ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 151:

  Which of the following ports does NOT normally need to be open for a mail server to operate?

  A. Port 110
  B. Port 25
  C. Port 119
  D. Port 143
  C. Port 119

  ---

  Port 119 is normally used for the Network News Transfer Protocol. It is thus not need for a mail server, which would normally listen to ports 25 (SMTP), 110 (POP3) and 143 (IMAP). Source: STREBE, Matthew and PERKINS, Charles,

  Firewalls 24seven, Sybex 2000, Chapter 1:

  Understanding Firewalls.

• Question 152:

  What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept?

  A. The reference monitor
  B. Protection rings
  C. A security kernel
  D. A protection domain
  C. A security kernel

  ---

  A security kernel is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept. A reference monitor is a system component that enforces access controls on an object. A protection domain consists of the execution and memory space assigned to each process. The use of protection rings is a scheme that supports multiple protection domains.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 5: Security Architecture and Models (page 194).

• Question 153:

  Which of the following is not an encryption algorithm?

  A. Skipjack
  B. SHA-1
  C. Twofish
  D. DEA
  B. SHA-1

  ---

  The SHA-1 is a hashing algorithm producing a 160-bit hash result from any data. It does not perform encryption.

  In cryptography, SHA-1 is a cryptographic hash function designed by the United States National Security Agency and published by the United States NIST as a U.S. Federal Information Processing Standard.

  SHA stands for "secure hash algorithm". The four SHA algorithms are structured differently and are distinguished as SHA-0, SHA-1, SHA-2, and SHA-3. SHA-1 is very similar to SHA-0, but corrects an error in the original SHA hash

  specification that led to significant weaknesses. The SHA-0 algorithm was not adopted by many applications. SHA-2 on the other hand significantly differs from the SHA-1 hash function. SHA-1 is the most widely used of the existing SHA hash

  functions, and is employed in several widely used applications and protocols.

  In 2005, cryptanalysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough for ongoing use. NIST required many applications in federal agencies to move to SHA-2 after 2010 because of the weakness. Although

  no successful attacks have yet been reported on SHA-2, they are algorithmically similar to SHA-1.

  In 2012, following a long-running competition, NIST selected an additional algorithm, Keccak, for standardization as SHA-3

  NOTE:

  A Cryptographic Hash Function is not the same as an Encryption Algorithm even thou both are Algorithms. An algorithm is defined as a step-by-step procedure for calculations. Hashing Algorithm do not encrypt the data. People sometimes

  will say they encrypted a password with SHA-1 but really they simply created a Message Digest of the password using SHA-1, putting the input through a series of steps to come out with the message digest or hash value.

  A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with

  very high probability) change the hash value. The data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply digest.

  Encryption Algorithms are reversible but Hashing Algorithms are not meant to be reversible if the input is large enough.

  The following are incorrect answers:

  The Skipjack algorithm is a Type II block cipher with a block size of 64 bits and a key size of 80 bits that was developed by NSA and formerly classified at the U.S. Department of Defense "Secret" level.

  Twofish is a freely available 128-bit block cipher designed by Counterpane Systems (Bruce Schneier et al.).

  DEA is a symmetric block cipher, defined as part of the U.S. Government's Data Encryption Standard (DES). DEA uses a 64-bit key, of which 56 bits are independently chosen and 8 are parity bits, and maps a 64-bit block into another 64-bit

  block.

  Reference(s) used for this question:

  http://en.wikipedia.org/wiki/SHA-1

  and

  SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

  and

  Counterpane Labs, at http://www.counterpane.com/twofish.html.

• Question 154:

  To control access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up:

  A. Access Rules
  B. Access Matrix
  C. Identification controls
  D. Access terminal
  A. Access Rules

  ---

  Controlling access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up access rules.

  These rules can be classified into three access control models: Mandatory, Discretionary, and Non- Discretionary.

  An access matrix is one of the means used to implement access control. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 33.

• Question 155:

  Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1 Gbps) according to the EIA/TIA-568-B standards?

  A. Category 5e UTP
  B. Category 2 UTP
  C. Category 3 UTP
  D. Category 1e UTP
  A. Category 5e UTP

  ---

  Categories 1 through 6 are based on the EIA/TIA-568-B standards. On the newer wiring for LANs is CAT5e, an improved version of CAT5 which used to be outside of the standard, for more information on twisted pair, please see: twisted pair. Category Cable Type Mhz Usage Speed ============================================= CAT1 UTP Analog voice, Plain Old Telephone System (POTS) CAT2 UTP 4 Mbps on Token Ring, also used on Arcnet networks CAT3 UTP, ScTP, STP 16 MHz 10 Mbps CAT4 UTP, ScTP, STP 20 MHz 16 Mbps on Token Ring Networks CAT5 UTP, ScTP, STP 100 MHz 100 Mbps on ethernet, 155 Mbps on ATM CAT5e UTP, ScTP, STP 100 MHz 1 Gbps (out of standard version, improved version of CAT5) CAT6 UTP, ScTP, STP 250 MHz 10 Gbps CAT7 ScTP, STP 600 M 100 Gbps Category 6 has a minumum of 250 MHz of bandwidth. Allowing 10/100/1000 use with up to 100 meter cable length, along with 10GbE over shorter distances. Category 6a or Augmented Category 6 has a minimum of 500 MHz of bandwidth. It is the newest standard and allows up to 10GbE with a length up to 100m. Category 7 is a future cabling standard that should allow for up to 100GbE over 100 meters of cable. Expected availability is in 2013. It has not been approved as a cable standard, and anyone now selling you Cat. 7 cable is fooling you. REFERENCES: http://donutey.com/ethernet.php http://en.wikipedia.org/wiki/TIA/EIA-568-B http://en.wikipedia.org/wiki/Category_1_cable

• Question 156:

  Why is Network File System (NFS) used?

  A. It enables two different types of file systems to interoperate.
  B. It enables two different types of file systems to share Sun applications.
  C. It enables two different types of file systems to use IP/IPX.
  D. It enables two different types of file systems to emulate each other.
  A. It enables two different types of file systems to interoperate.

  ---

  Network File System (NFS) is a TCP/IP client/server application developed by Sun that enables different types of file systems to interoperate regardless of operating system or network architecture. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 88.

• Question 157:

  Which one of the following is used to provide authentication and confidentiality for e-mail messages?

  A. Digital signature
  B. PGP
  C. IPSEC AH
  D. MD4
  B. PGP

  ---

  Instead of using a Certificate Authority, PGP uses a "Web of Trust", where users can certify each other in a mesh model, which is best applied to smaller groups. In cryptography, a web of trust is a concept used in PGP, GnuPG, and other

  OpenPGP compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies

  exclusively on a certificate authority (or a hierarchy of such). The web of trust concept was first put forth by PGP creator Phil Zimmermann in 1992 in the manual for PGP version 2.0.

  Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files,

  directories and whole disk partitions to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991.

  As per Shon Harris's book:

  Pretty Good Privacy (PGP) was designed by Phil Zimmerman as a freeware e-mail security program and was released in 1991. It was the first widespread public key encryption program. PGP is a complete cryptosystem that uses

  cryptographic protection to protect e-mail and files. It can use RSA public key encryption for key management and use IDEA symmetric cipher for bulk encryption of data, although the user has the option of picking different types of algorithms

  for these functions. PGP can provide confidentiality by using the IDEA encryption algorithm, integrity by using the MD5 hashing algorithm, authentication by using the public key certificates, and nonrepudiation by using cryptographically

  signed messages. PGP initially used its own type of digital certificates rather than what is used in PKI, but they both have similar purposes. Today PGP support X.509 V3 digital certificates.

  Reference(s) used for this question:

  KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 4: Cryptography (page 169).

  Shon Harris, CISSP All in One book

  https://en.wikipedia.org/wiki/Pretty_Good_Privacy

  TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

• Question 158:

  Which of the following groups represents the leading source of computer crime losses?

  A. Hackers
  B. Industrial saboteurs
  C. Foreign intelligence officers
  D. Employees
  D. Employees

  ---

  There are some conflicting figures as to which group is a bigger threat hackers or employees. Employees are still considered to the leading source of computer crime losses. Employees often have an easier time gaining access to systems or

  source code then ousiders or other means of creating computer crimes.

  A word of caution is necessary: although the media has tended to portray the threat of cybercrime as existing almost exclusively from the outside, external to a company, reality paints a much different picture. Often the greatest risk of

  cybercrime comes from the inside, namely, criminal insiders. Information security professionals must be particularly sensitive to the phenomena of the criminal or dangerous insider, as these individuals usually operate under the radar, inside

  of the primarily outward/external facing security controls, thus significantly increasing the impact of their crimes while leaving few, if any, audit trails to follow and evidence for prosecution.

  Some of the large scale crimes committed agains bank lately has shown that Internal Threats are the worst and they are more common that one would think. The definition of what a hacker is can vary greatly from one country to another but in

  some of the states in the USA a hacker is defined as Someone who is using resources in a way that is not authorized. A recent case in Ohio involved an internal employee who was spending most of his day on dating website looking for the

  love of his life. The employee was taken to court for hacking the company resources.

  The following answers are incorrect:

  hackers. Is incorrect because while hackers represent a very large problem and both the frequency of attacks and overall losses have grown hackers are considered to be a small segment of combined computer fraudsters.

  industrial saboteurs. Is incorrect because industrial saboteurs tend to go after trade secrets. While the loss to the organization can be great, they still fall short when compared to the losses created by employees. Often it is an employee that

  was involved in industrial sabotage.

  foreign intelligence officers. Is incorrect because the losses tend to be national secrets. You really can't put t cost on this and the number of frequency and occurances of this is less than that of employee related losses.

  Reference(s) used for this question:

  Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 22327-22331). Auerbach Publications. Kindle Edition.

• Question 159:

  What are the three FUNDAMENTAL principles of security?

  A. Accountability, confidentiality and integrity
  B. Confidentiality, integrity and availability
  C. Integrity, availability and accountability
  D. Availability, accountability and confidentiality
  B. Confidentiality, integrity and availability

  ---

  The following answers are incorrect because:

  Accountability, confidentiality and integrity is not the correct answer as Accountability is not one of the fundamental principle of security. Integrity, availability and accountability is not the correct answer as Accountability is not one of the fundamental principle of security. Availability, accountability and confidentiality is not the correct answer as Accountability is not one of the fundamental objective of security. References : Shon Harris AIO v3 , Chapter - 3: Security Management Practices , Pages : 49-52

• Question 160:

  In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed?

  A. Pre Initialization Phase
  B. Phase 1
  C. Phase 2
  D. No peer authentication is performed
  B. Phase 1

  ---

  The Internet Key Exchange (IKE) protocol is a key management protocol standard that is used in conjunction with the IPSec standard. IKE enhances IPSec by providing additional features, flexibility, and ease of configuration for the IPSec

  standard. IPSec can however, be configured without IKE by manually configuring the gateways communicating with each other for example.

  A security association (SA) is a relationship between two or more entities that describes how the entities will use security services to communicate securely.

  In phase 1 of this process, IKE creates an authenticated, secure channel between the two IKE peers, called the IKE security association. The Diffie-Hellman key agreement is always performed in this phase.

  In phase 2 IKE negotiates the IPSec security associations and generates the required key material for IPSec. The sender offers one or more transform sets that are used to specify an allowed combination of transforms with their respective

  settings.

  Benefits provided by IKE include:

  Eliminates the need to manually specify all the IPSec security parameters in the crypto maps at both peers.

  Allows you to specify a lifetime for the IPSec security association.

  Allows encryption keys to change during IPSec sessions.

  Allows IPSec to provide anti-replay services.

  Permits Certification Authority (CA) support for a manageable, scalable IPSec implementation.

  Allows dynamic authentication of peers.

  References:

  RFC 2409: The Internet Key Exchange (IKE);

  DORASWAMY, Naganand and HARKINS, Dan, Ipsec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, 1999, Prentice Hall PTR;

  SMITH, Richard E., Internet Cryptography, 1997, Addison-Wesley Pub Co.

  Reference: http://www.ciscopress.com/articles/article.asp?p=25474