ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 781:

  The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system is referred to as?

  A. Confidentiality
  B. Availability
  C. Integrity
  D. Reliability
  B. Availability

  ---

  An company security program must:

  1) assure that systems and applications operate effectively and provide appropriate confidentiality, integrity, and availability;

  2) protect informationcommensurate with the level of risk and magnitude ofharmresulting fromloss, misuse, unauthorized access, or modification.

  The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system; i.e., a system is available if it provides services according to

  the system design whenever users request them.

  The following are incorrect answers:

  Confidentiality - The information requires protection from unauthorized disclosure and only the INTENDED recipient should have access to the meaning of the data either in storage or in transit.

  Integrity - The information must be protected from unauthorized, unanticipated, or unintentional modification. This includes, but is not limited to:

  Authenticity A third party must be able to verify that the content of a message has not been changed in transit.

  Non-repudiation The origin or the receipt of a specific message must be verifiable by a third party.

  Accountability - A security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.

  Reference used for this question:

  RFC 2828

  and

  SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (page 5).

• Question 782:

  FTP, TFTP, SNMP, and SMTP are provided at what level of the Open Systems Interconnect (OSI) Reference Model?

  A. Application
  B. Network
  C. Presentation
  D. Transport
  A. Application

  ---

  The Answer: Application. The Layer 7 Application Layer of the Open Systems Interconnect (OSI) Reference Model is a service for applications and Operating Systems data transmission, for example FTP, TFTP, SNMP, and SMTP.

  The following answers are incorrect:

  Network. The Network layer moves information between hosts that are not physically connected. It deals with routing of information. IP is a protocol that is used in Network Layer. FTP, TFTP, SNMP, and SMTP do not reside at the Layer 3

  Network Layer in the OSI Reference Model.

  Presentation. The Presentation Layer is concerned with the formatting of data into a standard presentation such as

  ASCII. FTP, TFTP, SNMP, and SMTP do not reside at the Layer 6 Presentation Layer in the OSI Reference Model.

  Transport. The Transport Layer creates an end-to-end transportation between peer hosts. The transmission can be connectionless and unreliable such as UDP, or connection-oriented and ensure error- free delivery such as TCP. FTP, TFTP,

  SNMP, and SMTP do not reside at the Layer 4 Transportation Layer in the OSI Reference Model.

  The following reference(s) were/was used to create this question: Reference: OSI/ISO.

  Shon Harris AIO v.3 p. 420-421

  ISC2 OIG, 2997 p.412-413

• Question 783:

  Which of the following issues is not addressed by digital signatures?

  A. nonrepudiation
  B. authentication
  C. data integrity
  D. denial-of-service
  D. denial-of-service

  ---

  A digital signature directly addresses both confidentiality and integrity of the CIA triad. It does not directly address availability, which is what denial-of-service attacks.

  The other answers are not correct because:

  "nonrepudiation" is not correct because a digital signature can provide for nonrepudiation.

  "authentication" is not correct because a digital signature can be used as an authentication mechanism

  "data integrity" is not correct because a digital signature does verify data integrity (as part of nonrepudiation)

  References:

  Official ISC2 Guide page: 227 and 265

  All in One Third Edition page: 648

• Question 784:

  In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in?

  A. Recovery
  B. Containment
  C. Triage
  D. Analysis and tracking
  D. Analysis and tracking

  ---

  In this step, your main objective is to examine and analyze what has occurred and focus on determining the root cause of the incident.

  Recovery is incorrect as recovery is about resuming operations or bringing affected systems back into production Containment is incorrect as containment is about reducing the potential impact of an incident. Triage is incorrect as triage is about determining the seriousness of the incident and filtering out false positives

  Reference:

  Official Guide to the CISSP CBK, pages 700-704

• Question 785:

  Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis?

  A. Internet Security Association and Key Management Protocol (ISAKMP)
  B. Simple Key-management for Internet Protocols (SKIP)
  C. Diffie-Hellman Key Distribution Protocol
  D. IPsec Key exchange (IKE)
  B. Simple Key-management for Internet Protocols (SKIP)

  ---

  RFC 2828 (Internet Security Glossary) defines Simple Key Management for Internet Protocols (SKIP) as:

  A key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets.

  SKIP is an hybrid Key distribution protocol similar to SSL, except that it establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis. Therefore, no

  connection setup overhead exists and new keys values are not continually generated. SKIP uses the knowledge of its own secret key or private component and the destination's public component to calculate a unique key that can only be used between them.

  IKE stand for Internet Key Exchange, it makes use of ISAKMP and OAKLEY internally.

  Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication and a DiffieHellman

  key exchange to set up a shared session secret from which cryptographic keys are derived.

  The following are incorrect answers:

  ISAKMP is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key

  establishment protocol, encryption algorithm, or authentication mechanism.

  IKE is an Internet, IPsec, key-establishment protocol (partly based on OAKLEY) that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations, such as in AH and ESP.

  IPsec Key exchange (IKE) is only a detracto.

  Reference(s) used for this question:

  SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

  and

  http://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol

  and

  http://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol

• Question 786:

  What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?

  A. A
  B. D
  C. E
  D. F
  B. D

  ---

  D or "minimal protection" is reserved for systems that were evaluated under the TCSEC but did not meet the requirements for a higher trust level.

  A is incorrect. A or "Verified Protectection" is the highest trust level under the TCSEC.

  E is incorrect. The trust levels are A - D so "E" is not a valid trust level.

  F is incorrect. The trust levels are A - D so "F" is not a valid trust level.

  CBK, pp. 329 - 330

  AIO3, pp. 302 - 306

• Question 787:

  Which backup method only copies files that have been recently added or changed and also leaves the archive bit unchanged?

  A. Full backup method
  B. Incremental backup method
  C. Fast backup method
  D. Differential backup method
  D. Differential backup method

  ---

  A differential backup is a partial backup that copies a selected file to tape only if the archive bit for that file is turned on, indicating that it has changed since the last full backup. A differential backup leaves the archive bits unchanged on the files it copies.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 3: Telecommunications and Network Security (page 69).

  Also see: http://e-articles.info/e/a/title/Backup-Types/

  Backup software can use or ignore the archive bit in determining which files to back up, and can either turn the archive bit off or leave it unchanged when the backup is complete. How the archive bit is used and manipulated determines what type of backup is done, as follows

  Full backup

  A full backup, which Microsoft calls a normal backup, backs up every selected file, regardless of the status of the archive bit. When the backup completes, the backup software turns off the archive bit for every file that was backed up. Note that "full" is a misnomer because a full backup backs up only the files you have selected, which may be as little as one directory or even a single file, so in that sense Microsoft's terminology is actually more accurate. Given the choice, full backup is the method to use because all files are on one tape, which makes it much easier to retrieve files from tape when necessary. Relative to partial backups, full backups also increase redundancy because all files are on all tapes. That means that if one tape fails, you may still be able to retrieve a given file from another tape.

  Differential backup

  A differential backup is a partial backup that copies a selected file to tape only if the archive bit for that file is turned on, indicating that it has changed since the last full backup. A differential backup leaves the archive bits unchanged on the files it copies. Accordingly, any differential backup set contains all files that have changed since the last full backup. A differential backup set run soon after a full backup will contain relatively few files. One run soon before the next full backup is due will contain many files, including those contained on all previous differential backup sets since the last full backup. When you use differential backup, a complete backup set comprises only two tapes or tape sets: the tape that contains the last full backup and the tape that contains the most recent differential backup.

  Incremental backup

  An incremental backup is another form of partial backup. Like differential backups, Incremental Backups copy a selected file to tape only if the archive bit for that file is turned on. Unlike the differential backup, however, the incremental backup clears the archive bits for the files it backs up. An incremental backup set therefore contains only files that have changed since the last full backup or the last incremental backup. If you run an incremental backup daily, files changed on Monday are on the Monday tape, files changed on Tuesday are on the Tuesday tape, and so forth. When you use an incremental backup scheme, a complete backup set comprises the tape that contains the last full backup and all of the tapes that contain every incremental backup done since the last normal backup. The only advantages of incremental backups are that they minimize backup time and keep multiple versions of files that change frequently. The disadvantages are that backed-up files are scattered across multiple tapes, making it difficult to locate any particular file you need to restore, and that there is no redundancy. That is, each file is stored only on one tape.

  Full copy backup

  A full copy backup (which Microsoft calls a copy backup) is identical to a full backup except for the last step. The full backup finishes by turning off the archive bit on all files that have been backed up. The full copy backup instead leaves the archive bits unchanged. The full copy backup is useful only if you are using a combination of full backups and incremental or differential partial backups. The full copy backup allows you to make a duplicate "full" backup--e.g., for storage offsite, without altering the state of the hard drive you are backing up, which would destroy the integrity of the partial backup rotation.

  Some Microsoft backup software provides a bizarre backup method Microsoft calls a daily copy backup. This method ignores the archive bit entirely and instead depends on the date- and timestamp of files to determine which files should be backed up. The problem is, it's quite possible for software to change a file without changing the date- and timestamp, or to change the date- and timestamp without changing the contents of the file. For this reason, we regard the daily copy backup as entirely unreliable and recommend you avoid using it.

• Question 788:

  Who should DECIDE how a company should approach security and what security measures should be implemented?

  A. Senior management
  B. Data owner
  C. Auditor
  D. The information security specialist
  A. Senior management

  ---

  They are responsible for security of the organization and the protection of its assets.

  The following answers are incorrect because :

  Data owner is incorrect as data owners should not decide as to what security measures should be applied.

  Auditor is also incorrect as auditor cannot decide as to what security measures should be applied.

  The information security specialist is also incorrect as they may have the technical knowledge of how security measures should be implemented and configured , but they should not be in a position of deciding what measures should be

  applied.

  Reference : Shon Harris AIO v3 , Chapter-3: Security Management Practices , Page : 51.

• Question 789:

  Which is NOT a suitable method for distributing certificate revocation information?

  A. CA revocation mailing list
  B. Delta CRL
  C. OCSP (online certificate status protocol)
  D. Distribution point CRL
  A. CA revocation mailing list

  ---

  The following are incorrect answers because they are all suitable methods.

  A Delta CRL is a CRL that only provides information about certificates whose statuses have changed since the issuance of a specific, previously issued CRL.

  The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate.

  A Distribution point CRL or CRL Distribution Point, a location specified in the CRL Distribution Point (CRL DP) X.509, version 3, certificate extension when the certificate is issued.

  References:

  RFC 2459: Internet X.509 Public Key Infrastru

  http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/sliding_window.pdf

  http://www.ipswitch.eu/online_certificate_status_protocol_en.html

  Computer Security Handbook By Seymour Bosworth, Arthur E. Hutt, Michel E. Kabay http:// books.google.com/books?

  id=rCx5OfSFUPkCandprintsec=frontcoveranddq=Computer+Security+Handbook#PRA6-PA4,M1

• Question 790:

  Which of the following keys has the SHORTEST lifespan?

  A. Secret key
  B. Public key
  C. Session key
  D. Private key
  C. Session key

  ---

  As session key is a symmetric key that is used to encrypt messages between two users. A session key is only good for one communication session between users.

  For example , If Tanya has a symmetric key that she uses to encrypt messages between Lance and herself all the time , then this symmetric key would not be regenerated or changed. They would use the same key every time they

  communicated using encryption. However , using the same key repeatedly increases the chances of the key being captured and the secure communication being compromised. If , on the other hand , a new symmetric key were generated

  each time Lance and Tanya wanted to communicate , it would be used only during their dialog and then destroyed. if they wanted to communicate and hour later , a new session key would be created and shared.

  The other answers are not correct because :

  Public Key can be known to anyone.

  Private Key must be known and used only by the owner.

  Secret Keys are also called as Symmetric Keys, because this type of encryption relies on each user to keep the key a secret and properly protected.

  REFERENCES:

  SHON HARRIS , ALL IN ONE THIRD EDITION : Chapter 8 : Cryptography , Page : 619-620