ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 301:

  What is a limitation of TCP Wrappers?

  A. It cannot control access to running UDP services.
  B. It stops packets before they reach the application layer, thus confusing some proxy servers.
  C. The hosts. access control system requires a complicated directory tree.
  D. They are too expensive.
  A. It cannot control access to running UDP services.

  ---

  TCP Wrappers can control when a UDP server starts but has little control afterwards because UDP packets can be sent randomly.

  The following answers are incorrect:

  It stops packets before they reach the application layer, thus confusing some proxy servers. Is incorrect because the TCP Wrapper acts as an ACL restricting packets so would not confuse a proxy server because the packets would not arrive

  and would not be a limitation.

  The hosts. access control system requires a complicated directory tree. Is incorrect because a simple directory tree is involved. They are too expensive. Is incorrect because TCP Wrapper is considered open source with a BSD licensing scheme.

• Question 302:

  Which is the last line of defense in a physical security sense?

  A. people
  B. interior barriers
  C. exterior barriers
  D. perimeter barriers
  A. people

  ---

  "Ultimately, people are the last line of defense for your company's assets" (Pastore and Dulaney, 2006, p.

  529).

  Pastore, M. and Dulaney, E. (2006). CompTIA Security+ study guide: Exam SY0-101.

  Indianapolis, IN: Sybex.

• Question 303:

  What is the main difference between a Smurf and a Fraggle attack?

  A. A Smurf attack is ICMP-based and a Fraggle attack is UDP-based.
  B. A Smurf attack is UDP-based and a Fraggle attack is TCP-based.
  C. Smurf attack packets cannot be spoofed.
  D. A Smurf attack is UDP-based and a Fraggle attack is ICMP-based.
  A. A Smurf attack is ICMP-based and a Fraggle attack is UDP-based.

  ---

  Fraggle is an attack similar to Smurf, but instead of using ICMP, it uses UDP.

  Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter

  11: Application and System Development (page 790).

• Question 304:

  Risk analysis is MOST useful when applied during which phase of the system development process?

  A. Project initiation and Planning
  B. Functional Requirements definition
  C. System Design Specification
  D. Development and Implementation
  A. Project initiation and Planning

  ---

  In most projects the conditions for failure are established at the beginning of the project. Thus risk management should be established at the commencement of the project with a risk assessment during project initiation.

  As it is clearly stated in the ISC2 book: Security should be included at the first phase of development and throughout all of the phases of the system development life cycle. This is a key concept to understand for the purpose for the exam.

  The most useful time is to undertake it at project initiation, although it is often valuable to update the current risk analysis at later stages.

  Attempting to retrofit security after the SDLC is completed would cost a lot more money and might be impossible in some cases. Look at the family of browsers we use today, for the past 8 years they always claim that it is the most secure

  version that has been released and within days vulnerabilities will be found.

  Risks should be monitored throughout the SDLC of the project and reassessed when appropriate.

  The phases of the SDLC can very from one source to another one. It could be as simple as Concept, Design, and Implementation. It could also be expanded to include more phases such as this list proposed within the ISC2 Official Study

  book:

  Project Initiation and Planning

  Functional Requirements Definition

  System Design Specification

  Development and Implementation

  Documentations and Common Program Controls

  Testing and Evaluation Control, certification and accreditation (CandA)

  Transition to production (Implementation)

  And there are two phases that will extend beyond the SDLC, they are:

  Operation and Maintenance Support (OandM)

  Revisions and System Replacement (Disposal)

  Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 291).

  and

  The Official ISC2 Guide to the CISSP CBK , Second Edition, Page 182-185

• Question 305:

  Which of the following is true related to network sniffing?

  A. Sniffers allow an attacker to monitor data passing across a network.
  B. Sniffers alter the source address of a computer to disguise and exploit weak authentication methods.
  C. Sniffers take over network connections.
  D. Sniffers send IP fragments to a system that overlap with each other.
  A. Sniffers allow an attacker to monitor data passing across a network.

  ---

  The following answers are incorrect: Sniffers alter the source address of a computer to disguise and exploit weak authentication methods. IP Spoofing is a network-based attack, which involves altering the source address of a computer to disguise the attacker and exploit weak authentication methods.

  Sniffers take over network connections. Session Hijacking tools allow an attacker to take over network connections, kicking off the legitimate user or sharing a login. Sniffers send IP fragments to a system that overlap with each other. Malformed Packet attacks are a type of DoS attack that involves one or two packets that are formatted in an unexpected way. Many vendor product implementations do not take into account all variations of user entries or packet types. If software handles such errors poorly, the system may crash when it receives such packets. A classic example of this type of attack involves sending IP fragments to a system that overlap with each other (the fragment offset values are incorrectly set. Some unpatched Windows and Linux systems will crash when the encounter such packets.

  The following reference(s) were/was used to create this question:

  Source: TIPTON, Harold F. and KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, Auerbach, NY, NY 2001, Chapter 22, Hacker Tools and Techniques by Ed Skoudis.

  ISC2 OIG, 2007 p. 137-138, 419

• Question 306:

  Which of the following biometric devices has the lowest user acceptance level?

  A. Retina Scan
  B. Fingerprint scan
  C. Hand geometry
  D. Signature recognition
  A. Retina Scan

  ---

  According to the cited reference, of the given options, the Retina scan has the lowest user acceptance level as it is needed for the user to get his eye close to a device and it is not user friendly and very intrusive.

  However, retina scan is the most precise with about one error per 10 millions usage.

  Look at the 2 tables below. If necessary right click on the image and save it on your desktop for a larger view or visit the web site directly at

  https://sites.google.com/site/biometricsecuritysolutions/crossover-accuracy .

  Biometric Comparison Chart

  

  Biometric Aspect Descriptions Reference(s) used for this question: RHODES, Keith A., Chief Technologist, United States General Accounting Office, National Preparedness, Technologies to Secure Federal Buildings, April 2002 (page 10). and https://sites.google.com/site/biometricsecuritysolutions/crossover-accuracy

• Question 307:

  Which of the following encryption algorithms does not deal with discrete logarithms?

  A. El Gamal
  B. Diffie-Hellman
  C. RSA
  D. Elliptic Curve
  C. RSA

  ---

  The security of the RSA system is based on the assumption that factoring the product into two original large prime numbers is difficult

  Source:

  KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 4: Cryptography (page 159).

  Shon Harris, CISSP All-in-One Examine Guide, Third Edition, McGraw-Hill Companies, August 2005, Chapter 8: Cryptography, Page 636 - 639

• Question 308:

  Which of the following describes a logical form of separation used by secure computing systems?

  A. Processes use different levels of security for input and output devices.
  B. Processes are constrained so that each cannot access objects outside its permitted domain.
  C. Processes conceal data and computations to inhibit access by outside processes.
  D. Processes are granted access based on granularity of controlled objects.
  B. Processes are constrained so that each cannot access objects outside its permitted domain.

  ---

  Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

• Question 309:

  In the Open Systems Interconnect (OSI) Reference Model, at what level are TCP and UDP provided?

  A. Transport
  B. Network
  C. Presentation
  D. Application
  A. Transport

  ---

  The Answer: Transport. The Layer 4 Transport layer supports the TCP and UDP protocols in the OSI Reference Model. This layer creates an end-to-end transportation between peer hosts. The transmission can be connectionless and unreliable such as UDP, or connection-oriented and ensure error-free delivery such as TCP.

  The following answers are incorrect:

  Network. The Network layer moves information between hosts that are not physically connected. It deals with routing of information. IP is a protocol that is used in Network Layer. TCP and UDP do not reside at the Layer 3 Network Layer in

  the OSI Reference Model.

  Presentation. The Presentation Layer is concerned with the formatting of data into a standard presentation such as

  ASCII. TCP and UDP do not reside at the Layer 6 Presentation Layer in the OSI Reference Model. Application. The Application Layer is a service for applications and Operating Systems data transmission, for example HTTP, FTP and SMTP.

  TCP and UDP do not reside at the Layer 7 Application Layer in the OSI Reference Model.

  The following reference(s) were/was used to create this question:

  ISC2 OIG, 2007 p. 411

  Shon Harris AIO v.3 p. 424

• Question 310:

  Which type of attack consists of modifying the length and fragmentation offset fields in sequential IP packets?

  A. Teardrop attack
  B. Smurf attack
  C. SYN attack
  D. Buffer overflow attack
  A. Teardrop attack

  ---

  A teardrop attack consists of modifying the length and fragmentation offset fields in sequential IP packets so the target system becomes confused and crashes after it receives contradictory instructions on how the fragments are offset on these packets. A SYN attack is when an attacker floods a system with connection requests but does not respond when the target system replies to those requests. A smurf attack is an attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets. A buffer overflow attack occurs when a process receives much more data than expected.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 3: Telecommunications and Network Security (page 76).