Information Systems Security Architecture Professional (CISSP - ISSAP) Practice Exam
Information Systems Security Architecture Professional (CISSP - ISSAP) Practice Exam
4.5(126 ratings)
560 Learners
What’s Included
No. of Questions205
AccessImmediate
Access DurationLife Long Access
Exam DeliveryOnline
Test ModesPractice, Exam
Information Systems Security Architecture Professional (CISSP - ISSAP) Practice Exam
The Information Systems Security Architecture Professional (CISSP-ISSAP) certification acts as a bridge between the foundational knowledge of CISSP (Certified Information Systems Security Professional) and the specialized skills required for security architecture.
Who should consider this Certification:
Seasoned security professionals: Elevate your existing CISSP knowledge and specialize in security architecture.
Security architects and analysts: Validate your expertise in designing, implementing, and maintaining secure information systems.
IT professionals seeking career advancement: Demonstrate your commitment to specialized security architecture knowledge.
Key Roles and Responsibilities:
Design and implement secure information systems architectures: Translate business security requirements into technical design elements.
Select and integrate security controls: Choose appropriate security controls based on risk assessments and industry best practices.
Evaluate and test security architectures: Analyze security posture and identify vulnerabilities within the architecture.
Communicate security architecture decisions to stakeholders: Clearly explain technical concepts and security implications to non-technical audiences.
Stay up-to-date with evolving security threats and technologies: Continuously learn and apply new knowledge to maintain secure and resilient systems.
Prerequisites
To qualify for the ISSAP (Information Systems Security Architecture Professional) certification, candidates must meet one of the following criteria:
Be a CISSP in good standing and have at least two years of cumulative, full-time work experience in one or more of the four domains outlined in the current ISSAP Exam Outline.
OR
Have a minimum of seven years of cumulative, full-time work experience in two or more ISSAP domains. One year of this experience may be waived with a relevant bachelor’s or master’s degree in computer science, information technology, or a related field, or with an approved credential from the ISC2 list. Part-time work and internships may also be applied toward meeting the experience requirement, but only one year of experience can be waived.
Exam Details:
Question Format: 125 Multiple choice and advanced items
Time Limit: 3 hours
Languages: English
Passing Score: 700 out of 1000 points
Course Outline
Domain 1: Architect for Governance, Compliance and Risk Management
1.1 Determining legal, regulatory, organizational and industry requirements
Applicable information security standards and guidelines
Third-party and contractual obligations (e.g., supply chain, outsourcing, partners)
Applicable sensitive/personal data standards, guidelines, and privacy regulations
Resilient solutions
1.2 Architecting for governance, risk, and compliance (GRC)
Identify key assets, business objectives, and stakeholders
Design monitoring and reporting (e.g., vulnerability management, compliance audit)
Design for auditability (e.g., determine regulatory, legislative, forensic requirements, segregation, high assurance systems)
Frameworks (e.g., The Open Group Architecture Framework (TOGAF), Sherwood Applied Business Security Architecture (SABSA), service-oriented modeling framework)
Reference architectures and blueprints
Threat modeling frameworks (e.g., Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE), Common Vulnerability Scoring System (CVSS), threat intelligence)
Physical security control set (e.g., cameras, doors, system controllers)
Platform security (e.g., physical, virtual, container, firmware, operating system (OS))
Network security (e.g., wired/wireless, public/private, Internet of Things (IoT), management, firewalls, airgaps, software defined perimeters, virtual private network (VPN), Internet Protocol Security (IPsec), Network Access Control (NAC), Domain Name System (DNS), Network Time Protocol (NTP), Voice over Internet Protocol (VoIP), Web Application Firewall (WAF))
Storage security (e.g., direct attached, storage area network (SAN), network-attached storage (NAS), archival and removable media, encryption)
Data repository security (e.g., access control, encryption, redaction, masking)
Cloud security (e.g., public/private, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS))
Operational technology (e.g., industrial control system (ICS), Internet of Things (IoT), supervisory control and data acquisition (SCADA))
Endpoint security (e.g., bring your own device (BYOD), mobile, endpoint detection and response (EDR), host-based intrusion detection system (HIDS)/host-based intrusion prevention system (HIPS))
Secure shared services (e.g., e-mail, Voice over Internet Protocol (VoIP), unified communications)
Authentication protocols and technologies (e.g., Security Assertion Markup Language (SAML), Remote Authentication Dial-In User Service (RADIUS), Kerberos, Open Authorization (OAuth))
Authentication control protocols and technologies (e.g., eXtensible Access Control Markup Language (XACML), Lightweight Directory Access Protocol (LDAP))
Authorization process and workflow (e.g., governance, issuance, periodic review, revocation, suspension)
Roles, rights, and responsibilities related to system, application, and data access control (e.g., groups, Digital Rights Management (DRM), trust relationships)
Management of privileged accounts (e.g., Privileged Access Management (PAM))
Determine accounting, analysis, and forensic requirements
Define audit events
Establish audit log alerts and notifications
Log management (e.g., log data retention, log data integrity)
Log analysis and reporting
Comply with policies and regulations (e.g., PCI-DSS, FISMA, HIPAA, GDPR)
What We Offer?
Full-Length Mock Tests that include unique, exam-style questions to help you practice under real conditions.
Section-Wise Practice Questions for reviewing topic-based questions and instantly see where you stand in every section.
Detailed answers with a clear and thorough explanation to help you understand the concept, not just memorize answers.
Get a complete breakdown of your strengths, weaknesses, and progress after every attempt.
All question sets reflect the latest exam syllabus and format.
Unlimited Access to Practice anytime, as often as you want - no time limits or hidden restrictions.
100% Pass Guarantee
We have built the Practice Exams with a 100% unconditional Test Pass Guarantee!
If you are unable to clear the exam, you can request a full refund guaranteed.