Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. ISSAP

ISC2 ISSAP Exam Questions
ISC2 Information Systems Security Architecture Professional Exam (Page 3 )

Updated On: 21-Feb-2026
Page 3 of 50
PDF with 241 Questions

Which of the following security devices is presented to indicate some feat of service, a special accomplishment, a symbol of authority granted by taking an oath, a sign of legitimate employment or student status, or as a simple means of identification?

  1. Sensor
  2. Alarm
  3. Motion detector
  4. Badge

Answer(s): D

Explanation:

A badge is a device or accoutrement that is presented or displayed to indicate some feat of service, a special accomplishment, a symbol of authority granted by taking an oath, a sign of legitimate employment or student status, or as a simple means of identification. It is also used in advertising, publicity, and for branding purposes.
A badge can be made from metal, plastic, leather, textile, rubber, etc., and it is commonly attached to clothing, bags, footwear, vehicles, home electrical equipment, etc.
Answer option A is incorrect. A sensor is a device that measures a physical quantity and converts it into a signal that can be read by an observer or by an instrument.
Answer option C is incorrect. A motion detector is a device that contains a physical mechanism or electronic sensor that quantifies motion that can be either integrated with or connected to other devices that alert the user of the presence of a moving object within the field of view.
They form a vital component of comprehensive security systems, for both homes and businesses. Answer option B is incorrect. An alarm is a device that triggers a deterrent, a repellent, and a notification.



Which of the following is a method for transforming a message into a masked form, together with a way of undoing the transformation to recover the message?

  1. Cipher
  2. CrypTool
  3. Steganography
  4. MIME

Answer(s): A

Explanation:

A cipher is a cryptographic algorithm that performs encryption or decryption. It is a series of well-defined steps that can be followed as a procedure. The cipher transforms a message into a masked form, together with a way of undoing the transformation to recover the message.
When using a cipher the original information is known as plaintext, and the encrypted form as ciphertext. The ciphertext message contains all the information of the plaintext message, but it is not in a readable format. The operation of a cipher usually depends on a piece of auxiliary information, called a key or a cryptovariable. The encrypting procedure is varied depending on the key, which changes the detailed operation of the algorithm. A key must be selected before using a cipher to encrypt a message. Without knowledge of the key, it is impossible to decrypt the ciphertext into plaintext. Answer option B is incorrect. CrypTool is free software and an e-learning tool illustrating cryptographic concepts.
Answer option C is incorrect. Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.
Answer option D is incorrect. MIME stands for Multipurpose Internet Mail Extensions. It is a standard for multi-part, multimedia electronic mail messages and World Wide Web hypertext documents on the Internet. MIME provides a mechanism for exchanging non-text information, such as binary data, audio data, video data, and foreign language text that cannot be represented in ASCII text.



Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them.
Which of the following access control models will he use?

  1. Policy Access Control
  2. Mandatory Access Control
  3. Discretionary Access Control
  4. Role-Based Access Control

Answer(s): D

Explanation:

Role-based access control (RBAC) is an access control model. In this model, a user can access resources according to his role in the organization. For example, a backup administrator is responsible for taking backups of important data. Therefore, he is only authorized to access this data for backing it up. However, sometimes users with different roles need to access the same resources. This situation can also be handled using the RBAC model.
Answer option B is incorrect. Mandatory Access Control (MAC) is a model that uses a predefined set of access privileges for an object of the system. Access to an object is restricted on the basis of the sensitivity of the object and granted through authorization. Sensitivity of an object is defined by the label assigned to it. For example, if a user receives a copy of an object that is marked as "secret", he cannot grant permission to other users to see this object unless they have the appropriate permission. Answer option C is incorrect. DAC is an access control model. In this model, the data owner has the right to decide who can access the data.
This model is commonly used in PC environment. The basis of this model is the use of Access Control List (ACL).
Answer option A is incorrect. There is no such access control model as Policy Access Control.



Which of the following is used to authenticate asymmetric keys?

  1. Digital signature
  2. MAC Address
  3. Demilitarized zone (DMZ)
  4. Password

Answer(s): A

Explanation:

A digital signature is used to authenticate asymmetric keys. Digital signature is a message signed with a sender's private key can be verified by anyone who has access to the sender's public key,
thereby proving that the sender signed it and that the message has not been tampered with. This is used to ensure authenticity.
Public-key cryptography, also known as asymmetric cryptography, is a form of cryptography in which the key used to encrypt a message differs from the key used to decrypt it.
Answer option C is incorrect. Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a private network. It is the boundary between the Internet and an internal network, usually a combination of firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a large enterprise network or corporate network the ability to use the Internet while still maintaining its security.
Answer options D, B are incorrect. Password and MAC address are not used to authenticate asymmetric keys.



IPsec VPN provides a high degree of data privacy by establishing trust points between communicating devices and data encryption.
Which of the following encryption methods does IPsec VPN use?
Each correct answer represents a complete solution. Choose two.

  1. MD5
  2. LEAP
  3. AES
  4. 3DES

Answer(s): C,D

Explanation:

IPsec VPN provides a high degree of data privacy by establishing trust points between communicating devices and data encryption using the
3DES (Triple Data Encryption Algorithm) or AES (Advanced Encryption Standard).






Post your Comments and Discuss ISC2 ISSAP exam dumps with other Community members:

Join the ISSAP Discussion