ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 271:

  Which of the following are the two MOST common implementations of Intrusion Detection Systems?

  A. Server-based and Host-based.
  B. Network-based and Guest-based.
  C. Network-based and Client-based.
  D. Network-based and Host-based.
  D. Network-based and Host-based.

  ---

  The two most common implementations of Intrusion Detection are Network-based and Host- based.

  IDS can be implemented as a network device, such as a router, switch, firewall, or dedicated device monitoring traffic, typically referred to as network IDS (NIDS).

  The" (IDS) "technology can also be incorporated into a host system (HIDS) to monitor a single system for undesirable activities. "

  A network intrusion detection system (NIDS) is a network device .... that monitors traffic traversing the network segment for which it is integrated." Remember that NIDS are usually passive in nature.

  HIDS is the implementation of IDS capabilities at the host level. Its most significant difference from NIDS is that related processes are limited to the boundaries of a single-host system. However, this presents advantages in effectively

  detecting objectionable activities because the IDS process is running directly on the host system, not just observing it from the network.

  Reference(s) used for this question:

  Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 3649-3652). Auerbach Publications. Kindle Edition.

• Question 272:

  Which type of attack involves the alteration of a packet at the IP level to convince a system that it is communicating with a known entity in order to gain access to a system?

  A. TCP sequence number attack
  B. IP spoofing attack
  C. Piggybacking attack
  D. Teardrop attack
  B. IP spoofing attack

  ---

  An IP spoofing attack is used to convince a system that it is communication with a known entity that gives an intruder access. It involves modifying the source address of a packet for a trusted source's address. A TCP sequence number attack involves hijacking a session between a host and a target by predicting the target's choice of an initial TCP sequence number. Piggybacking refers to an attacker gaining unauthorized access to a system by using a legitimate user's connection. A teardrop attack consists of modifying the length and fragmentation offset fields in sequential IP packets so the target system becomes confused and crashes after it receives contradictory instructions on how the fragments are offset on these packets.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 3: Telecommunications and Network Security (page 77).

• Question 273:

  What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system?

  A. False Rejection Rate (FRR) or Type I Error
  B. False Acceptance Rate (FAR) or Type II Error
  C. Crossover Error Rate (CER)
  D. True Rejection Rate (TRR) or Type III Error
  A. False Rejection Rate (FRR) or Type I Error

  ---

  The percentage of valid subjects that are falsely rejected is called the False Rejection Rate (FRR) or Type I Error.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 38.

• Question 274:

  Which of the following teams should NOT be included in an organization's contingency plan?

  A. Damage assessment team
  B. Hardware salvage team
  C. Tiger team
  D. Legal affairs team
  C. Tiger team

  ---

  According to NIST's Special publication 800-34, a capable recovery strategy will require some or all of the following functional groups: Senior management official, management team, damage assessment team, operating system administration team, systems software team, server recovery team, LAN/WAN recovery team, database recovery team, network operations recovery team, telecommunications team, hardware salvage team, alternate site recovery coordination team, original site restoration/salvage coordination team, test team, administrative support team, transportation and relocation team, media relations team, legal affairs team, physical/personal security team, procurements team. Ideally, these teams would be staffed with the personnel responsible for the same or similar operation under normal conditions. A tiger team, originally a U.S. military jargon term, defines a team (of sneakers) whose purpose is to penetrate security, and thus test security measures. Used today for teams performing ethical hacking.

  Source: SWANSON, Marianne, and al., National Institute of Standards and Technology (NIST), NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems, December 2001 (page 23).

• Question 275:

  The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization?

  A. project initiation and planning phase
  B. system design specifications phase
  C. development and documentation phase
  D. in parallel with every phase throughout the project
  D. in parallel with every phase throughout the project

  ---

  The other answers are not correct because:

  You are always looking for the "best" answer. While each of the answers listed here could be considered correct in that each of them require input from the security staff, the best answer is for that input to happen at all phases of the project.

  Reference:

  Official ISC2 Guide page: 556

  All in One Third Edition page: 832 - 833

• Question 276:

  In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on :

  A. sex of a person
  B. physical attributes of a person
  C. age of a person
  D. voice of a person
  B. physical attributes of a person

  ---

  Today implementation of fast, accurate reliable and user-acceptable biometric identification systems is already under way. From: TIPTON, Harold F. and KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, Page 7.

• Question 277:

  Which of the following results in the most devastating business interruptions?

  A. Loss of Hardware/Software
  B. Loss of Data
  C. Loss of Communication Links
  D. Loss of Applications
  B. Loss of Data

  ---

  Source: Veritas eLearning CD - Introducing Disaster Recovery Planning, Chapter 1.

  All of the others can be replaced or repaired. Data that is lost and was not backed up, cannot be restored.

• Question 278:

  Which of the following are additional terms used to describe knowledge-based IDS and behavior-based IDS?

  A. signature-based IDS and statistical anomaly-based IDS, respectively
  B. signature-based IDS and dynamic anomaly-based IDS, respectively
  C. anomaly-based IDS and statistical-based IDS, respectively
  D. signature-based IDS and motion anomaly-based IDS, respectively.
  A. signature-based IDS and statistical anomaly-based IDS, respectively

  ---

  The two current conceptual approaches to Intrusion Detection methodology are knowledge-based ID systems and behavior-based ID systems, sometimes referred to as signature-based ID and statistical anomaly-based ID, respectively. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 63.

• Question 279:

  Java is not:

  A. Object-oriented.
  B. Distributed.
  C. Architecture Specific.
  D. Multithreaded.
  C. Architecture Specific.

  ---

  JAVA was developed so that the same program could be executed on multiple hardware and operating system platforms, it is not Architecture Specific.

  The following answers are incorrect:

  Object-oriented. Is not correct because JAVA is object-oriented. It should use the object-oriented programming methodology.

  Distributed. Is incorrect because JAVA was developed to be able to be distrubuted, run on multiple computer systems over a network.

  Multithreaded. Is incorrect because JAVA is multi-threaded that is calls to subroutines as is the case with object-oriented programming.

  A virus is a program that can replicate itself on a system but not necessarily spread itself by network connections.

• Question 280:

  There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following?

  A. public keys
  B. private keys
  C. public-key certificates
  D. private-key certificates
  C. public-key certificates

  ---

  A Kerberos ticket is issued by a trusted third party. It is an encrypted data structure that includes the service encryption key. In that sense it is similar to a public-key certificate. However, the ticket is not the key.

  The following answers are incorrect:

  public keys. Kerberos tickets are not shared out publicly, so they are not like a PKI public key. private keys. Although a Kerberos ticket is not shared publicly, it is not a private key. Private keys are associated with Asymmetric crypto system

  which is not used by Kerberos. Kerberos uses only the Symmetric crypto system.

  private key certificates. This is a detractor. There is no such thing as a private key certificate.