ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 121:

  Which of the following access methods is used by Ethernet?

  A. CSMA/CD.
  B. CSU/DSU.
  C. TCP/IP.
  D. FIFO.
  A. CSMA/CD.

  ---

  Ethernet uses Carrier Sense Multiple Access with Collision Detection (CSMA/CD) to minimize the effect of broadcast collisions.

  The following answers are incorrect:

  CSU/DSU Is incorrect because Channel Service Unit/Digital Service Unit(CSU/DSU) is a digital interface normally used to connect a router to a digital circuit.

  TCP/IP Is incorrect because Transmission Control Protocol/Internet Protocol(TCP/IP) is a network protocol not an access method.

  FIFO Is incorrect as it is a distractor. First In, First Out (FIFO) is typically a processing methodology in which first come, first served.

  Ethernet is a frame based network technology.

  References:

  OIG CBK Telecommunications and Network Security (pages 437 - 438)

  Wikipedia http://en.wikipedia.org/wiki/FIFO

• Question 122:

  Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?

  A. SSH ( Secure Shell)
  B. S/MIME (Secure MIME)
  C. SET (Secure Electronic Transaction)
  D. SSL (Secure Sockets Layer)
  C. SET (Secure Electronic Transaction)

  ---

  As protocol was introduced by Visa and Mastercard to allow for more credit card transaction possibilities. It is comprised of three different pieces of software, running on the customer's PC (an electronic wallet), on the merchant's Web server

  and on the payment server of the merchant's bank. The credit card information is sent by the customer to the merchant's Web server, but it does not open it and instead digitally signs it and sends it to its bank's payment server for processing.

  The following answers are incorrect because :

  SSH (Secure Shell) is incorrect as it functions as a type of tunneling mechanism that provides terminal like access to remote computers.

  S/MIME is incorrect as it is a standard for encrypting and digitally signing electronic mail and for providing secure data transmissions.

  SSL is incorrect as it uses public key encryption and provides data encryption, server authentication, message integrity, and optional client authentication.

  Reference : Shon Harris AIO v3 , Chapter-8: Cryptography , Page : 667-669

• Question 123:

  When submitting a passphrase for authentication, the passphrase is converted into ...

  A. a virtual password by the system
  B. a new passphrase by the system
  C. a new passphrase by the encryption technology
  D. a real password by the system which can be used forever
  A. a virtual password by the system

  ---

  Passwords can be compromised and must be protected. In the ideal case, a password should only be used once. The changing of passwords can also fall between these two extremes.

  Passwords can be required to change monthly, quarterly, or at other intervals, depending on the criticality of the information needing protection and the password's frequency of use.

  Obviously, the more times a password is used, the more chance there is of it being compromised.

  It is recommended to use a passphrase instead of a password. A passphrase is more resistant to attacks. The passphrase is converted into a virtual password by the system. Often time the passphrase will exceed the maximum length

  supported by the system and it must be trucated into a Virtual Password.

  Reference(s) used for this question:

  http://www.itl.nist.gov/fipspubs/fip112.htm and KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 36 and 37.

• Question 124:

  Which one of the following is usually not a benefit resulting from the use of firewalls?

  A. reduces the risks of external threats from malicious hackers.
  B. prevents the spread of viruses.
  C. reduces the threat level on internal system.
  D. allows centralized management and control of services.
  B. prevents the spread of viruses.

  ---

  This is not a benefit of a firewall. Most firewalls are limited when it comes to preventing the spread of viruses.

  This question is testing your knowledge of Malware and Firewalls. The keywords within the questions are "usually" and "virus". Once again to come up with the correct answer, you must stay within the context of the question and really ask

  yourself which of the 4 choices is NOT usually done by a firewall.

  Some of the latest Appliances such as Unified Threat Management (UTM) devices does have the ability to do virus scanning but most first and second generation firewalls would not have such ability. Remember, the questions is not asking

  about all possible scenarios that could exist but only about which of the 4 choices presented is the BEST.

  For the exam you must know your general classes of Malware. There are generally four major classes of malicious code that fall under the general definition of malware:

  1.

  Virus: Parasitic code that requires human action or insertion, or which attaches itself to another program to facilitate replication and distribution. Virus-infected containers can range from e- mail, documents, and data file macros to boot sectors, partitions, and memory fobs. Viruses were the first iteration of malware and were typically transferred by floppy disks (also known as "sneakernet") and injected into memory when the disk was accessed or infected files were transferred from system to system.

  2.

  Worm: Self-propagating code that exploits system or application vulnerabilities to replicate. Once on a system, it may execute embedded routines to alter, destroy, or monitor the system on which it is running, then move on to the next system. A worm is effectively a virus that does not require human interaction or other programs to infect systems.

  3.

  Trojan Horse: Named after the Trojan horse of Greek mythology (and serving a very similar function), a Trojan horse is a general term referring to programs that appear desirable, but actually contain something harmful. A Trojan horse purports to do one thing that the user wants while secretly performing other potentially malicious actions. For example, a user may download a game file, install it, and begin playing the game. Unbeknownst to the user, the application may also install a virus, launch a worm, or install a utility allowing an attacker to gain unauthorized access to the system remotely, all without the user's knowledge.

  4.

  Spyware: Prior to its use in malicious activity, spyware was typically a hidden application injected through poor browser security by companies seeking to gain more information about a user's Internet activity. Today, those methods are

  used to deploy other malware, collect private data, send advertising or commercial messages to a system, or monitor system input, such as keystrokes or mouse clicks.

  The following answers are incorrect:

  reduces the risks of external threats from malicious hackers. This is incorrect because a firewall can reduce the risks of external threats from malicious hackers.

  reduces the threat level on internal system. This is incorrect because a firewall can reduce the threat level on internal system.

  allows centralized management and control of services. This is incorrect because a firewall can allow centralize management and control of services.

  Reference(s) used for this question:

  Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 3989-4009). Auerbach Publications. Kindle Edition.

• Question 125:

  Which of the following is most likely to be useful in detecting intrusions?

  A. Access control lists
  B. Security labels
  C. Audit trails
  D. Information security policies
  C. Audit trails

  ---

  If audit trails have been properly defined and implemented, they will record information that can assist in detecting intrusions. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter

  4: Access Control (page 186).

• Question 126:

  Detective/Technical measures:

  A. include intrusion detection systems and automatically-generated violation reports from audit trail information.
  B. do not include intrusion detection systems and automatically-generated violation reports from audit trail information.
  C. include intrusion detection systems but do not include automatically-generated violation reports from audit trail information.
  D. include intrusion detection systems and customised-generated violation reports from audit trail information.
  A. include intrusion detection systems and automatically-generated violation reports from audit trail information.

  ---

  Detective/Technical measures include intrusion detection systems and automatically-generated violation reports from audit trail information. These reports can indicate variations from "normal" operation or detect known signatures of unauthorized access episodes. In order to limit the amount of audit information flagged and reported by automated violation analysis and reporting mechanisms, clipping levels can be set.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 35.

• Question 127:

  How many bits of a MAC address uniquely identify a vendor, as provided by the IEEE?

  A. 6 bits
  B. 12 bits
  C. 16 bits
  D. 24 bits
  D. 24 bits

  ---

  The MAC address is 48 bits long, 24 of which identify the vendor, as provided by the IEEE. The other 24 bits are provided by the vendor. A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet. Logically, MAC addresses are used in the media access control protocol sublayer of the OSI reference model. MAC addresses are most often assigned by the manufacturer of a network interface card (NIC) and are stored in its hardware, such as the card's read-only memory or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number and may be referred to as the burned-in address. It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. This is can be contrasted to a programmed address, where the host device issues commands to the NIC to use an arbitrary address. An example is many SOHO routers, where the ISP grants access to only one MAC address (used previously to inserting the router) so the router must use that MAC address on its Internet-facing NIC. Therefore the router administrator configures a MAC address to override the burned-in one. A network node may have multiple NICs and each must have one unique MAC address per NIC. See diagram below from Wikipedia showing the format of a MAC address. : MAC Address format

  

  Reference(s) used for this question: http://en.wikipedia.org/wiki/MAC_address

• Question 128:

  Business Continuity and Disaster Recovery Planning (Primarily) addresses the:

  A. Availability of the CIA triad
  B. Confidentiality of the CIA triad
  C. Integrity of the CIA triad
  D. Availability, Confidentiality and Integrity of the CIA triad
  A. Availability of the CIA triad

  ---

  The Information Technology (IT) department plays a very important role in identifying and protecting the company's internal and external information dependencies. Also, the information technology elements of the BCP should address several

  vital issue, including:

  Ensuring that the company employs sufficient physical security mechanisms to preserve vital network and hardware components. including file and print servers.

  Ensuring that the organization uses sufficient logical security methodologies (authentication, authorization, etc.) for sensitive data.

  Reference: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, page 279.

• Question 129:

  Which of the following is an extension to Network Address Translation that permits multiple devices providing services on a local area network (LAN) to be mapped to a single public IP address?

  A. IP Spoofing
  B. IP subnetting
  C. Port address translation
  D. IP Distribution
  C. Port address translation

  ---

  Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses or to publish multiple hosts with service to the internet while having only one single IP assigned on the external side of your gateway. Most home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a single IP address to the home network's router. When Computer X logs on the Internet, the router assigns the client a port number, which is appended to the internal IP address. This, in effect, gives Computer X a unique address. If Computer Z logs on the Internet at the same time, the router assigns it the same local IP address with a different port number. Although both computers are sharing the same public IP address and accessing the Internet at the same time, the router knows exactly which computer to send specific packets to because each computer has a unique internal address. Port Address Translation is also called porting, port overloading, port-level multiplexed NAT and single address NAT. Shon Harris has the following example in her book: The company owns and uses only one public IP address for all systems that need to communicate outside the internal network. How in the world could all computers use the exact same IP address? Good question. Here's an example: The NAT device has an IP address of 127.50.41.3. When computer A needs to communicate with a system on the Internet, the NAT device documents this computer's private address and source port number (10.10.44.3; port 43,887). The NAT device changes the IP address in the computer's packet header to 127.50.41.3, with the source port 40,000. When computer B also needs to communicate with a system on the Internet, the NAT device documents the private address and source port number (10.10.44.15; port 23,398) and changes the header information to 127.50.41.3 with source port 40,001. So when a system responds to computer A, the packet first goes to the NAT device, which looks up the port number 40,000 and sees that it maps to computer A's real information. So the NAT device changes the header information to address 10.10.44.3 and port 43,887 and sends it to computer A for processing. A company can save a lot more money by using PAT, because the company needs to buy only a few public IP addresses, which are used by all systems in the network. As mentioned on Wikipedia: NAT is also known as Port Address Translation: is a feature of a network device that translate TCP or UDP communications made between host on a private network and host on a public network. I allows a single public IP address to be used by many host on private network which is usually a local area network LAN NAT effectively hides all TCP/IP-level information about internal hosts from the Internet. The following were all inAnswer: IP Spoofing - In computer networking, the term IP address spoofing or IP spoofing refers to the creation of Internet Protocol (IP) packets with a forged source IP address, called spoofing, with the purpose of concealing the identity of the sender or impersonating another computing system. Subnetting - Subnetting is a network design strategy that segregates a larger network into smaller components. While connected through the larger network, each subnetwork or subnet functions with a unique IP address. All systems that are assigned to a particular subnet will share values that are common for both the subnet and for the network as a whole. A different approach to network construction can be thought of as subnetting in reverse. Known as CIDR, or Classless Inter-Domain Routing, this approach also creates a series of subnetworks. Rather than dividing an existing network into small components, CIDR takes smaller components and connects them into a larger network. This can often be the case when a business is acquired by a larger corporation. Instead of doing away with the network developed and used by the newly acquired business, the corporation chooses to continue operating that network as a subsidiary or an added component of the corporation's network. In effect, the system of the purchased entity becomes a subnet of the parent company's network. IP Distribution - This is a generic term which could mean distribution of content over an IP network or distribution of IP addresses within a Company. Sometimes people will refer to this as Internet Protocol address management (IPAM) is a means of planning, tracking, and managing the Internet Protocol address space used in a network. Most commonly, tools such as DNS and DHCP are used in conjunction as integral functions of the IP address management function, and true IPAM glues these point services together so that each is aware of changes in the other (for instance DNS knowing of the IP address taken by a client via DHCP, and updating itself accordingly). Additional functionality, such as controlling reservations in DHCP as well as other data aggregation and reporting capability, is also common. IPAM tools are increasingly important as new IPv6 networks are deployed with larger address pools, different subnetting techniques, and more complex 128-bit hexadecimal numbers which are not as easily human-readable as IPv4 addresses. Reference(s) used for this question: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 1: Understanding Firewalls. Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Telecommunications and Network Security, Page 350. Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 12765-12774). Telecommunications and Network Security, Page 604-606 http://searchnetworking.techtarget.com/ definition/Port-Address-Translation-PAT http://en.wikipedia.org/wiki/IP_address_spoofing http://www.wisegeek.com/what-is-subnetting.htm http://en.wikipedia.org/wiki/IP_address_management

• Question 130:

  Which of the following statements pertaining to VPN protocol standards is false?

  A. L2TP is a combination of PPTP and L2F.
  B. L2TP and PPTP were designed for single point-to-point client to server communication.
  C. L2TP operates at the network layer.
  D. PPTP uses native PPP authentication and encryption services.
  C. L2TP operates at the network layer.

  ---

  L2TP and PPTP were both designed for individual client to server connections; they enable only a single point-to-point connection per session. Dial-up VPNs use L2TP often. Both L2TP and PPTP operate at the data link layer (layer 2) of the OSI model. PPTP uses native PPP authentication and encryption services and L2TP is a combination of PPTP and Layer 2 Forwarding protocol (L2F).

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 3: Telecommunications and Network Security (page 95).