ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 561:

  The end result of implementing the principle of least privilege means which of the following?

  A. Users would get access to only the info for which they have a need to know
  B. Users can access all systems.
  C. Users get new privileges added when they change positions.
  D. Authorization creep.
  A. Users would get access to only the info for which they have a need to know

  ---

  The principle of least privilege refers to allowing users to have only the access they need and not anything more. Thus, certain users may have no need to access any of the files on specific systems.

  The following answers are incorrect:

  Users can access all systems. Although the principle of least privilege limits what access and systems users have authorization to, not all users would have a need to know to access all of the systems. The best answer is still Users would get

  access to only the info for which they have a need to know as some of the users may not have a need to access a system.

  Users get new privileges when they change positions. Although true that a user may indeed require new privileges, this is not a given fact and in actuality a user may require less privileges for a new position. The principle of least privilege

  would require that the rights required for the position be closely evaluated and where possible rights revoked.

  Authorization creep. Authorization creep occurs when users are given additional rights with new positions and responsibilities. The principle of least privilege should actually prevent authorization creep.

  The following reference(s) were/was used to create this question:

  ISC2 OIG 2007 p.101,123

  Shon Harris AIO v3 p148, 902-903

• Question 562:

  What is the most secure way to dispose of information on a CD-ROM?

  A. Sanitizing
  B. Physical damage
  C. Degaussing
  D. Physical destruction
  D. Physical destruction

  ---

  First you have to realize that the question is specifically talking about a CDROM. The information stored on a CDROM is not in electro magnetic format, so a degausser woud be inneffective.

  You cannot sanitize a CDROM but you might be able to sanitize a RW/CDROM. A CDROM is a write once device and cannot be overwritten like a hard disk or other magnetic device.

  Physical Damage would not be enough as information could still be extracted in a lab from the undamaged portion of the media or even from the pieces after the physical damage has been done.

  Physical Destruction using a shredder, your microwave oven, melting it, would be very effective and the best choice for a non magnetic media such as a CDROM.

  Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

• Question 563:

  Step-by-step instructions used to satisfy control requirements is called a:

  A. policy
  B. standard
  C. guideline
  D. procedure
  D. procedure

  ---

  Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

• Question 564:

  Making sure that only those who are supposed to access the data can access is which of the following?

  A. confidentiality.
  B. capability.
  C. integrity.
  D. availability.
  A. confidentiality.

  ---

  From the published (ISC)2 goals for the Certified Information Systems Security Professional candidate, domain definition. Confidentiality is making sure that only those who are supposed to access the data can access it. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 59.

• Question 565:

  Packet Filtering Firewalls can also enable access for:

  A. only authorized application port or service numbers.
  B. only unauthorized application port or service numbers.
  C. only authorized application port or ex-service numbers.
  D. only authorized application port or service integers.
  A. only authorized application port or service numbers.

  ---

  Firewall rules can be used to enable access for traffic to specific ports or services. "Service numbers" is rather stilted English but you may encounter these types of wordings on the actual exam -- don't let them confuse you.

  "Only unauthorized application port or service numbers" is incorrect. Unauthorized ports/services would be blocked in a properly installed firewall rather than permitting access.

  "Only authorized application port or ex-service numbers" is incorrect. "Ex-service" numbers is a nonsense term meant to distract you.

  "Only authorized application port or service integers." While service numbers are in fact integers, the more usual (and therefore better) answer is either service or "service number."

  References

  CBK, p. 464

  AIO3, pp. 482 484

• Question 566:

  Which of the following is a symmetric encryption algorithm?

  A. RSA
  B. Elliptic Curve
  C. RC5
  D. El Gamal
  C. RC5

  ---

  RC5 is a symmetric encryption algorithm. It is a block cipher of variable block length, encrypts through integer addition, the application of a bitwise Exclusive OR (XOR), and variable rotations. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 4: Cryptography (page 153).

• Question 567:

  Which of the following is true about link encryption?

  A. Each entity has a common key with the destination node.
  B. Encrypted messages are only decrypted by the final node.
  C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised.
  D. Only secure nodes are used in this type of transmission.
  C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised.

  ---

  In link encryption, each entity has keys in common with its two neighboring nodes in the transmission chain.

  Thus, a node receives the encrypted message from its predecessor, decrypts it, and then re- encrypts it with a new key, common to the successor node. Obviously, this mode does not provide protection if anyone of the nodes along the

  transmission path is compromised.

  Encryption can be performed at different communication levels, each with different types of protection and implications. Two general modes of encryption implementation are link encryption and end-to-end encryption.

  Link encryption encrypts all the data along a specific communication path, as in a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data that are part of the

  packets are also encrypted. The only traffic not encrypted in this technology is the data link control messaging information, which includes instructions and parameters that the different link devices use to synchronize communication methods.

  Link encryption provides protection against packet sniffers and eavesdroppers.

  In end-to-end encryption, the headers, addresses, routing, and trailer information are not encrypted, enabling attackers to learn more about a captured packet and where it is headed.

  Reference(s) used for this question:

  Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (pp. 845-846). McGraw- Hill.

  And:

  KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 4: Cryptography (page 132).

• Question 568:

  How often should tests and disaster recovery drills be performed?

  A. At least once a quarter
  B. At least once every 6 months
  C. At least once a year
  D. At least once every 2 years
  C. At least once a year

  ---

  Tests and disaster recovery drills should be performed at least once a year. The company should have no confidence in an untested plan. Since systems and processes can change, frequent testing will aid in ensuring a plan will succeed. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter

  9: Disaster Recovery and Business continuity (page 621).

• Question 569:

  Which of the following is considered the weakest link in a security system?

  A. People
  B. Software
  C. Communications
  D. Hardware
  A. People

  ---

  The Answer: People. The other choices can be strengthened and counted on (For the most part) to remain consistent if properly protected. People are fallible and unpredictable. Most security intrusions are caused by employees. People get tired, careless, and greedy. They are not always reliable and may falter in following defined guidelines and best practices. Security professionals must install adequate prevention and detection controls and properly train all systems users Proper hiring and firing practices can eliminate certain risks. Security Awareness training is key to ensuring people are aware of risks and their responsibilities.

  The following answers are incorrect:Software. Although software exploits are major threat and cause for concern, people are the weakest point in a security posture. Software can be removed, upgraded or patched to reduce risk.

  Communications. Although many attacks from inside and outside an organization use communication methods such as the network infrastructure, this is not the weakest point in a security posture. Communications can be monitored, devices installed or upgraded to reduce risk and react to attack attempts. Hardware. Hardware components can be a weakness in a security posture, but they are not the weakest link of the choices provided. Access to hardware can be minimized by such measures as installing locks and monitoring access in and

  out of certain areas.

  The following reference(s) were/was used to create this question:

  Shon Harris AIO v.3 P.19, 107-109

  ISC2 OIG 2007, p.51-55

• Question 570:

  Which of the following would best describe secondary evidence?

  A. Oral testimony by a non-expert witness
  B. Oral testimony by an expert witness
  C. A copy of a piece of evidence
  D. Evidence that proves a specific act
  C. A copy of a piece of evidence

  ---

  Secondary evidence is defined as a copy of evidence or oral description of its contents. It is considered not as reliable as best evidence. Evidence that proves or disproves a specific act through oral testimony based on information gathered through he witness's five senses is considered direct evidence. The fact that testimony is given by an expert only affects the witness's ability to offer an opinion instead of only testifying of the facts.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 9: Law, Investigation, and Ethics (page 310).