CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. ISSAP

Free ISSAP Exam Braindumps (page: 7)

Page 7 of 61
PDF with 241 Questions

Which of the following tenets does the CIA triad provide for which security practices are measured? Each correct answer represents a part of the solution. Choose all that apply.

  1. Integrity
  2. Accountability
  3. Availability
  4. Confidentiality

Answer(s): A,C,D

Explanation:

The CIA triad provides the following three tenets for which security practices are measured:
Confidentiality: It is the property of preventing disclosure of information to unauthorized individuals or systems. Breaches of confidentiality take many forms. Permitting someone to look over your shoulder at your computer screen while you have confidential data displayed on it could be a breach of confidentiality. If a laptop computer containing sensitive information about a company's employees is stolen or sold, it could result in a breach of confidentiality. Integrity: It means that data cannot be modified without authorization. Integrity is violated when an employee accidentally or with malicious intent deletes important data files, when a computer virus infects a computer, when an employee is able to modify his own salary in a payroll database, when an unauthorized user vandalizes a web site, when someone is able to cast a very large number of votes in an online poll, and so on.
Availability: It means that data must be available at every time when it is needed.



Which of the following types of attacks cannot be prevented by technical measures only?

  1. Social engineering
  2. Brute force
  3. Smurf DoS
  4. Ping flood attack

Answer(s): A

Explanation:

A social engineering attack is the art of convincing people to disclose useful information such as account names and passwords. This information is further exploited by a hacker to gain access to a user's computer or network. This method involves the ability of people to trick someone mentally rather than exploiting their technical skills. This type of attack cannot be prevented by technical measures only. A user should always distrust a person who asks him for his account name or password, computer name, IP

address, employee ID, or other information that can be misused.



Which of the following attacks can be overcome by applying cryptography?

  1. Web ripping
  2. DoS
  3. Sniffing
  4. Buffer overflow

Answer(s): C

Explanation:

If you send encrypted data packets, sniffers cannot read the data in the plaintext form.
Hence, this attack can be overcome by applying encryption. Majority of the network communications occur in unsecured format. This allows an attacker, who has gained access to data paths in your network, to interpret (read) data traffic. This eavesdropping on your communications is referred to as sniffing or snooping.
Answer option D is incorrect. Buffer overflow is a condition in which an application receives more data than it is configured to accept. It helps an attacker not only to execute a malicious code on the target system but also to install backdoors on the target system for further attacks.
All buffer overflow attacks are due to only sloppy programming or poor memory management by the application developers. The main types of buffer overflows are:
Stack overflow
Format string overflow
Heap overflow
Integer overflow
Answer option A is incorrect. Web ripping is a technique in which the attacker copies the whole structure of a Web site to the local disk and obtains all files of the Web site. Web ripping helps an attacker to trace the loopholes of the Web site. Answer option B is incorrect. A Denial-of-Service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network. It is also known as network saturation attack or bandwidth consumption attack. Attackers make Denial-of-Service attacks by sending a large number of protocol packets to a network.



Which of the following authentication methods prevents unauthorized execution of code on remote systems?

  1. TACACS
  2. S-RPC
  3. RADIUS
  4. CHAP

Answer(s): B

Explanation:

Secure RPC (Remote Procedure Call) is an authentication method used to authenticate the user and the host. It also prevents unauthorized execution of code on remote systems. S-RPC uses the Diffie-Hellman and DES mechanisms. It is required for the applications to have the NFS
and the NIS+ name service if they use Secure RPC.
Answer option C is incorrect. Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized access,
authorization and accounting management for people or computers to connect and use a network service.
When a person or device connects to a network often authentication is required. RADIUS is commonly used by ISPs and corporations managing access to the Internet or internal networks employing a variety of networking technologies, including modems, DSL, wireless and VPNs.
Answer option A is incorrect. Terminal Access Controller Access-Control System (TACACS) is a remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network. TACACS allows a client to accept a username and password and send a query to a TACACS authentication server, sometimes called a TACACS daemon. It uses UDP port 49 as the default port.
Answer option D is incorrect. Challenge Handshake Authentication Protocol (CHAP) is an authentication protocol that uses a secure form of encrypted authentication. Using CHAP, network dial-up connections are able to securely connect to almost all PPP servers.



Page 7 of 61



Post your Comments and Discuss ISC2 ISSAP exam with other Community members:

Terry commented on May 24, 2023
i can practice for exam
Anonymous
upvote

Rahul Kumar commented on August 31, 2023
need certification.
CANADA
upvote

Rahul Kumar commented on August 31, 2023
need certification.
CANADA
upvote

Terry commented on May 24, 2023
I can practice for exam
Anonymous
upvote