ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 241:

  Which of the following statements is true about data encryption as a method of protecting data?

  A. It should sometimes be used for password files
  B. It is usually easily administered
  C. It makes few demands on system resources
  D. It requires careful key management
  D. It requires careful key management

  ---

  In cryptography, you always assume the "bad guy" has the encryption algorithm (indeed, many algorithms such as DES, Triple DES, AES, etc. are public domain). What the bad guy lacks is the key used to complete that algorithm and encrypt/decrypt information. Therefore, protection of the key, controlled distribution, scheduled key change, timely destruction, and several other factors require careful consideration. All of these factors are covered under the umbrella term of "key management".

  Another significant consideration is the case of "data encryption as a method of protecting data" as the question states. If that data is to be stored over a long period of time (such as on backup), you must ensure that your key management scheme stores old keys for as long as they will be needed to decrypt the information they encrypted.

  The other answers are not correct because:

  "It should sometimes be used for password files." - Encryption is often used to encrypt passwords stored within password files, but it is not typically effective for the password file itself. On most systems, if a user cannot access the contents of

  a password file, they cannot authenticate. Encrypting the entire file prevents that access.

  "It is usually easily administered." - Developments over the last several years have made cryptography significantly easier to manage and administer. But it remains a significant challenge. This is not a good answer.

  "It makes few demands on system resources." - Cryptography is, essentially, a large complex mathematical algorithm. In order to encrypt and decrypt information, the system must perform this algorithm hundreds, thousands, or even millions/

  billions/trillions of times. This becomes system resource intensive, making this a very bad answer.

  Reference:

  Official ISC2 Guide page: 266 (poor )

  All in One Third Edition page: 657 (excellent )

  Key Management - Page 732, All in One Fourth Edition

• Question 242:

  Access Control techniques do not include which of the following?

  A. Rule-Based Access Controls
  B. Role-Based Access Control
  C. Mandatory Access Control
  D. Random Number Based Access Control
  D. Random Number Based Access Control

  ---

  Access Control Techniques Discretionary Access Control Mandatory Access Control Lattice Based Access Control Rule-Based Access Control Role-Based Access Control

  Source: DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May 2002, CISSP Open Study Group Study Guide for Domain 1, Page 13.

• Question 243:

  Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing?

  A. Preventive/Administrative Pairing
  B. Preventive/Technical Pairing
  C. Preventive/Physical Pairing
  D. Detective/Technical Pairing
  B. Preventive/Technical Pairing

  ---

  Preventive/Technical controls are also known as logical controls and can be built into the operating system, be software applications, or can be supplemental hardware/software units. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 34.

• Question 244:

  In the context of network enumeration by an outside attacker and possible Distributed Denial of Service (DDoS) attacks, which of the following firewall rules is not appropriate to protect an organization's internal network?

  A. Allow echo reply outbound
  B. Allow echo request outbound
  C. Drop echo request inbound
  D. Allow echo reply inbound
  A. Allow echo reply outbound

  ---

  Echo replies outbound should be dropped, not allowed. There is no reason for any internet users to send ICMP ECHO Request to your interal hosts from the internet. If they wish to find out if a service is available, they can use a browser to

  connect to your web server or simply send an email if they wish to test your mail service.

  Echo replies outbound could be used as part of the SMURF amplification attack where someone will send ICMP echo requests to gateways broadcast addresses in order to amplify the request by X number of users sitting behind the gateway.

  By allowing inbound echo requests and outbound echo replies, it makes it easier for attackers to learn about the internal network as well by performing a simply ping sweep. ICMP can also be used to find out which host has been up and

  running the longest which would indicates which patches are missing on the host if a critical patch required a reboot. ICMP can also be use for DDoS attacks, so you should strictly limit what type of ICMP traffic would be allowed to flow

  through your firewall. On top of all this, tools such as LOKI could be use as a client-server application to transfer files back and forward between the internat and some of your internal hosts. LOKI is a client/server program published in the

  online publication Phrack . This program is a working proof-of-concept to demonstrate that data can be transmitted somewhat secretly across a network by hiding it in traffic that normally does not contain payloads. The example code can

  tunnel the equivalent of a Unix RCMD/RSH session in either ICMP echo request (ping) packets or UDP traffic to the DNS port. This is used as a back door into a Unix system after root access has been compromised. Presence of LOKI on a

  system is evidence that the system has been compromised in the past. The outbound echo request and inbound echo reply allow internal users to verify connectivity with external hosts.

  The following answers are incorrect:

  Allow echo request outbound The outbound echo request and inbound echo reply allow internal users to verify connectivity with external hosts.

  Drop echo request inbound There is no need for anyone on the internet to attempt pinging your internal hosts.

  Allow echo reply inbound The outbound echo request and inbound echo reply allow internal users to verify connectivity with external hosts.

  Reference(s) used for this question:

  http://www.phrack.org/issues.html?issue=49andid=6

  STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 10: The Perfect Firewall.

• Question 245:

  A business continuity plan is an example of which of the following?

  A. Corrective control
  B. Detective control
  C. Preventive control
  D. Compensating control
  A. Corrective control

  ---

  Business Continuity Plans are designed to minimize the damage done by the event, and facilitate rapid restoration of the organization to its full operational capacity. They are for use "after the fact", thus are examples of corrective controls.

  Reference(s) used for this question:

  KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 8: Business Continuity Planning and Disaster Recovery Planning (page 273).

  and

  Conrad, Eric; Misenar, Seth; Feldman, Joshua (2012-09-01). CISSP Study Guide (Kindle Location 8069). Elsevier Science (reference). Kindle Edition.

• Question 246:

  What is called an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics?

  A. Biometrics
  B. Micrometrics
  C. Macrometrics
  D. MicroBiometrics
  A. Biometrics

  ---

  The Answer: Biometrics; Biometrics are defined as an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Pages 37,38.

• Question 247:

  The control of communications test equipment should be clearly addressed by security policy for which of the following reasons?

  A. Test equipment is easily damaged.
  B. Test equipment can be used to browse information passing on a network.
  C. Test equipment is difficult to replace if lost or stolen.
  D. Test equipment must always be available for the maintenance personnel.
  B. Test equipment can be used to browse information passing on a network.

  ---

  Test equipment must be secured. There are equipment and other tools that if in the wrong hands could be used to "sniff" network traffic and also be used to commit fraud. The storage and use of this equipment should be detailed in the

  security policy for this reason.

  The following answers are incorrect:

  Test equipment is easily damaged. Is incorrect because it is not the best answer, and from a security point of view not relevent.

  Test equipment is difficult to replace if lost or stolen. Is incorrect because it is not the best answer, and from a security point of view not relevent.

  Test equipment must always be available for the maintenance personnel. Is incorrect because it is not the best answer, and from a security point of view not relevent.

  References:

  OIG CBK Operations Security (pages 642 - 643)

• Question 248:

  Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP control functions provided?

  A. Data Link
  B. Transport
  C. Presentation
  D. Application
  A. Data Link

  ---

  RFC 1661 - The Point-to-Point Protocol (PPP) specifies that the Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links.

  PPP is comprised of three main components:

  1 A method for encapsulating multi-protocol datagrams.

  2 A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection. 3 A family of Network Control Protocols (NCPs) for establishing and configuring different network-layer protocols.

• Question 249:

  Which of the following statements do not apply to a hot site?

  A. It is expensive.
  B. There are cases of common overselling of processing capabilities by the service provider.
  C. It provides a false sense of security.
  D. It is accessible on a first come first serve basis. In case of large disaster it might not be accessible.
  C. It provides a false sense of security.

  ---

  Remember this is a NOT question. Hot sites do not provide a false sense of security since they are the best disaster recovery alternate for backup site that you rent.

  A Cold, Warm, and Hot site is always a rental place in the context of the CBK. This is definivily the best choices out of the rental options that exists. It is fully configured and can be activated in a very short period of time.

  Cold and Warm sites, not hot sites, provide a false sense of security because you can never fully test your plan.

  In reality, using a cold site will most likely make effective recovery impossible or could lead to business closure if it takes more than two weeks for recovery.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 8: Business Continuity Planning and Disaster Recovery Planning (page 284).

• Question 250:

  Which of the following is unlike the other three choices presented?

  A. El Gamal
  B. Teardrop
  C. Buffer Overflow
  D. Smurf
  A. El Gamal

  ---

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 76, 157.