Is the CISSP-ISSAP practice exam free?

Yes. ExamCademy offers all 235 CISSP-ISSAP practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the CISSP-ISSAP practice questions?

All CISSP-ISSAP questions are community-created and reviewed by moderators to align with ISC's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the CISSP-ISSAP exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official ISC documentation and hands-on experience for best results.

CISSP-ISSAP Practice Exam — Free 235+ Questions

235Practice Questions

3Study Modes

FreeTo Get Started

Topic:Sort:

Question 1

Infrastructure and System Security

Question 2

Infrastructure and System Security

Question 3

Infrastructure and System Security

Question 4

Infrastructure and System Security

Question 5

Infrastructure and System Security

Question 6

Infrastructure and System Security

Question 7

Infrastructure and System Security

Question 8

Infrastructure and System Security

Question 9

Identity and Access Management (IAM) Architecture

Question 10

Identity and Access Management (IAM) Architecture

Question 11

Infrastructure and System Security

Question 12

Infrastructure and System Security

Question 13

Infrastructure and System Security

Question 14

Infrastructure and System Security

Question 15

Infrastructure and System Security

Question 16

Infrastructure and System Security

Question 17

Identity and Access Management (IAM) Architecture

Question 18

Infrastructure and System Security

Question 19

Infrastructure and System Security

Question 20

Governance, Risk, and Compliance (GRC)

Question 21

Infrastructure and System Security

Question 22

Infrastructure and System Security

Question 23

Governance, Risk, and Compliance (GRC)

Question 24

Governance, Risk, and Compliance (GRC)

Question 25

Infrastructure and System Security

Page 1 of 10 • Questions 1-25 of 235

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Maria works as a Network Security Officer for Gentech Inc. She wants to encrypt her network traffic. The specific requirement for the encryption algorithm is that it must be a symmetric key block cipher. Which of the following techniques will she use to fulfill this requirement?

A IDEA
B PGP
C DES
D AES

Which of the following protocols uses public-key cryptography to authenticate the remote computer?

A SSH
B Telnet
C SCP
D SSL

Which of the following user authentications are supported by the SSH-1 protocol but not by the SSH-2 protocol? Each correct answer represents a complete solution. Choose all that apply.

A TIS authentication
B Rhosts (rsh-style) authentication
C Kerberos authentication
D Password-based authentication

You are responsible for a Microsoft based network. Your servers are all clustered. Which of the following are the likely reasons for the clustering? Each correct answer represents a complete solution. Choose two.

A Reduce power consumption
B Ease of maintenance
C Failover
D Load balancing

Which of the following types of halon is found in portable extinguishers and is stored as a liquid?

A Halon-f
B Halon 1301
C Halon 11
D Halon 1211

You work as a Network Administrator for NetTech Inc. The company wants to encrypt its e-mails. Which of the following will you use to accomplish this?

A PGP
B PPTP
C IPSec
D NTFS

Peter works as a Network Administrator for Net World Inc. The company wants to allow remote users to connect and access its private network through a dial-up connection via the Internet. All the data will be sent across a public network. For security reasons, the management wants the data sent through the Internet to be encrypted. The company plans to use a Layer 2 Tunneling Protocol (L2TP) connection. Which communication protocol will Peter use to accomplish the task?

A IP Security (IPSec)
B Microsoft Point-to-Point Encryption (MPPE)
C Pretty Good Privacy (PGP)
D Data Encryption Standard (DES)

Which of the following protocols multicasts messages and information among all member devices in an IP multicast group?

A ARP
B ICMP
C TCP
D IGMP

Which of the following security devices is presented to indicate some feat of service, a special accomplishment, a symbol of authority granted by taking an oath, a sign of legitimate employment or student status, or as a simple means of identification?

A Sensor
B Alarm
C Motion detector
D Badge

Which of the following is used to authenticate asymmetric keys?

A Digital signature
B MAC Address
C Demilitarized zone (DMZ)
D Password

IPsec VPN provides a high degree of data privacy by establishing trust points between communicating devices and data encryption. Which of the following encryption methods does IPsec VPN use? Each correct answer represents a complete solution. Choose two.

A MD5
B LEAP
C AES
D 3DES

A user is sending a large number of protocol packets to a network in order to saturate its resources and to disrupt connections to prevent communications between services. Which type of attack is this?

A Denial-of-Service attack
B Vulnerability attack
C Social Engineering attack
D Impersonation attack

Which of the following types of firewall functions at the Session layer of OSI model?

A Circuit-level firewall
B Application-level firewall
C Packet filtering firewall
D Switch-level firewall

Which of the following statements about a stream cipher are true? Each correct answer represents a complete solution. Choose three.

A It typically executes at a higher speed than a block cipher.
B It divides a message into blocks for processing.
C It typically executes at a slower speed than a block cipher.
D It divides a message into bits for processing.
E It is a symmetric key cipher.

Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?

A Social engineering attack
B Cross site scripting attack
C Mail bombing
D Password guessing attack

You are the Security Consultant advising a company on security methods. This is a highly secure location that deals with sensitive national defense related data.
They are very concerned about physical security as they had a breach last month. In that breach an individual had simply grabbed a laptop and ran out of the building. Which one of the following would have been most effective in preventing this?

A Not using laptops.
B Keeping all doors locked with a guard.
C Using a man-trap.
D A sign in log.

Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?

A Integrity
B Confidentiality
C Authentication
D Non-repudiation

Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?

A Authentication
B Non-repudiation
C Integrity
D Confidentiality

Which of the following tenets does the CIA triad provide for which security practices are measured? Each correct answer represents a part of the solution. Choose all that apply.

A Integrity
B Accountability
C Availability
D Confidentiality

Which of the following types of attacks cannot be prevented by technical measures only?

A Social engineering
B Brute force
C Smurf DoS
D Ping flood attack

Which of the following attacks can be overcome by applying cryptography?

A Web ripping
B DoS
C Sniffing
D Buffer overflow

Andrew works as a Network Administrator for Infonet Inc. The company's network has a Web server that hosts the company's Web site. Andrew wants to increase the security of the Web site by implementing Secure Sockets Layer (SSL). Which of the following types of encryption does SSL use? Each correct answer represents a complete solution. Choose two.

A Synchronous
B Secret
C Asymmetric
D Symmetric

Which of the following is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in business continuity?

A RCO
B RTO
C RPO
D RTA

You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process to handle the events and incidents. You identify Denial of
Service attack (DOS) from a network linked to your internal enterprise network. Which of the following phases of the Incident handling process should you follow next to handle this incident?

A Containment
B Preparation
C Recovery
D Identification

Which of the following protocols is used to compare two values calculated using the Message Digest (MD5) hashing function?

A CHAP
B PEAP
C EAP
D EAP-TLS

CISSP-ISSAPPreview

About the CISSP-ISSAP Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

CISSP-ISSAPPreview

About the CISSP-ISSAP Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25