ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 581:

  Which of the following is BEST defined as a physical control?

  A. Monitoring of system activity
  B. Fencing
  C. Identification and authentication methods
  D. Logical access control mechanisms
  B. Fencing

  ---

  Physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting.

  The following answers are incorrect answers:

  Monitoring of system activity is considered to be administrative control.

  Identification and authentication methods are considered to be a technical control.

  Logical access control mechanisms is also considered to be a technical control.

  Reference(s) used for this question:

  Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 1280- 1282).

  McGraw-Hill. Kindle Edition.

• Question 582:

  What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account?

  A. Data fiddling
  B. Data diddling
  C. Salami techniques
  D. Trojan horses
  C. Salami techniques

  ---

  Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 644.

• Question 583:

  What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)?

  A. It is too complex to manage user access restrictions under TFTP
  B. Due to the inherent security risks
  C. It does not offer high level encryption like FTP
  D. It cannot support the Lightwight Directory Access Protocol (LDAP)
  B. Due to the inherent security risks

  ---

  Some sites choose not to implement Trivial File Transfer Protocol (TFTP) due to the inherent security risks. TFTP is a UDP-based file transfer program that provides no security. There is no user authentication. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 88.

• Question 584:

  The MOST common threat that impacts a business's ability to function normally is:

  A. Power Outage
  B. Water Damage
  C. Severe Weather
  D. Labor Strike
  A. Power Outage

  ---

  The MOST common threat that impacts a business's ability to function normally is power. Power interruption cause more business interruption than any other type of event.

  The second most common threat is Water such as flood, water damage from broken pipe, leaky roof, etc...

  Threats will be discovered while doing your Threats and Risk Assessments (TRA). There are three elements of risks: threats, assets, and mitigating factors (countermeasures, safeguards, controls).

  A threat is an event or situation that if it occured would affect your business and may even prevent it from functioning normally or in some case functioning at all. Evaluation of threats is done by looking at Likelihood and Impact of possible

  threat. Safeguards, countermeasures, and controls would be used to bring the threat level down to an acceptable level.

  Other common events that can impact a company are:

  Weather, cable cuts, fires, labor disputes, transportation mishaps, hardware failure, chemical spills, sabotage.

  References:

  The Official ISC2 Guide to the CISSP CBK, Second Edition, Page 275-276

• Question 585:

  Which of the following services relies on UDP?

  A. FTP
  B. Telnet
  C. DNS
  D. SMTP
  C. DNS

  ---

  DNS relies on connectionless UDP whereas services like FTP, Telnet and SMTP rely on TCP. Source: ROTHKE, Ben, CISSP CBK Review presentation on domain 2, August 1999.

• Question 586:

  Which of the following statements pertaining to protection rings is false?

  A. They provide strict boundaries and definitions on what the processes that work within each ring can access.
  B. Programs operating in inner rings are usually referred to as existing in a privileged mode.
  C. They support the CIA triad requirements of multitasking operating systems.
  D. They provide users with a direct access to peripherals
  D. They provide users with a direct access to peripherals

  ---

  In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (fault tolerance) and malicious behaviour (computer security). This approach is diametrically opposite to that of capability- based security.

  Computer operating systems provide different levels of access to resources. A protection ring is one of two or more hierarchical levels or layers of privilege within the architecture of a computer system. This is generally hardware-enforced by some CPU architectures that provide different CPU modes at the hardware or microcode level.

  Rings are arranged in a hierarchy from most privileged (most trusted, usually numbered zero) to least privileged (least trusted, usually with the highest ring number). On most operating systems, Ring 0 is the level with the most privileges and

  interacts most directly with the physical hardware such as the CPU and memory.

  Special gates between rings are provided to allow an outer ring to access an inner ring's resources in a predefined manner, as opposed to allowing arbitrary usage. Correctly gating access between rings can improve security by preventing programs from one ring or privilege level from misusing resources intended for programs in another. For example, spyware running as a user program in Ring 3 should be prevented from turning on a web camera without informing the user, since hardware access should be a Ring 1 function reserved for device drivers. Programs such as web browsers running in higher numbered rings must request access to the network, a resource restricted to a lower numbered ring.

  "They provide strict boundaries and definitions on what the processes that work within each ring can access" is incorrect. This is in fact one of the characteristics of a ring protection system.

  "Programs operating in inner rings are usually referred to as existing in a privileged mode" is incorrect. This is in fact one of the characteristics of a ring protection system.

  "They support the CIA triad requirements of multitasking operating systems" is incorrect. This is in fact one of the characteristics of a ring protection system.

  Reference(s) used for this question:

  CBK, pp. 310-311

  AIO3, pp. 253-256

  AIOv4 Security Architecture and Design (pages 308 - 310)

  AIOv5 Security Architecture and Design (pages 309 - 312)

• Question 587:

  Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?

  A. The Take-Grant model
  B. The Biba integrity model
  C. The Clark Wilson integrity model
  D. The Bell-LaPadula integrity model
  C. The Clark Wilson integrity model

  ---

  The Clark Wilson integrity model addresses the three following integrity goals: 1) data is protected from modification by unauthorized users; 2) data is protected from unauthorized modification by authorized users; and 3) data is internally and externally consistent. It also defines a Constrained Data Item (CDI), an Integrity Verification Procedure (IVP), a Transformation Procedure (TP) and an Unconstrained Data item. The Bell-LaPadula and Take- Grant models are not integrity models.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 5: Security Architecture and Models (page 205).

• Question 588:

  Which of the following statements pertaining to packet switching is incorrect?

  A. Most data sent today uses digital signals over network employing packet switching.
  B. Messages are divided into packets.
  C. All packets from a message travel through the same route.
  D. Each network node or point examines each packet for routing.
  C. All packets from a message travel through the same route.

  ---

  When using packet switching, messages are broken down into packets. Source and destination address are added to each packet so that when passing through a network node, they can be examined and eventually rerouted through different paths as conditions change. All message packets may travel different paths and not arrive in the same order as sent. Packets need to be collected and reassembled into the original message at destination.

  Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

• Question 589:

  What is it called when a computer uses more than one CPU in parallel to execute instructions?

  A. Multiprocessing
  B. Multitasking
  C. Multithreading
  D. Parallel running
  A. Multiprocessing

  ---

  A system with multiple processors is called a multiprocessing system.

  Multitasking is incorrect. Multitasking involves sharing the processor amoung all ready processes. Though it appears to the user that multiple processes are executing at the same time, only one process is running at any point in time.

  Multithreading is incorrect. The developer can structure a program as a collection of independent threads to achieve better concurrency. For example, one thread of a program might be performing a calculation while another is waiting for

  additional input from the user. "Parallel running" is incorrect. This is not a real term and is just a distraction.

  References:

  CBK, pp. 315-316

  AIO3, pp. 234 - 239

• Question 590:

  Which of the following statements pertaining to link encryption is false?

  A. It encrypts all the data along a specific communication path.
  B. It provides protection against packet sniffers and eavesdroppers.
  C. Information stays encrypted from one end of its journey to the other.
  D. User information, header, trailers, addresses and routing data that are part of the packets are encrypted.
  C. Information stays encrypted from one end of its journey to the other.

  ---

  When using link encryption, packets have to be decrypted at each hop and encrypted again. Information staying encrypted from one end of its journey to the other is a characteristic of endto- end encryption, not link encryption.

  Link Encryption vs. End-to-End Encryption

  Link encryption encrypts the entire packet, including headers and trailers, and has to be decrypted at each hop.

  End-to-end encryption does not encrypt the IP Protocol headers, and therefore does not need to be decrypted at each hop.

  Reference: All in one, Page 735 and Glossary

  and

  Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 6).