ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 231:

  What can be described as an imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?

  A. The security kernel
  B. The reference monitor
  C. The security perimeter
  D. The reference perimeter
  C. The security perimeter

  ---

  The security perimeter is the imaginary line that separates the trusted components of the kernel and the Trusted Computing Base (TCB) from those elements that are not trusted. The reference monitor is an abstract machine that mediates all accesses to objects by subjects. The security kernel can be software, firmware or hardware components in a trusted system and is the actual instantiation of the reference monitor. The reference perimeter is not defined and is a distracter.

  Source: HARE, Chris, Security Architecture and Models, Area 6 CISSP Open Study Guide, January 2002.

• Question 232:

  Kerberos depends upon what encryption method?

  A. Public Key cryptography.
  B. Secret Key cryptography.
  C. El Gamal cryptography.
  D. Blowfish cryptography.
  B. Secret Key cryptography.

  ---

  Kerberos depends on Secret Keys or Symmetric Key cryptography. Kerberos a third party authentication protocol. It was designed and developed in the mid 1980's by MIT. It is considered open source but is copyrighted and owned by MIT. It relies on the user's secret keys. The password is used to encrypt and decrypt the keys.

  This question asked specifically about encryption methods. Encryption methods can be SYMMETRIC (or secret key) in which encryption and decryption keys are the same, or ASYMMETRIC (aka 'Public Key') in which encryption and decryption keys differ.

  'Public Key' methods must be asymmetric, to the extent that the decryption key CANNOT be easily derived from the encryption key. Symmetric keys, however, usually encrypt more efficiently, so they lend themselves to encrypting large amounts of data. Asymmetric encryption is often limited to ONLY encrypting a symmetric key and other information that is needed in order to decrypt a data stream, and the remainder of the encrypted data uses the symmetric key method for

  performance reasons. This does not in any way diminish the security nor the ability to use a public key to encrypt the data, since the symmetric key method is likely to be even MORE secure than the asymmetric method.

  For symmetric key ciphers, there are basically two types: BLOCK CIPHERS, in which a fixed length block is encrypted, and STREAM CIPHERS, in which the data is encrypted one 'data unit' (typically 1 byte) at a time, in the same order it was

  received in.

  The following answers are incorrect:

  Public Key cryptography. Is incorrect because Kerberos depends on Secret Keys or Symmetric Key cryptography and not Public Key or Asymmetric Key cryptography.

  El Gamal cryptography. Is incorrect because El Gamal is an Asymmetric Key encryption algorithm.

  Blowfish cryptography. Is incorrect because Blowfish is a Symmetric Key encryption algorithm.

  References:

  OIG CBK Access Control (pages 181 - 184)

  AIOv3 Access Control (pages 151 - 155)

  Wikipedia http://en.wikipedia.org/wiki/Blowfish_%28cipher%29 ; http://en.wikipedia.org/wiki/El_Gamal

  http://www.mrp3.com/encrypt.html

• Question 233:

  Which of the following is NOT an example of an operational control?

  A. backup and recovery
  B. Auditing
  C. contingency planning
  D. operations procedures
  B. Auditing

  ---

  Operational controls are controls over the hardware, the media used and the operators using these resources.

  Operational controls are controls that are implemented and executed by people, they are most often procedures.

  Backup and recovery, contingency planning and operations procedures are operational controls.

  Auditing is considered an Administrative / detective control. However the actual auditing mechanisms in place on the systems would be consider operational controls.

• Question 234:

  Which of the following rules appearing in an Internet firewall policy is inappropriate?

  A. Source routing shall be disabled on all firewalls and external routers.
  B. Firewalls shall be configured to transparently allow all outbound and inbound services.
  C. Firewalls should fail to a configuration that denies all services, and require a firewall administrator to re- enable services after a firewall has failed.
  D. Firewalls shall not accept traffic on its external interfaces that appear to be coming from internal network addresses.
  B. Firewalls shall be configured to transparently allow all outbound and inbound services.

  ---

  Unless approved by the Network Services manager, all in-bound services shall be intercepted and processed by the firewall. Allowing unrestricted services inbound and outbound is certainly NOT recommended and very dangerous.

  Pay close attention to the keyword: all

  All of the other choices presented are recommended practices for a firewall policy.

  Reference(s) used for this question:

  GUTTMAN, Barbara and BAGWILL, Robert, NIST Special Publication 800-xx, Internet Security Policy: A Technical Guide, Draft Version, May 25, 2000 (page 78).

• Question 235:

  What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)?

  A. Internet Key Exchange (IKE)
  B. Secure Key Exchange Mechanism
  C. Oakley
  D. Internet Security Association and Key Management Protocol
  A. Internet Key Exchange (IKE)

  ---

  The Key management for IPSec is called the Internet Key Exchange (IKE)

  Note: IKE underwent a series of improvements establishing IKEv2 with RFC 4306. The basis of this answer is IKEv2.

  The IKE protocol is a hybrid of three other protocols: ISAKMP (Internet Security Association and Key Management Protocol), Oakley and SKEME. ISAKMP provides a framework for authentication and key exchange, but does not define them

  (neither authentication nor key exchange). The Oakley protocol describes a series of modes for key exchange and the SKEME protocol defines key exchange techniques.

  IKE--Internet Key Exchange. A hybrid protocol that implements Oakley and Skeme key exchanges inside the ISAKMP framework. IKE can be used with other protocols, but its initial implementation is with the IPSec protocol. IKE provides

  authentication of the IPSec peers, negotiates IPSec keys, and negotiates IPSec security associations.

  IKE is implemented in accordance with RFC 2409, The Internet Key Exchange. The Internet Key Exchange (IKE) security protocol is a key management protocol standard that is used in conjunction with the IPSec standard. IPSec can be

  configured without IKE, but IKE enhances IPSec by providing additional features, flexibility, and ease of configuration for the IPSec standard. IKE is a hybrid protocol that implements the Oakley key exchange and the SKEME key exchange

  inside the Internet Security Association and Key Management Protocol (ISAKMP) framework. (ISAKMP, Oakley, and SKEME are security protocols implemented by IKE.)

  IKE automatically negotiates IPSec security associations (SAs) and enables IPSec secure communications without costly manual preconfiguration. Specifically, IKE provides these benefits:

  Eliminates the need to manually specify all the IPSec security parameters in the crypto maps at both peers.

  Allows you to specify a lifetime for the IPSec security association.

  Allows encryption keys to change during IPSec sessions.

  Allows IPSec to provide anti-replay services.

  Permits certification authority (CA) support for a manageable, scalable IPSec implementation.

  Allows dynamic authentication of peers. About ISAKMP The Internet Security Association and Key Management Protocol (ISAKMP) is a framework that defines the phases for establishing a secure relationship and support for negotiation of security attributes, it does not establish sessions keys by

  itself, it is used along with the Oakley session key establishment protocol. The Secure Key Exchange Mechanism (SKEME) describes a secure exchange mechanism and Oakley defines the modes of operation needed to establish a secure

  connection.

  ISAKMP provides a framework for Internet key management and provides the specific protocol support for negotiation of security attributes. Alone, it does not establish session keys. However it can be used with various session key

  establishment protocols, such as Oakley, to provide a complete solution to Internet key management.

  About Oakley

  The Oakley protocol uses a hybrid Diffie-Hellman technique to establish session keys on Internet hosts and routers. Oakley provides the important security property of Perfect Forward Secrecy (PFS) and is based on cryptographic techniques

  that have survived substantial public scrutiny. Oakley can be used by itself, if no attribute negotiation is needed, or Oakley can be used in conjunction with ISAKMP. When ISAKMP is used with Oakley, key escrow is not feasible.

  The ISAKMP and Oakley protocols have been combined into a hybrid protocol. The resolution of ISAKMP with Oakley uses the framework of ISAKMP to support a subset of Oakley key exchange modes. This new key exchange protocol

  provides optional PFS, full security association attribute negotiation, and authentication methods that provide both repudiation and non-repudiation. Implementations of this protocol can be used to establish VPNs and also allow for users from

  remote sites (who may have a dynamically allocated IP address) access to a secure network.

  About IPSec

  The IETF's IPSec Working Group develops standards for IP-layer security mechanisms for both IPv4 and IPv6. The group also is developing generic key management protocols for use on the Internet. For more information, refer to the IP

  Security and Encryption Overview.

  IPSec is a framework of open standards developed by the Internet Engineering Task Force (IETF) that provides security for transmission of sensitive information over unprotected networks such as the Internet. It acts at the network level and

  implements the following standards:

  IPSec

  Internet Key Exchange (IKE)

  Data Encryption Standard (DES)

  MD5 (HMAC variant)

  SHA (HMAC variant)

  Authentication Header (AH)

  Encapsulating Security Payload (ESP)

  IPSec services provide a robust security solution that is standards-based. IPSec also provides data authentication and anti-replay services in addition to data confidentiality services.

  For more information regarding IPSec, refer to the chapter "Configuring IPSec Network Security."

  About SKEME

  SKEME constitutes a compact protocol that supports a variety of realistic scenarios and security models over Internet. It provides clear tradeoffs between security and performance as required by the different scenarios without incurring in

  unnecessary system complexity. The protocol supports key exchange based on public key, key distribution centers, or manual installation, and provides for fast and secure key refreshment. In addition, SKEME selectively provides perfect

  forward secrecy, allows for replaceability and negotiation of the underlying cryptographic primitives, and addresses privacy issues as anonymity and repudiatability

  SKEME's basic mode is based on the use of public keys and a Diffie-Hellman shared secret generation.

  However, SKEME is not restricted to the use of public keys, but also allows the use of a pre- shared key. This key can be obtained by manual distribution or by the intermediary of a key distribution center (KDC) such as Kerberos.

  In short, SKEME contains four distinct modes:

  Basic mode, which provides a key exchange based on public keys and ensures PFS thanks to Diffie- Hellman.

  A key exchange based on the use of public keys, but without Diffie-Hellman.

  A key exchange based on the use of a pre-shared key and on Diffie-Hellman.

  A mechanism of fast rekeying based only on symmetrical algorithms.

  In addition, SKEME is composed of three phases: SHARE, EXCH and AUTH.

  During the SHARE phase, the peers exchange half-keys, encrypted with their respective public keys. These two half-keys are used to compute a secret key K. If anonymity is wanted, the identities of the two peers are also encrypted. If a

  shared secret already exists, this phase is skipped.

  The exchange phase (EXCH) is used, depending on the selected mode, to exchange either Diffie-Hellman public values or nonces. The Diffie-Hellman shared secret will only be computed after the end of the exchanges.

  The public values or nonces are authenticated during the authentication phase (AUTH), using the secret key established during the SHARE phase.

  The messages from these three phases do not necessarily follow the order described above; in actual practice they are combined to minimize the number of exchanged messages.

  References used for this question:

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 4: Cryptography (page 172).

  http://tools.ietf.org/html/rfc4306

  http://tools.ietf.org/html/rfc4301

  http://en.wikipedia.org/wiki/Internet_Key_Exchange

  CISCO ISAKMP and OAKLEY information

  CISCO Configuring Internet Key Exchange Protocol

  http://www.hsc.fr/ressources/articles/ipsec-tech/index.html.en

• Question 236:

  What protocol is used to match an IP address to the appropriate hardware address of the packet's destination so it can be sent?

  A. Routing tables
  B. Address resolution protocol (ARP)
  C. Reverse address resolution protocol (RARP)
  D. Internet Control Message Protocol (ICMP)
  B. Address resolution protocol (ARP)

  ---

  The Address Resolution Protocol (ARP) is used to match an IP address to an Ethernet address so the packet can be sent to the appropriate node.

  Shon Harris in her book says:

  MAC and IP addresses must be properly mapped so they can be correctly resolved. This happens through the Address Resolution Protocol (ARP). When the data link layer receives a frame, the network layer has already attached the

  destination IP address to it, but the data link layer cannot understand the IP address and thus invokes ARP for help.

  ARP broadcasts a frame requesting the MAC address that corresponds with the destination IP address. Each computer on the subnet receives this broadcast frame, and all but the computer that has the requested IP address ignore it.

  The computer that has the destination IP address responds with its MAC address. Now ARP knows what hardware address corresponds with that specific IP address. The data link layer takes the frame, adds the hardware address to it, and

  passes it on to the physical layer, which enables the frame to hit the wire and go to the destination computer.

  ARP maps the hardware address and associated IP address and stores this mapping in its table for a predefined amount of time. This caching is done so that when another frame destined for the same IP address needs to hit the wire, ARP

  does not need to broadcast its request again. It just looks in its table for this information.

  Man-In-The-Middle attack

  Because ARP does not require authentication, an attacker could place bogus entries into the ARP cache of a remote host (gratuitous ARP replies) to carry out attacks, such as a man-in-the-middle attacks. This attack is called ARP poisoning.

  The following answers were incorrect:

  RARP is used to match an Ethernet address to an IP address.

  ICMP is a management protocol whose function is to send message between network devices.

  Routing tables are used by routers to choose the appropriate interface to route packets.

  Reference(s) used for this question:

  Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition, Chapter 6 Telecommunications and Network Security, Pages 580-581 or on the Kindle edition look around Locations 12298-12306. McGraw- Hill. Kindle Edition.

  and

  Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK , Third Edition:

  Telecommunications and Network Security, Page 342.

• Question 237:

  To protect and/or restore lost, corrupted, or deleted information, thereby preserving the data integrity and availability is the purpose of:

  A. Remote journaling.
  B. Database shadowing.
  C. A tape backup method.
  D. Mirroring.
  C. A tape backup method.

  ---

  The purpose of a tape backup method is to protect and/or restore lost, corrupted, or deleted information, thereby preserving the data integrity and ensuring availability. All other choices could suffer from corruption and it might not be possible

  to restore the data without proper backups being done.

  This is a tricky question, if the information is lost, corrupted, or deleted only a good backup could be use to restore the information. Any synchronization mechanism would update the mirror copy and the data could not be recovered.

  With backups there could be a large gap where your latest data may not be available. You would have to look at your Recovery Point Objective and see if this is acceptable for your company recovery objectives.

  The following are incorrect answers:

  Mirroring will preserve integrity and restore points in all cases of drive failure. However, if you have corrupted data on the primary set of drives you may get corrupted data on the secondary set as well.

  Remote Journaling provides Continuous or periodic synchronized recording of transaction data at a remote location as a backup strategy. (http://www.businessdictionary.com/definition/remote- journaling.html) With journaling there might be a

  gap of time between the data updates being send in batch at regular interval. So some of the data could be lost. Database shadowing is synonymous with Mirroring but it only applies to databases, but not to information and data as a whole.

  Reference(s) used for this question:

  KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 68.

• Question 238:

  Which of the following would best describe a Concealment cipher?

  A. Permutation is used, meaning that letters are scrambled.
  B. Every X number of words within a text, is a part of the real message.
  C. Replaces bits, characters, or blocks of characters with different bits, characters or blocks.
  D. Hiding data in another message so that the very existence of the data is concealed.
  B. Every X number of words within a text, is a part of the real message.

  ---

  When a concealment cipher is used, every X number of words within a text, is a part of the real message. The message is within another message.

  A concealment cipher is a message within a message. If my other super-secret spy buddy and I decide our key value is every third word, then when I get a message from him, I will pick out every third word and write it down. Suppose he sends me a message that reads, "The saying, `The time is right' is not cow language, so is now a dead subject." Because my key is every third word, I come up with "The right cow is dead." This again means nothing to me, and I am now turning in my decoder ring. Concealment ciphers include the plaintext within the ciphertext. It is up to the recipient to know which letters or symbols to exclude from the ciphertext in order to yield the plaintext. Here is an example of a concealment cipher:

  i2l32i5321k34e1245ch456oc12ol234at567e

  Remove all the numbers, and you'll have i like chocolate. How about this one?

  Larry even appears very excited. No one worries.

  The first letter from each word reveals the message leave now. Both are easy, indeed, but many people have crafted more ingenious ways of concealing the messages. By the way, this type of cipher doesn't even need ciphertext, such as

  that in the above examples.

  Consider the invisible drying ink that kids use to send secret messages. In a more extreme example, a man named Histiaeus, during 5th century B.C., shaved the head of a trusted slave, then tattooed the message onto his bald head. When

  the slave's hair grew back, Histiaeus sent the slave to the message's intended recipient, Aristagoros, who shaved the slave's head and read the message instructing him to revolt.

  The following answers are incorrect:

  A transposition cipher uses permutations.

  A substitution cipher replaces bits, characters, or blocks of characters with different bits, characters or blocks.

  Steganography refers to hiding the very existence of the message.

  Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 1).

  and also see:

  http://www.go4expert.com/forums/showthread.php?t=415

• Question 239:

  The Clipper Chip utilizes which concept in public key cryptography?

  A. Substitution
  B. Key Escrow
  C. An undefined algorithm
  D. Super strong encryption
  B. Key Escrow

  ---

  The Clipper chip is a chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission. It was announced in 1993 and by 1996 was entirely defunct.

  The heart of the concept was key escrow. In the factory, any new telephone or other device with a Clipper chip would be given a "cryptographic key", that would then be provided to the government in "escrow". If government agencies "established their authority" to listen to a communication, then the password would be given to those government agencies, who could then decrypt all data transmitted by that particular telephone.

  The CISSP Prep Guide states, "The idea is to divide the key into two parts, and to escrow two portions of the key with two separate 'trusted' organizations. Then, law enforcement officals, after obtaining a courtorder, can retreive the two pieces of the key from the organizations and decrypt the message."

  References:

  http://en.wikipedia.org/wiki/Clipper_Chip

  and

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, page 166.

• Question 240:

  Access Control techniques do not include which of the following choices?

  A. Relevant Access Controls
  B. Discretionary Access Control
  C. Mandatory Access Control
  D. Lattice Based Access Control
  A. Relevant Access Controls

  ---

  Access Control Techniques Discretionary Access Control Mandatory Access Control Lattice Based Access Control Rule-Based Access Control Role-Based Access Control Source: DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May 2002, CISSP Open Study Group Study Guide for Domain 1, Page 13.