ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 701:

  Which of the following is not a responsibility of an information (data) owner?

  A. Determine what level of classification the information requires.
  B. Periodically review the classification assignments against business needs.
  C. Delegate the responsibility of data protection to data custodians.
  D. Running regular backups and periodically testing the validity of the backup data.
  D. Running regular backups and periodically testing the validity of the backup data.

  ---

  This responsibility would be delegated to a data custodian rather than being performed directly by the information owner.

  "Determine what level of classification the information requires" is incorrect. This is one of the major responsibilities of an information owner.

  "Periodically review the classification assignments against business needs" is incorrect. This is one of the major responsibilities of an information owner.

  "Delegates responsibility of maintenance of the data protection mechanisms to the data custodian" is incorrect. This is a responsibility of the information owner.

  References:

  CBK p. 105.

  AIO3, p. 53-54, 960

• Question 702:

  Which of the following standards concerns digital certificates?

  A. X.400
  B. X.25
  C. X.509
  D. X.75
  C. X.509

  ---

  X.509 is used in digital certificates. X.400 is used in e-mail as a message handling protocol. X.25 is a standard for the network and data link levels of a communication network and X.75 is a standard defining ways of connecting two X.25 networks.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 4: Cryptography (page 164).

• Question 703:

  What can be defined as the maximum acceptable length of time that elapses before the unavailability of the system severely affects the organization?

  A. Recovery Point Objectives (RPO)
  B. Recovery Time Objectives (RTO)
  C. Recovery Time Period (RTP)
  D. Critical Recovery Time (CRT)
  B. Recovery Time Objectives (RTO)

  ---

  One of the results of a Business Impact Analysis is a determination of each business function's Recovery Time Objectives (RTO). The RTO is the amount of time allowed for the recovery of a business function. If the RTO is exceeded, then

  severe damage to the organization would result.

  The Recovery Point Objectives (RPO) is the point in time in which data must be restored in order to resume processing.

  Reference(s) used for this question:

  BARNES, James C. and ROTHSTEIN, Philip J., A Guide to Business Continuity Planning, John Wiley and Sons, 2001 (page 68).

  and

  And: SWANSON, Marianne, and al., National Institute of Standards and Technology (NIST), NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems, December 2001 (page 47).

• Question 704:

  In biometrics, the "one-to-one" search used to verify claim to an identity made by a person is considered:

  A. Authentication
  B. Identification
  C. Auditing
  D. Authorization
  A. Authentication

  ---

  Biometric devices can be use for either IDENTIFICATION or AUTHENTICATION ONE TO ONE is for AUTHENTICATION This means that you as a user would provide some biometric credential such as your fingerprint. Then they will compare the template that you have provided with the one stored in the Database. If the two are exactly the same that prove that

  you are who you pretend to be. ONE TO MANY is for IDENTIFICATION A good example of this would be within airport. Many airports today have facial recognition cameras, as you walk through the airport it will take a picture of your face and then compare the template (your face) with a database full of templates

  and see if there is a match between your template and the ones stored in the Database. This is for IDENTIFICATION of a person.

  Some additional clarification or comments that might be helpful are: Biometrics establish authentication using specific information and comparing results to expected data. It does not perform well for identification purposes such as scanning

  for a person's face in a moving crowd for example.

  Identification methods could include: username, user ID, account number, PIN, certificate, token, smart card, biometric device or badge.

  Auditing is a process of logging or tracking what was done after the identity and authentication process is completed.

  Authorization is the rights the subject is given and is performed after the identity is established.

  Reference OIG (2007) p148, 167

  Authentication in biometrics is a "one-to-one" search to verify claim to an identity made by a person.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 38.

• Question 705:

  A weakness or lack of a safeguard, which may be exploited by a threat, causing harm to the information systems or networks is called a ?

  A. Vulnerability
  B. Risk
  C. Threat
  D. Overflow
  A. Vulnerability

  ---

  The Answer: Vulnerability; Vulnerability is a weakness or lack of a safeguard, which may be exploited by a threat, causing harm to the information systems or networks. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Pages 16, 32.

• Question 706:

  Knowledge-based Intrusion Detection Systems (IDS) are more common than:

  A. Network-based IDS
  B. Host-based IDS
  C. Behavior-based IDS
  D. Application-Based IDS
  C. Behavior-based IDS

  ---

  Knowledge-based IDS are more common than behavior-based ID systems.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 63.

  Application-Based IDS - "a subset of HIDS that analyze what's going on in an application using the transaction log files of the application." Source: Official ISC2 CISSP CBK Review Seminar Student Manual Version 7.0 p. 87

  Host-Based IDS - "an implementation of IDS capabilities at the host level. Its most significant difference from NIDS is intrusion detection analysis, and related processes are limited to the boundaries of the host." Source: Official ISC2 Guide to

  the CISSP CBK - p. 197

  Network-Based IDS - "a network device, or dedicated system attached to the network, that monitors traffic traversing the network segment for which it is integrated." Source: Official ISC2 Guide to the CISSP CBK - p. 196

  CISSP for dummies a book that we recommend for a quick overview of the 10 domains has nice and concise coverage of the subject:

  Intrusion detection is defined as real-time monitoring and analysis of network activity and data for potential vulnerabilities and attacks in progress. One major limitation of current intrusion detection system (IDS) technologies is the requirement

  to filter false alarms lest the operator (system or security administrator) be overwhelmed with data. IDSes are classified in many different ways, including active and passive, network- based and host-based, and knowledge- based and behavior-based:

  Active and passive IDS

  An active IDS (now more commonly known as an intrusion prevention system -- IPS) is a system that's configured to automatically block suspected attacks in progress without any intervention required by an operator. IPS has the advantage

  of providing real-time corrective action in response to an attack but has many disadvantages as well. An IPS must be placed in- line along a network boundary; thus, the IPS itself is susceptible to attack. Also, if false alarms and legitimate

  traffic haven't been properly identified and filtered, authorized users and applications may be improperly denied access. Finally, the IPS itself may be used to effect a Denial of Service (DoS) attack by intentionally flooding the system with

  alarms that cause it to block connections until no connections or bandwidth are available.

  A passive IDS is a system that's configured only to monitor and analyze network traffic activity and alert an operator to potential vulnerabilities and attacks. It isn't capable of performing any protective or corrective functions on its own. The

  major advantages of passive IDSes are that these systems can be easily and rapidly deployed and are not normally susceptible to attack themselves.

  Network-based and host-based IDS

  A network-based IDS usually consists of a network appliance (or sensor) with a Network Interface Card (NIC) operating in promiscuous mode and a separate management interface. The IDS is placed along a network segment or boundary

  and monitors all traffic on that segment.

  A host-based IDS requires small programs (or agents) to be installed on individual systems to be monitored. The agents monitor the operating system and write data to log files and/or trigger alarms. A host-based IDS can only monitor the

  individual host systems on which the agents are installed; it doesn't monitor the entire network.

  Knowledge-based and behavior-based IDS

  A knowledge-based (or signature-based) IDS references a database of previous attack profiles and known system vulnerabilities to identify active intrusion attempts. Knowledge-based IDS is currently more common than behavior-based IDS.

  Advantages of knowledge-based systems include the following:

  It has lower false alarm rates than behavior-based IDS.

  Alarms are more standardized and more easily understood than behavior-based IDS.

  Disadvantages of knowledge-based systems include these:

  Signature database must be continually updated and maintained.

  New, unique, or original attacks may not be detected or may be improperly classified.

  A behavior-based (or statistical anomalybased) IDS references a baseline or learned pattern of normal system activity to identify active intrusion attempts. Deviations from this baseline or pattern cause an alarm to be triggered.

  Advantages of behavior-based systems include that they

  Dynamically adapt to new, unique, or original attacks.

  Are less dependent on identifying specific operating system vulnerabilities.

  Disadvantages of behavior-based systems include

  Higher false alarm rates than knowledge-based IDSes.

  Usage patterns that may change often and may not be static enough to implement an effective behavior- based IDS.

• Question 707:

  What IDS approach relies on a database of known attacks?

  A. Signature-based intrusion detection
  B. Statistical anomaly-based intrusion detection
  C. Behavior-based intrusion detection
  D. Network-based intrusion detection
  A. Signature-based intrusion detection

  ---

  A weakness of the signature-based (or knowledge-based) intrusion detection approach is that only attack signatures that are stored in a database are detected. Network-based intrusion detection can either be signature-based or statistical anomaly-based (also called behavior-based).

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 2: Access control systems (page 49).

• Question 708:

  The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)?

  A. Threat
  B. Exposure
  C. Vulnerability
  D. Risk
  C. Vulnerability

  ---

  A vulnerability is a weakness in a system that can be exploited by a threat.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 237.

• Question 709:

  Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breaches if:

  A. The company is not a multi-national company.
  B. They have not exercised due care protecting computing resources.
  C. They have failed to properly insure computer resources against loss.
  D. The company does not prosecute the hacker that caused the breach.
  B. They have not exercised due care protecting computing resources.

  ---

  Culpable negligence is defined as: Recklessly acting without reasonable caution and putting another person at risk of injury or death (or failing to do something with the same consequences)

  Where a suspected security breach has been caused (through wilful intent or culpable negligence) disciplinary action may be sought in line with the appropriate misconduct guidelines for internal employees.

  By not exercising Due Care and taking the proper actions, the executives would be liable for losses a company has suffered.

  Reference(s) used for this question:

  TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

  and

  http://www.thefreedictionary.com/culpable+negligence

• Question 710:

  Which of the following focuses on sustaining an organization's business functions during and after a disruption?

  A. Business continuity plan
  B. Business recovery plan
  C. Continuity of operations plan
  D. Disaster recovery plan
  A. Business continuity plan

  ---

  A business continuity plan (BCP) focuses on sustaining an organization's business functions during and after a disruption. Information systems are considered in the BCP only in terms of their support to the larger business processes. The business recovery plan (BRP) addresses the restoration of business processes after an emergency. The BRP is similar to the BCP, but it typically lacks procedures to ensure continuity of critical processes throughout an emergency or disruption. The continuity of operations plan (COOP) focuses on restoring an organization's essential functions at an alternate site and performing those functions for up to 30 days before returning to normal operations. The disaster recovery plan (DRP) applies to major, usually catastrophic events that deny access to the normal facility for an extended period. A DRP is narrower in scope than an IT contingency plan in that it does not address minor disruptions that do not require relocation. Source: SWANSON, Marianne, and al., National Institute of Standards and Technology (NIST), NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems, December 2001 (page 8).