ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 621:

  The Diffie-Hellman algorithm is used for:

  A. Encryption
  B. Digital signature
  C. Key agreement
  D. Non-repudiation
  C. Key agreement

  ---

  The Diffie-Hellman algorithm is used for Key agreement (key distribution) and cannot be used to encrypt and decrypt messages.

  Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 4).

  Note: key agreement, is different from key exchange, the functionality used by the other asymmetric algorithms.

  References:

  AIO, third edition Cryptography (Page 632)

  AIO, fourth edition Cryptography (Page 709)

• Question 622:

  Which of the following security modes of operation involves the highest risk?

  A. Compartmented Security Mode
  B. Multilevel Security Mode
  C. System-High Security Mode
  D. Dedicated Security Mode
  B. Multilevel Security Mode

  ---

  In multilevel mode, two or more classification levels of data exist, some people are not cleared for all the data on the system.

  Risk is higher because sensitive data could be made available to someone not validated as being capable of maintaining secrecy of that data (i.e., not cleared for it).

  In other security modes, all users have the necessary clearance for all data on the system.

  Source: LaROSA, Jeanette (domain leader), Application and System Development Security CISSP Open Study Guide, version 3.0, January 2002.

• Question 623:

  How would an IP spoofing attack be best classified?

  A. Session hijacking attack
  B. Passive attack
  C. Fragmentation attack
  D. Sniffing attack
  A. Session hijacking attack

  ---

  IP spoofing is used to convince a system that it is communicating with a known entity that gives an intruder access. IP spoofing attacks is a common session hijacking attack.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 3: Telecommunications and Network Security (page 77).

• Question 624:

  What is the proper term to refer to a single unit of Ethernet data at the link layer of the DoD TCP model ?

  A. Ethernet Segment.
  B. Ethernet Datagram.
  C. Ethernet Frame.
  D. Ethernet Packet.
  C. Ethernet Frame.

  ---

  Ethernet is frame based network technology.

  See below a few definitions from RFC 1122:

  SEGMENT

  A segment is the unit of end-to-end transmission in the TCP protocol. A segment consists of a TCP header followed by application data. A segment is transmitted by encapsulation inside an IP datagram.

  PACKET

  A packet is the unit of data passed across the interface between the internet layer and the link layer. It includes an IP header and data. A packet may be a complete IP datagram or a fragment of an IP datagram.

  FRAME

  A frame is the unit of transmission in a link layer protocol, and consists of a link-layer header followed by a packet.

  The following answers are incorrect:

  Ethernet segment. Is incorrect because Ethernet segment is a distractor, TCP segment would be the correct terminology. Ethernet is a frame based network technology,

  Ethernet datagram. Is incorrect because Ethernet datagram is a distractor, IP datagram would be the correct terminology. Ethernet is a frame based network technology

  Ethernet packet. Is incorrect because Ethernet packet is a distractor, a Packet is a group of information so would not be a "single unit". Ethernet is a frame based network technology.

  Look at the diagrams below that were extracted from my Security+ Computer Based Tutorial.

  TCP/IP Data Structures

  

  IMPORTANT NOTE:

  The names used on the diagram above are from RFC 1122 which describe the DOD Model.

  Vendors and Books may use slightly different names or even number of layers.

  

  TCP/IP Data Structure

  The following Reference(s) were used for this question:

  Wikipedia http://en.wikipedia.org/wiki/Ethernet

• Question 625:

  One of these statements about the key elements of a good configuration process is NOT true

  A. Accommodate the reuse of proven standards and best practices
  B. Ensure that all requirements remain clear, concise, and valid
  C. Control modifications to system hardware in order to prevent resource changes
  D. Ensure changes, standards, and requirements are communicated promptly and precisely
  C. Control modifications to system hardware in order to prevent resource changes

  ---

  Configuration management isn't about preventing change but ensuring the integrity of IT resources by preventing unauthorised or improper changes. According to the Official ISC2 guide to the CISSP exam, a good CM process is one that can:

  (1)

  accommodate change;

  (2)

  accommodate the reuse of proven standards and best practices;

  (3)

  ensure that all requirements remain clear, concise, and valid; (4) ensure changes, standards, and requirements are communicated promptly and precisely; and

  (5)

  ensure that the results conform to each instance of the product.

  Configuration management

  Configuration management (CM) is the detailed recording and updating of information that describes an enterprise's computer systems and networks, including all hardware and software components. Such information typically includes the versions and updates that have been applied to installed software packages and the locations and network addresses of hardware devices. Special configuration management software is available. When a system needs a hardware or software upgrade, a computer technician can accesses the configuration management program and database to see what is currently installed. The technician can then make a more informed decision about the upgrade needed.

  An advantage of a configuration management application is that the entire collection of systems can be reviewed to make sure any changes made to one system do not adversely affect any of the other systems

  Configuration management is also used in software development, where it is called Unified Configuration Management (UCM). Using UCM, developers can keep track of the source code, documentation, problems, changes requested, and changes made. Change management

  In a computer system environment, change management refers to a systematic approach to keeping track of the details of the system (for example, what operating system release is running on each computer and which fixes have been applied).

• Question 626:

  Which of the following tools is less likely to be used by a hacker?

  A. l0phtcrack
  B. Tripwire
  C. OphCrack
  D. John the Ripper
  B. Tripwire

  ---

  Tripwire is an integrity checking product, triggering alarms when important files (e.g. system or configuration files) are modified.

  This is a tool that is not likely to be used by hackers, other than for studying its workings in order to circumvent it.

  Other programs are password-cracking programs and are likely to be used by security administrators as well as by hackers. More info regarding Tripwire available on the Tripwire, Inc. Web Site.

  NOTE:

  The biggest competitor to the commercial version of Tripwire is the freeware version of Tripwire. You can get the Open Source version of Tripwire at the following URL:

  http://sourceforge.net/projects/tripwire/

• Question 627:

  Which of the following can be defined as an Internet protocol by which a client workstation can dynamically access a mailbox on a server host to manipulate and retrieve mail messages that the server has received and is holding for the client?

  A. IMAP4
  B. SMTP
  C. MIME
  D. PEM
  A. IMAP4

  ---

  RFC 2828 (Internet Security Glossary) defines the Internet Message Access Protocol, version 4 (IMAP4) as an Internet protocol by which a client workstation can dynamically access a mailbox on a server host to manipulate and retrieve mail

  messages that the server has received and is holding for the client. IMAP4 has mechanisms for optionally authenticating a client to a server and providing other security services.

  MIME is the MultiPurpose Internet Mail Extension. MIME extends the format of Internet mail to allow non- US-ASCII textual messages, non-textual messages, multipart message bodies, and non-US-ASCII information in message headers.

  Simple Mail Transfer Protocol (SMTP) is a TCP-based, application-layer, Internet Standard protocol for moving electronic mail messages from one computer to another. Privacy Enhanced Mail (PEM) is an Internet protocol to provide data

  confidentiality, data integrity, and data origin authentication for electronic mail. Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

• Question 628:

  Which common backup method is the fastest on a daily basis?

  A. Full backup method
  B. Incremental backup method
  C. Fast backup method
  D. Differential backup method
  B. Incremental backup method

  ---

  The incremental backup method only copies files that have been recently changed or added. Only files with their archive bit set are backed up. This method is fast and uses less tape space but has some inherent vulnerabilities, one being that all incremental backups need to be available and restored from the date of the last full backup to the desired date should a restore be needed.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 3: Telecommunications and Network Security (page 69).

• Question 629:

  Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational security policy?

  A. Mandatory Access Control
  B. Discretionary Access Control
  C. Non-Discretionary Access Control
  D. Rule-based Access control
  C. Non-Discretionary Access Control

  ---

  Non Discretionary Access Control include Role Based Access Control (RBAC) and Rule Based Access Control (RBAC or RuBAC). RABC being a subset of NDAC, it was easy to eliminate RBAC as it was covered under NDAC already.

  Some people think that RBAC is synonymous with NDAC but RuBAC would also fall into this category.

  Discretionary Access control is for environment with very low level of security. There is no control on the dissemination of the information. A user who has access to a file can copy the file or further share it with other users.

  Rule Based Access Control is when you have ONE set of rules applied uniformly to all users. A good example would be a firewall at the edge of your network. A single rule based is applied against any packets received from the internet.

  Mandatory Access Control is a very rigid type of access control. The subject must dominate the object and the subject must have a Need To Know to access the information. Objects have labels that indicate the sensitivity (classification) and

  there is also categories to enforce the Need To Know (NTK). Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 33.

• Question 630:

  Which conceptual approach to intrusion detection system is the most common?

  A. Behavior-based intrusion detection
  B. Knowledge-based intrusion detection
  C. Statistical anomaly-based intrusion detection
  D. Host-based intrusion detection
  B. Knowledge-based intrusion detection

  ---

  There are two conceptual approaches to intrusion detection. Knowledge-based intrusion detection uses a database of known vulnerabilities to look for current attempts to exploit them on a system and trigger an alarm if an attempt is found. The other approach, not as common, is called behaviour-based or statistical analysis-based. A host-based intrusion detection system is a common implementation of intrusion detection, not a conceptual approach.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 3: Telecommunications and Network Security (page 63).

  Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 193-194).