ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 531:

  Which of the following does not apply to system-generated passwords?

  A. Passwords are harder to remember for users.
  B. If the password-generating algorithm gets to be known, the entire system is in jeopardy.
  C. Passwords are more vulnerable to brute force and dictionary attacks.
  D. Passwords are harder to guess for attackers.
  C. Passwords are more vulnerable to brute force and dictionary attacks.

  ---

  Users tend to choose easier to remember passwords. System-generated passwords can provide stronger, harder to guess passwords. Since they are based on rules provided by the administrator, they can include combinations of uppercase/ lowercase letters, numbers and special characters, making them less vulnerable to brute force and dictionary attacks. One danger is that they are also harder to remember for users, who will tend to write them down, making them more vulnerable to anyone having access to the user's desk. Another danger with system-generated passwords is that if the password-generating algorithm gets to be known, the entire system is in jeopardy.

  Source: RUSSEL, Deborah and GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, July 1992 (page 64).

• Question 532:

  The IP header contains a protocol field. If this field contains the value of 2, what type of data is contained within the IP datagram?

  A. TCP.
  B. ICMP.
  C. UDP.
  D. IGMP.
  D. IGMP.

  ---

  If the protocol field has a value of 2 then it would indicate it was IGMP.

  The following answers are incorrect:

  TCP. Is incorrect because the value for a TCP protocol would be 6. UDP. Is incorrect because the value for an UDP protocol would be 17.

  ICMP. Is incorrect because the value for an ICMP protocol would be 1.

• Question 533:

  What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity?

  A. Polyinstantiation
  B. Inference
  C. Aggregation
  D. Data mining
  C. Aggregation

  ---

  Aggregation is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity.

  The incorrect answers are:

  Polyinstantiation is the development of a detailed version of an object from another object using different values in the new object.

  Inference is the ability of users to infer or deduce information about data at sensitivity levels for which they do not have access privilege.

  Data mining refers to searching through a data warehouse for data correlations.

  Sources:

  KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 7: Applications and Systems Development (page 261).

  KRUTZ, Ronald and VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Database Security Issues (page 358).

• Question 534:

  Which of the following backup methods makes a complete backup of every file on the server every time it is run?

  A. full backup method.
  B. incremental backup method.
  C. differential backup method.
  D. tape backup method.
  A. full backup method.

  ---

  The Full Backup Method makes a complete backup of every file on the server every time it is run.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 69.

• Question 535:

  What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)?

  A. It can be very invasive to the host operating system
  B. Monitors all processes and activities on the host system only
  C. Virtually eliminates limits associated with encryption
  D. They have an increased level of visibility and control compared to NIDS
  A. It can be very invasive to the host operating system

  ---

  The biggest drawback of HIDS, and the reason many organizations resist its use, is that it can be very invasive to the host operating system. HIDS must have the capability to monitor all processes and activities on the host system and this

  can sometimes interfere with normal system processing.

  HIDS versus NIDS

  A host-based IDS (HIDS) can be installed on individual workstations and/ or servers to watch for inappropriate or anomalous activity. HIDSs are usually used to make sure users do not delete system files, reconfigure important settings, or put

  the system at risk in any other way.

  So, whereas the NIDS understands and monitors the network traffic, a HIDS's universe is limited to the computer itself. A HIDS does not understand or review network traffic, and a NIDS does not "look in" and monitor a system's activity. Each

  has its own job and stays out of the other's way.

  The ISC2 official study book defines an IDS as:

  An intrusion detection system (IDS) is a technology that alerts organizations to adverse or unwanted activity. An IDS can be implemented as part of a network device, such as a router, switch, or firewall, or it can be a dedicated IDS device

  monitoring traffic as it traverses the network. When used in this way, it is referred to as a network IDS, or NIDS. IDS can also be used on individual host systems to monitor and report on file, disk, and process activity on that host. When used

  in this way it is referred to as a host- based IDS, or HIDS.

  An IDS is informative by nature and provides real-time information when suspicious activities are identified. It is primarily a detective device and, acting in this traditional role, is not used to directly prevent the suspected attack.

  What about IPS?

  In contrast, an intrusion prevention system (IPS), is a technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity. An IPS permits a predetermined set of functions and

  actions to occur on a network or system; anything that is not permitted is considered unwanted activity and blocked. IPS is engineered specifically to respond in real time to an event at the system or network layer. By proactively enforcing

  policy, IPS can thwart not only attackers, but also authorized users attempting to perform an action that is not within policy. Fundamentally, IPS is considered an access control and policy enforcement technology, whereas IDS is considered

  network monitoring and audit technology.

  The following answers were incorrect:

  All of the other answer were advantages and not drawback of using HIDS

  TIP FOR THE EXAM:

  Be familiar with the differences that exists between an HIDS, NIDS, and IPS. Know that IDS's are mostly detective but IPS are preventive. IPS's are considered an access control and policy enforcement technology, whereas IDS's are

  considered network monitoring and audit technology.

  Reference(s) used for this question:

  Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 5817- 5822).

  McGraw-Hill. Kindle Edition.

  and

  Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :

  Access Control ((ISC)2 Press), Domain1, Page 180-188 or on the kindle version look for Kindle Locations 3199-3203. Auerbach Publications.

• Question 536:

  Another type of access control is lattice-based access control. In this type of control a lattice model is applied. How is this type of access control concept applied?

  A. The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the upper bound of the object being accessed.
  B. The pair of elements is the subject and object, and the subject has an upper bound lower then the upper bound of the object being accessed.
  C. The pair of elements is the subject and object, and the subject has no special upper or lower bound needed within the lattice.
  D. The pair of elements is the subject and object, and the subject has no access rights in relation to an object.
  A. The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the upper bound of the object being accessed.

  ---

  To apply this concept to access control, the pair of elements is the subject and object, and the subject has to have an upper bound equal or higher than the object being accessed.

  WIKIPEDIA has a great as well:

  In computer security, lattice-based access control (LBAC) is a complex access control based on the interaction between any combination of objects (such as resources, computers, and applications) and subjects (such as individuals, groups

  or organizations).

  In this type of label-based mandatory access control model, a lattice is used to define the levels of security that an object may have and that a subject may have access to. The subject is only allowed to access an object if the security level of

  the subject is greater than or equal to that of the object.

  Reference(s) used for this question:

  KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 34.

  and

  http://en.wikipedia.org/wiki/Lattice-based_access_control

• Question 537:

  Which of the following is less likely to accompany a contingency plan, either within the plan itself or in the form of an appendix?

  A. Contact information for all personnel.
  B. Vendor contact information, including offsite storage and alternate site.
  C. Equipment and system requirements lists of the hardware, software, firmware and other resources required to support system operations.
  D. The Business Impact Analysis.
  A. Contact information for all personnel.

  ---

  Why is this the correct answer? Simply because it is WRONG, you would have contact information for your emergency personnel within the plan but NOT for ALL of your personnel. Be careful of words such as ALL.

  According to NIST's Special publication 800-34, contingency plan appendices provide key details not contained in the main body of the plan. The appendices should reflect the specific technical, operational, and management contingency requirements of the given system. Contact information for recovery team personnel (not all personnel) and for vendor should be included, as well as detailed system requirements to allow for supporting of system operations. The Business Impact Analysis (BIA) should also be included as an appendix for reference should the plan be activated.

  Reference(s) used for this question:

  SWANSON, Marianne, and al., National Institute of Standards and Technology (NIST), NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems

• Question 538:

  PGP uses which of the following to encrypt data?

  A. An asymmetric encryption algorithm
  B. A symmetric encryption algorithm
  C. A symmetric key distribution system
  D. An X.509 digital certificate
  B. A symmetric encryption algorithm

  ---

  Notice that the question specifically asks what PGP uses to encrypt For this, PGP uses an symmetric key algorithm. PGP then uses an asymmetric key algorithm to encrypt the session key and then send it securely to the receiver. It is an

  hybrid system where both types of ciphers are being used for different purposes.

  Whenever a question talks about the bulk of the data to be sent, Symmetric is always best to choice to use because of the inherent speed within Symmetric Ciphers. Asymmetric ciphers are 100 to 1000 times slower than Symmetric Ciphers.

  The other answers are not correct because:

  "An asymmetric encryption algorithm" is incorrect because PGP uses a symmetric algorithm to encrypt data.

  "A symmetric key distribution system" is incorrect because PGP uses an asymmetric algorithm for the distribution of the session keys used for the bulk of the data.

  "An X.509 digital certificate" is incorrect because PGP does not use X.509 digital certificates to encrypt the data, it uses a session key to encrypt the data.

  References:

  Official ISC2 Guide page: 275

  All in One Third Edition page: 664 - 665

• Question 539:

  A timely review of system access audit records would be an example of which of the basic security functions?

  A. avoidance
  B. deterrence
  C. prevention
  D. detection
  D. detection

  ---

  By reviewing system logs you can detect events that have occured.

  The following answers are incorrect:

  avoidance. This is incorrect, avoidance is a distractor. By reviewing system logs you have not avoided anything.

  deterrence. This is incorrect because system logs are a history of past events. You cannot deter something that has already occurred.

  prevention. This is incorrect because system logs are a history of past events. You cannot prevent something that has already occurred.

• Question 540:

  What is called a password that is the same for each log-on session?

  A. "one-time password"
  B. "two-time password"
  C. static password
  D. dynamic password
  C. static password

  ---

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 36.