ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 721:

  Which of the following attacks could capture network user passwords?

  A. Data diddling
  B. Sniffing
  C. IP Spoofing
  D. Smurfing
  B. Sniffing

  ---

  A network sniffer captures a copy every packet that traverses the network segment the sniffer is connect to.

  Sniffers are typically devices that can collect information from a communication medium, such as a network. These devices can range from specialized equipment to basic workstations with customized software.

  A sniffer can collect information about most, if not all, attributes of the communication. The most common method of sniffing is to plug a sniffer into an existing network device like a hub or switch. A hub (which is designed to relay all traffic

  passing through it to all of its ports) will automatically begin sending all the traffic on that network segment to the sniffing device. On the other hand, a switch (which is designed to limit what traffic gets sent to which port) will have to be

  specially configured to send all traffic to the port where the sniffer is plugged in.

  Another method for sniffing is to use a network tap--a device that literally splits a network transmission into two identical streams; one going to the original network destination and the other going to the sniffing device. Each of these methods

  has its advantages and disadvantages, including cost, feasibility, and the desire to maintain the secrecy of the sniffing activity.

  The packets captured by sniffer are decoded and then displayed by the sniffer. Therfore, if the username/ password are contained in a packet or packets traversing the segment the sniffer is connected to, it will capture and display that

  information (and any other information on that segment it can see).

  Of course, if the information is encrypted via a VPN, SSL, TLS, or similar technology, the information is still captured and displayed, but it is in an unreadable format.

  The following answers are incorrect:

  Data diddling involves changing data before, as it is enterred into a computer, or after it is extracted.

  Spoofing is forging an address and inserting it into a packet to disguise the origin of the communication - or causing a system to respond to the wrong address. Smurfing would refer to the smurf attack, where an attacker sends spoofed

  packets to the broadcast address on a gateway in order to cause a denial of service.

  The following reference(s) were/was used to create this question:

  CISA Review manual 2014 Page number 321

  Official ISC2 Guide to the CISSP 3rd edition Page Number 153

• Question 722:

  In biometrics, "one-to-many" search against database of stored biometric images is done in:

  A. Authentication
  B. Identification
  C. Identities
  D. Identity-based access control
  B. Identification

  ---

  In biometrics, identification is a "one-to-many" search of an individual's characteristics from a database of stored images.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 38.

• Question 723:

  Which of the following is given the responsibility of the maintenance and protection of the data?

  A. Data owner
  B. Data custodian
  C. User
  D. Security administrator
  B. Data custodian

  ---

  It is usually responsible for maintaining and protecting the data.

  The following answers are incorrect:

  Data owner is usually a member of management , in charge of a specific business unit and is ultimately responsible for the protection and use of the information.

  User is any individual who routinely uses the data for work-related tasks.

  Security administrator's tasks include creating new system user accounts , implementing new security software.

  References : Shon Harris AIO v3 , Chapter - 3: Security Management Practices , Pages : 99 - 103

• Question 724:

  Which of the following is responsible for MOST of the security issues?

  A. Outside espionage
  B. Hackers
  C. Personnel
  D. Equipment failure
  C. Personnel

  ---

  Personnel cause more security issues than hacker attacks, outside espionage, or equipment failure.

  The following answers are incorrect because:

  Outside espionage is incorrect as it is not the best answer.

  Hackers is also incorrect as it is not the best answer.

  Equipment failure is also incorrect as it is not the best answer.

  Reference : Shon Harris AIO v3 , Chapter-3: Security Management Practices , Page : 56

• Question 725:

  If your property Insurance has Actual Cash Valuation (ACV) clause, your damaged property will be compensated based on:

  A. Value of item on the date of loss
  B. Replacement with a new item for the old one regardless of condition of lost item
  C. Value of item one month before the loss
  D. Value of item on the date of loss plus 10 percent
  A. Value of item on the date of loss

  ---

  This is called the Actual Cash Value (ACV) or Actual Cost Valuation (ACV)

  All of the other answers were only detractors. Below you have an of the different types of valuation you could use. It is VERY important for you to validate with your insurer which one applies to you as you could have some very surprising

  finding the day you have a disaster that takes place.

  Replacement Cost

  Property replacement cost insurance promises to replace old with new. Generally, replacement of a building must be done on the same premises and used for the same purpose, using materials comparable to the quality of the materials in

  the damaged or destroyed property.

  There are some other limitations to this promise. For example, the cost of repairs or replacement for buildings

  doesn't include the increased cost associated with building codes or other laws controlling how buildings must be built today. An endorsement adding coverage for the operation of Building Codes and the increased costs associated with

  complying with them is available separately -- usually for additional premium.

  In addition, some insurance underwriters will only cover certain property on a depreciated value (actual cash value -- ACV) basis even when attached to the building. This includes awnings and floor coverings, appliances for refrigerating,

  ventilating, cooking, dishwashing, and laundering. Depreciated value also applies to outdoor equipment or furniture.

  Actual Cash Value (ACV)

  The ACV is the default valuation clause for commercial property insurance. It is also known as depreciated value, but this is not the same as accounting depreciated value. The actual cash value is determined by first calculating the

  replacement value of the property. The next step involves estimating the amount to be subtracted, which reflects the

  building's age, wear, and tear.

  This amount deducted from the replacement value is known as depreciation. The amount of depreciation is reduced by inflation (increased cost of replacing the property); regular maintenance; and repair (new roofs, new electrical systems,

  etc.) because these factors reduce the effective age of the buildings.

  The amount of depreciation applicable is somewhat subjective and certainly subject to negotiation. In fact, there is often disagreement and a degree of uncertainty over the amount of depreciation applicable to a particular building.

  Given this reality, property owners should not leave the determination of depreciation to chance or wait until suffering

  a property loss to be concerned about it. Every three to five years, property owners should obtain a professional appraisal of the replacement value and depreciated value of the buildings.

  The ACV valuation is an option for directors to consider when certain buildings are in need of repair, or budget constraints prevent insuring all of your facilities on a replacement cost basis. There are other valuation options for property owners

  to consider as well.

  Functional Replacement Cost

  This valuation method has been available for some time but has not been widely used. It is beginning to show up on property insurance policies imposed by underwriters with concerns about older, buildings. It can also be used for buildings,

  which are functionally obsolete. This method provides for the replacement of a building with similar property that performs the same function, using less costly material. The endorsement includes coverage for building codes automatically.

  In the event of a loss, the insurance company pays the smallest of four payment options.

  1.

  In the event of a total loss, the insurer could pay the limit of insurance on the building or the cost to replace the building on the same (or different) site with a payment that is "functionally equivalent."

  2.

  In the event of a partial loss, the insurance company could pay the cost to repair or replace the damaged portion in the same architectural style with less costly material (if available).

  3.

  The insurance company could also pay the amount actually spent to demolish the undamaged portion of the building and clear the site if necessary.

  4.

  The fourth payment option is to pay the amount actually spent to repair, or replace the building using less costly materials, if available (Hillman and McCracken 1997). Unlike the replacement cost valuation method, which excluded certain fixtures and personal property used to service the premises, this endorsement provides functional replacement cost coverage for these items (awnings, floor coverings, appliances, etc.) (Hillman nd McCracken 1997).

  As in the standard replacement cost value option, the insured can elect not to repair or replace the property. Under these circumstances the company pays the smallest of the following:

  1.

  The Limit of Liability

  2.

  The "market value" (not including the value of the land) at the time of the loss. The endorsement defines "market value" as the price which the property might be expected to realize if ffered for sale in fair market."

  3.

  A modified form of ACV (the amount to repair or replace on he same site with less costly material and in the same architectural tyle, less depreciation) (Hillman and McCracken 1997). Agreed Value or Agreed Amount Agreed value or agreed amount is not a valuation method. Instead, his term refers to a waiver of the coinsurance clause in the property insurance policy. Availability of this coverage feature varies among insurers but, it is usually available only

  when the underwriter has proof (an independent appraisal, or compliance with an insurance company valuation model) of the value of your property.

  When do I get paid?

  Generally, the insurance company will not pay a replacement cost settlement until the property that was damaged or destroyed is actually repaired or replaced as soon as reasonably possible after the loss.

  Under no circumstances will the insurance company pay more than your limit of insurance or more than the actual amount you spend to repair or replace the damaged property if this amount is less than the limit of insurance.

  Replacement cost insurance terms give the insured the option of settling the loss on an ACV basis. This option may be exercised if you don't plan to replace the building or if you are faced with a significant coinsurance penalty on a

  replacement cost settlement.

  References:

  http://www.schirickinsurance.com/resources/value2005.pdf and

  TIPTON, Harold F. and KRAUSE, MICKI

  Information Security Management Handbook, 4th Edition, Volume 1

  Property Insurance overview, Page 587.

• Question 726:

  Which of the following floors would be most appropriate to locate information processing facilities in a 6- stories building?

  A. Basement
  B. Ground floor
  C. Third floor
  D. Sixth floor
  C. Third floor

  ---

  You data center should be located in the middle of the facility or the core of a building to provide protection from natural disasters or bombs and provide easier access to emergency crewmembers if necessary. By being at the core of the

  facility the external wall would act as a secondary layer of protection as well.

  Information processing facilities should not be located on the top floors of buildings in case of a fire or flooding coming from the roof. Many crimes and theft have also been conducted by simply cutting a large hole on the roof.

  They should not be in the basement because of flooding where water has a natural tendancy to flow down :-) Even a little amount of water would affect your operation considering the quantity of electrical cabling sitting directly on the cement

  floor under under your raise floor. The data center should not be located on the first floor due to the presence of the main entrance where people are coming in and out. You have a lot of high traffic areas such as the elevators, the loading

  docks, cafeteria, coffee shopt, etc.. Really a bad location for a data center.

  So it was easy to come up with the answer by using the process of elimination where the top, the bottom, and the basement are all bad choices. That left you with only one possible answer which is the third floor. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 5th Edition, Page 425.

• Question 727:

  The Computer Security Policy Model the Orange Book is based on is which of the following?

  A. Bell-LaPadula
  B. Data Encryption Standard
  C. Kerberos
  D. Tempest
  A. Bell-LaPadula

  ---

  The Computer Security Policy Model Orange Book is based is the Bell-LaPadula Model. Orange Book Glossary.

  The Data Encryption Standard (DES) is a cryptographic algorithm. National Information Security Glossary. TEMPEST is related to limiting the electromagnetic emanations from electronic equipment. Reference:

  U.S. Department of Defense, Trusted Computer System Evaluation Criteria (Orange Book), DOD 5200.28- STD. December 1985 (also available here).

• Question 728:

  Physically securing backup tapes from unauthorized access is obviously a security concern and is considered a function of the:

  A. Operations Security Domain.
  B. Operations Security Domain Analysis.
  C. Telecommunications and Network Security Domain.
  D. Business Continuity Planning and Disater Recovery Planning.
  A. Operations Security Domain.

  ---

  Physically securing the tapes from unauthorized access is obviously a security concern and is considered a function of the Operations Security Domain. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 71.

• Question 729:

  Which of the following is not a property of the Rijndael block cipher algorithm?

  A. It employs a round transformation that is comprised of three layers of distinct and invertible transformations.
  B. It is suited for high speed chips with no area restrictions.
  C. It operates on 64-bit plaintext blocks and uses a 128 bit key.
  D. It could be used on a smart card.
  C. It operates on 64-bit plaintext blocks and uses a 128 bit key.

  ---

  All other properties above apply to the Rijndael algorithm, chosen as the AES standard to replace DES.

  The AES algorithm is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits. Rijndael was designed to handle additional block sizes and key lengths, however they are not adopted in

  the AES standard.

  IDEA cipher algorithm operates on 64-bit plaintext blocks and uses a 128 bit key.

  Reference(s) used for this question:

  http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf and

  http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

• Question 730:

  Which of the following is the most complete disaster recovery plan test type, to be performed after successfully completing the Parallel test?

  A. Full Interruption test
  B. Checklist test
  C. Simulation test
  D. Structured walk-through test
  A. Full Interruption test

  ---

  The difference between this and the full-interruption test is that the primary production processing of the business does not stop; the test processing runs in parallel to the real processing. This is the most common type of disaster recovery

  plan testing.

  A checklist test is only considered a preliminary step to a real test. In a structured walk-through test, business unit management representatives meet to walk through the plan, ensuring it accurately reflects the organization's ability to recover

  successfully, at least on paper.

  A simulation test is aimed at testing the ability of the personnel to respond to a simulated disaster, but not recovery process is actually performed.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 8: Business Continuity Planning and Disaster Recovery Planning (page 289).