the DRP.
If you are among some of the newly recruited personnel in SoftTech Inc, what will be your answer for her question?
Each correct answer represents a part of the solution. Choose three.

  1. Guarantee the reliability of standby systems through testing and simulation.
  2. Protect an organization from major computer services failure.
  3. Minimize the risk to the organization from delays in providing services.
  4. Maximize the decision-making required by personnel during a disaster.

Answer(s): A,B,C

Explanation:

The goals of Disaster Recovery Plan include the following :
It protects an organization from major computer services failure. It minimizes the risk to the organization from delays in providing services. It guarantees the reliability of standby systems through testing and simulation. It minimizes decision-making required by personnel during a disaster.



A digital signature is a type of public key cryptography.
Which of the following statements are true about digital signatures? Each correct answer represents a complete solution. Choose all that apply.

  1. In order to digitally sign an electronic record, a person must use his/her public key.
  2. In order to verify a digital signature, the signer's private key must be used.
  3. In order to digitally sign an electronic record, a person must use his/her private key.
  4. In order to verify a digital signature, the signer's public key must be used.

Answer(s): C,D

Explanation:

A digital signature is a type of public key cryptography. It is used for the following purposes:
To identify the person signing a document
To authenticate the identity of the sender of a message To digitally sign an electronic record by using one's private key To verify a digital signature by using the signer's public key



An authentication method uses smart cards as well as usernames and passwords for authentication.
Which of the following authentication methods is being referred to?

  1. Mutual
  2. Anonymous
  3. Multi-factor
  4. Biometrics

Answer(s): C

Explanation:

Multi-factor authentication involves a combination of multiple methods of authentication. For example, an authentication method that uses smart cards as well as usernames and passwords can be referred to as multi-factor authentication. Answer option A is incorrect. Mutual authentication is a process in which a client process and server are required to prove their identities to each other before performing any application function. The client and server identities can be verified through a trusted third party and use shared secrets as in the case of Kerberos v5. The MS-CHAP v2 and EAP-TLS authentication methods support mutual authentication.
Answer option B is incorrect. Anonymous authentication is an authentication method used for Internet communication. It provides limited access to specific public folders and directory information. It is supported by all clients and is used to access unsecured content in public folders. An administrator must create a user account in IIS to enable the user to connect anonymously.
Answer option D is incorrect. Biometrics authentication uses physical characteristics, such as fingerprints, scars, retinal patterns, and other forms of biophysical qualities to identify a user.



Page 22 of 61



Post your Comments and Discuss ISC2 ISSAP exam with other Community members:

Terry commented on May 24, 2023
i can practice for exam
Anonymous
upvote

Rahul Kumar commented on August 31, 2023
need certification.
CANADA
upvote

Rahul Kumar commented on August 31, 2023
need certification.
CANADA
upvote

Terry commented on May 24, 2023
I can practice for exam
Anonymous
upvote