Information Systems Security Architecture Professional (CISSP – ISSAP) Interview Questions
A CISSP who specializes in designing security solutions and providing risk-based guidance to management to meet organizational goals is known as an Information Systems Security Architecture Professional (ISSAP). CISSP – ISSAP | Information Systems Security Architecture Professional aids in the alignment of security solutions within the context of the organization (e.g., vision, mission, strategy, policies, requirements, change, and external factors).
If the candidate is a chief security architect or analyst, the CISSP-ISSAP is an appropriate credential. The candidate is typically employed as an independent consultant or in a similar capacity. Candidates for the position of architect play an important role in the information security department. Their responsibilities fall between the C-suite and upper management levels, and they are in charge of implementing the security program. Although the role is closely related to technology, it could be closer to the consultative and analytical process of information security. To help you prepare for Information Systems Security Architecture Professional (CISSP – ISSAP) interview, we curated expert level questions and answers:
1. What is the distinction between IDS and IPS?
IDS stands for Intrusion Detection System, and it only detects intrusions; the administrator is responsible for preventing the intrusion. In contrast, in an IPS, or Intrusion Prevention System, the system detects the intrusion and takes action to prevent it.
2. What distinguishes encryption from hashing?
Encryption and hashing are both methods for converting readable data into an unreadable format. The difference is that encrypted data can be decrypted and converted back to original data, whereas hashed data cannot be decrypted and converted back to original data.
3. What is a firewall and why do we need one?
A firewall is a network security system that monitors and controls network traffic at the system/perimeter. network’s Firewalls are primarily used to protect the system/network from viruses, worms, malware, and other malicious software. Firewalls can also be used to prevent unauthorized remote access and content filtering.
4. What are the response codes that a Web Application can provide?
- 1xx – Responses that provide information
- 2xx – Achievement
- 3xx – Reorientation
- 4xx – Client-side flaw
- 5xx – Error on the server
5. What exactly is a traceroute?
Traceroute is a program that displays the path of a packet. It lists all of the points (mostly routers) through which the packet passes. This is mostly used when a packet fails to reach its destination. Traceroute is used to determine where the connection stops or breaks in order to pinpoint the point of failure.
6. What’s the distinction between HIDS and NIDS?
Both HIDS (Host IDS) and NIDS (Network IDS) are Intrusion Detection Systems that serve the same purpose: to detect intrusions. The only difference is that the HIDS is configured on a specific host/device. It monitors the traffic of a specific device as well as suspicious system activities. NIDS, on the other hand, is network-based. It keeps track of internet traffic.
7. Explain a three-way handshake.
A three-way handshake is a method for establishing a connection between a host and a client in a TCP/IP network. A three-way handshake is so named because it is a three-step method in which the client and server exchange packets. The following are the three steps:
- The client sends an SYN (Synchronize) packet to the server to see if the server is up and running or if any ports are open.
- If the server has open ports, it sends an SYN-ACK packet to the client.
- The client responds by sending an ACK (Acknowledgement) packet back to the server.
8. Describe Data Leakage.
Data leakage is defined as the intentional or unintentional transmission of data from within an organization to an unauthorized external destination. It is the unauthorized disclosure of confidential information.
9. What exactly is port scanning?
Port scanning is a technique for identifying open ports and services on a host. Port scanning is used by hackers to find information that can be used to exploit vulnerabilities. Administrators use Port Scanning to validate the network’s security policies.
10. What are the OSI model’s various layers?
An OSI model is a model that describes how applications communicate over a network. The goal of an OSI reference is to guide vendors and developers so that digital communication products and software programs can communicate with one another.
11. How frequently should Patch management be performed?
Patch management should begin as soon as the patch is made available. When a patch for Windows is released, it should be applied to all machines within one month. The same is true for network devices; patch them as soon as they are released. Patch management should be done correctly.
12. How would you reset a BIOS configuration that has been password-protected?
Since BIOS is a pre-boot system, it has its own mechanism for storing settings and preferences. A simple way to reset is to remove the CMOS battery, which causes the memory storing the settings to lose power and, as a result, lose its setting.
13. Explain the MITM attack and how to avoid it.
A MITM (Man-in-the-Middle) attack occurs when a hacker inserts himself between two parties’ communications in order to steal information. Assume A and B are communicating with one another. The hacker then joins the conversation. He pretends to be party B to A and pretends to be party A in front of B. Data is sent to the hacker from both parties, and the hacker redirects the data to the destination party after stealing the required data. While the two parties believe they are communicating with each other, they are actually communicating with the hacker.
14. What exactly is an ARP, and how does it function?
- The Address Resolution Protocol (ARP) is a protocol used to map an Internet Protocol address (IP address) to a physical machine address that is recognised in the local network.
- When an incoming packet destined for a host machine on a specific local area network arrives at a gateway, the gateway instructs the ARP programme to look for a physical host or MAC address that matches the IP address.
- The ARP programme searches the ARP cache for the address and, if found, provides it so that the packet can be converted to the correct packet length and format and sent to the machine.
15. What exactly is LAN port blocking?
Port blocking is the practice of preventing users from accessing a set of services within a local area network. Stopping the source node from attempting to connect to the destination node via ports. Because the application operates on ports, ports are blocked to restrict access and plug security gaps in the network infrastructure.
16. Define botnet.
A botnet is a collection of internet-connected devices, each of which contains one or more bots. Bots on devices and malicious scripts are used to hack a victim. Botnets can be used to steal information, send spam, and launch DDOS attacks.
17. What are salted hashes?
Salt is a piece of random data. When a properly protected password system receives a new password, it generates a hash value of that password, as well as a random salt value, and stores the combined value in its database. This aids in the defense against dictionary and known hash attacks.
18. What is two-factor authentication (two-factor authentication) and how can it be used on public websites?
- “Multi-factor authentication” is an additional layer of security.
- Not only a password and username are required, but also something that only that user has on them, i.e. a piece of information that only they should know or have readily available – such as a physical token.
- Authenticator apps eliminate the need for a verification code via text, voice call, or email.
19. What is the distinction between data security in transit and data security at rest?
- Data protection at rest refers to the security of data while it is in storage. Attackers can gain access to this data if they gain physical or digital access to the storage device on which it is stored.
- Data protection in transit refers to the security of data sent across a network, such as to and from the internet.
- Both of these types of data can be safeguarded using security tools like firewalls and network access control. Both types of data should also be encrypted. If an attacker gains access, they will be unable to read the data unless the encryption is broken.
20. What is the remaining risk?
Residual risk is the risk that remains after the inherent risk has been mitigated. For example, a network’s residual risk could be the possibility of a hacker gaining access after a firewall and monitoring system have been installed. As long as the network, data, and/or devices exist, risk cannot be eliminated. It is up to an information security analyst to determine how much residual risk is acceptable given the resources available.
21. How do you prevent bad actors from accessing sensitive data indefinitely?
The only way to truly prevent attackers from obtaining data is to destroy it. This isn’t as simple as throwing a file away; in most cases, you must physically destroy the medium containing the data. Melting, shredding, overwriting old data with new data, and degaussing are all methods (waving a magnet over a device or disc to erase the magnetic field holding the information.)
22. What exactly is a phishing attack?
A phishing attack is a type of social engineering attack in which users are duped into disclosing sensitive information by clicking on malicious email links or attachments. This attack is used to spread malware as well as compromise networks.
23. How will you detect unauthorised network access?
Proper log monitoring to ensure that there is no evidence of unauthorized access. Servers can be set up to generate alerts for both successful and failed login attempts. Proper monitoring will ensure that unauthorized access is detected and response measures are implemented in a timely manner.
24. How important is internet security for a business?
The Internet is an untrusted network component that cannot be opened like a freeway. Blocking the internet is a solution, but it will impede work because most organizations will require the internet to function. The internet should be restricted in accordance with the company’s policies. Some websites may restrict access, for example, by blocking upload functionality to prevent data leakage. Monitoring internet logs can be done to ensure that the internet is used responsibly and not for personal gains, such as downloading movies.
25. What are the various types of firewalls, and what is the difference between them?
There are two types of firewalls in an organization: network firewalls and web application firewalls. A network firewall can protect against layer 3 attacks, whereas a web application can filter layer 7 traffic and prevent web application attacks.
26. In an organisation, how and who can classify data? Why is this required?
Data can be classified based on the document’s sensitivity. Data can be labeled as public, confidential, secret, top-secret, or in any other way that the organization deems appropriate. The document labels can then be used to determine how that will be handled and who will have access to it. Data classification is required to determine who has access to what information and how critical data is accessed, protected, and destroyed.
27. What is the distinction between BCP and DR?
BCP is an abbreviation for Business Continuity Planning, and DR is an abbreviation for Disaster Recovery. BCP is similar to an overarching umbrella that ensures the continuity of critical business services in the event of a disaster. DR, on the other hand, is IT-focused and ensures that critical IT services are protected. Other plans under BCP include COOP, migration plans, and so on.
28. What distinguishes a warm site from a hot site?
A hot site, like the primary site, is always operational. A hot site can also function as a load balancer. A warm site is not yet operational, but it is set up in such a way that it can be started quickly. The services must be initiated before operations can begin.
29. Which is preferable, symmetric or asymmetric encryption? And why is that?
They both have advantages and disadvantages. Symmetric encryption is faster, but the key exchange is a problem. Because of its slower encryption and decryption rates, asymmetric encryption is safe but not suitable for communication. Hybrid encryption, which employs both symmetric and asymmetric encryption techniques, is used in modern communication systems. Asymmetric encryption is used to share the keys, and then symmetric encryption is used to continue the communication.
30. What is the distinction between recovery time and recovery point objectives?
The recovery point objective (RPO) is the maximum time for which data will be lost, and the RTO is the maximum time the business can survive without services in the event of a disaster/incident.