ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 711:

  Which of the following statements pertaining to Secure Sockets Layer (SSL) is false?

  A. The SSL protocol was developed by Netscape to secure Internet client-server transactions.
  B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates.
  C. Web pages using the SSL protocol start with HTTPS
  D. SSL can be used with applications such as Telnet, FTP and email protocols.
  B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates.

  ---

  All of these statements pertaining to SSL are true except that it is primary use is to authenticate the client to the server using public key cryptography and digital certificates. It is the opposite, Its primary use is to authenticate the server to the

  client.

  The following reference(s) were used for this question:

  KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 4: Cryptography (page 170).

• Question 712:

  The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with:

  A. Preventive/physical
  B. Detective/technical
  C. Detective/physical
  D. Detective/administrative
  C. Detective/physical

  ---

  Detective/physical controls usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 36.

• Question 713:

  A periodic review of user account management should not determine:

  A. Conformity with the concept of least privilege.
  B. Whether active accounts are still being used.
  C. Strength of user-chosen passwords.
  D. Whether management authorizations are up-to-date.
  C. Strength of user-chosen passwords.

  ---

  Organizations should have a process for (1) requesting, establishing, issuing, and closing user accounts; (2) tracking users and their respective access authorizations; and (3) managing these functions.

  Reviews should examine the levels of access each individual has, conformity with the concept of least privilege, whether all accounts are still active, whether management authorizations are up- to-date, whether required training has been completed, and so forth. These reviews can be conducted on at least two levels: (1) on an application-by-application basis, or (2) on a system wide basis. The strength of user passwords is beyond the scope of a simple user account management review, since it requires specific tools to try and crack the password file/database through either a dictionary or brute-force attack in order to check

  the strength of passwords.

  Reference(s) used for this question:

  SWANSON, Marianne and GUTTMAN, Barbara, National Institute of Standards and Technology (NIST), NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, September

  1996 (page 28).

• Question 714:

  Which of the following tools is NOT likely to be used by a hacker?

  A. Nessus
  B. Saint
  C. Tripwire
  D. Nmap
  C. Tripwire

  ---

  It is a data integrity assurance software aimed at detecting and reporting accidental or malicious changes to data.

  The following answers are incorrect :

  Nessus is incorrect as it is a vulnerability scanner used by hackers in discovering vulnerabilities in a system.

  Saint is also incorrect as it is also a network vulnerability scanner likely to be used by hackers.

  Nmap is also incorrect as it is a port scanner for network exploration and likely to be used by hackers.

  Reference :

  Tripwire : http://www.tripwire.com

  Nessus : http://www.nessus.org

  Saint : http://www.saintcorporation.com/saint

  Nmap : http://insecure.org/nmap

• Question 715:

  What would be the Annualized Rate of Occurrence (ARO) of the threat "user input error", in the case where a company employs 100 data entry clerks and every one of them makes one input error each month?

  A. 100
  B. 120
  C. 1
  D. 1200
  D. 1200

  ---

  If every one of the 100 clerks makes 1 error 12 times per year, it makes a total of 1200 errors. The Annnualized Rate of Occurence (ARO) is a value that represents the estimated frequency in which a threat is expected to occur. The range can be from 0.0 to a large number. Having an average of 1200 errors per year means an ARO of 1200

• Question 716:

  When should a post-mortem review meeting be held after an intrusion has been properly taken care of?

  A. Within the first three months after the investigation of the intrusion is completed.
  B. Within the first week after prosecution of intruders have taken place, whether successful or not.
  C. Within the first month after the investigation of the intrusion is completed.
  D. Within the first week of completing the investigation of the intrusion.
  D. Within the first week of completing the investigation of the intrusion.

  ---

  A post-mortem review meeting should be held with all involved parties within three to five working days of completing the investigation of the intrusion. Otherwise, participants are likely to forget critical information. Even if it enabled an organization to validate the correctness of its chain of custody of evidence, it would not make sense to wait until prosecution is complete because it would take too much time and many cases of intrusion never get to court anyway.

  Source: ALLEN, Julia H., The CERT Guide to System and Network Security Practices, Addison- Wesley, 2001, Chapter 7: Responding to Intrusions (page 297).

• Question 717:

  Which of the following choice is NOT normally part of the questions that would be asked in regards to an organization's information security policy?

  A. Who is involved in establishing the security policy?
  B. Where is the organization's security policy defined?
  C. What are the actions that need to be performed in case of a disaster?
  D. Who is responsible for monitoring compliance to the organization's security policy?
  C. What are the actions that need to be performed in case of a disaster?

  ---

  Actions to be performed in case of a disaster are not normally part of an information security policy but part of a Disaster Recovery Plan (DRP).

  Only personnel implicated in the plan should have a copy of the Disaster Recovery Plan whereas everyone should be aware of the contents of the organization's information security policy. Source: ALLEN, Julia H., The CERT Guide to System and Network Security Practices, Addison- Wesley, 2001, Appendix B, Practice-Level Policy Considerations (page 398).

• Question 718:

  Which access control model was proposed for enforcing access control in government and military applications?

  A. Bell-LaPadula model
  B. Biba model
  C. Sutherland model
  D. Brewer-Nash model
  A. Bell-LaPadula model

  ---

  The Bell-LaPadula model, mostly concerned with confidentiality, was proposed for enforcing access control in government and military applications. It supports mandatory access control by determining the access rights from the security levels associated with subjects and objects. It also supports discretionary access control by checking access rights from an access matrix. The Biba model, introduced in 1977, the Sutherland model, published in 1986, and the Brewer-Nash model, published in 1989, are concerned with integrity.

  Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology (page 11).

• Question 719:

  Which of the following backup methods is most appropriate for off-site archiving?

  A. Incremental backup method
  B. Off-site backup method
  C. Full backup method
  D. Differential backup method
  C. Full backup method

  ---

  The full backup makes a complete backup of every file on the system every time it is run. Since a single backup set is needed to perform a full restore, it is appropriate for off-site archiving.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 3: Telecommunications and Network Security (page 69).

• Question 720:

  The "vulnerability of a facility" to damage or attack may be assessed by all of the following except:

  A. Inspection
  B. History of losses
  C. Security controls
  D. security budget
  D. security budget

  ---

  Source: The CISSP Examination Textbook- Volume 2: Practice by S. Rao Vallabhaneni.