ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 791:

  You work in a police department forensics lab where you examine computers for evidence of crimes. Your work is vital to the success of the prosecution of criminals.

  One day you receive a laptop and are part of a two man team responsible for examining it together. However, it is lunch time and after receiving the laptop you leave it on your desk and you both head out to lunch. What critical step in forensic evidence have you forgotten?

  A. Chain of custody
  B. Locking the laptop in your desk
  C. Making a disk image for examination
  D. Cracking the admin password with chntpw
  A. Chain of custody

  ---

  When evidence from a crime is to be used in the prosecution of a criminal it is critical that you follow the law when handling that evidence. Part of that process is called chain of custody and is when you maintain proactive and documented

  control over ALL evidence involved in a crime.

  Failure to do this can lead to the dismissal of charges against a criminal because if the evidence is compromised because you failed to maintain of chain of custody.

  A chain of custody is chronological documentation for evidence in a particular case, and is especially important with electronic evidence due to the possibility of fraudulent data alteration, deletion, or creation. A fully detailed chain of custody

  report is necessary to prove the physical custody of a piece of evidence and show all parties that had access to said evidence at any given time.

  Evidence must be protected from the time it is collected until the time it is presented in court. The following answers are incorrect:

  -

  Locking the laptop in your desk: Even this wouldn't assure that the defense team would try to challenge chain of custody handling. It's usually easy to break into a desk drawer and evidence should be stored in approved safes or other storage facility.

  -

  Making a disk image for examination: This is a key part of system forensics where we make a disk image of the evidence system and study that as opposed to studying the real disk drive. That could lead to loss of evidence. However if the original evidence is not secured than the chain of custoday has not been maintained properly.

  -

  Cracking the admin password with chntpw: This isn't correct. Your first mistake was to compromise the chain of custody of the laptop. The chntpw program is a Linux utility to (re)set the password of any user that has a valid (local) account on a Windows system, by modifying the crypted password in the registry's SAM file. You do not need to know the old password to set a new one. It works offline which means you must have physical access (i.e., you have to shutdown your computer and boot off a linux floppy disk). The bootdisk includes stuff to access NTFS partitions and scripts to glue the whole thing together. This utility works with SYSKEY and includes the option to turn it off. A bootdisk image is provided on their website at http://freecode.com/projects/chntpw .

  The following reference(s) was used to create this question: For more details and to cover 100% of the exam

• Question 792:

  In the context of Biometric authentication, what is a quick way to compare the accuracy of devices. In general, the device that have the lowest value would be the most accurate. Which of the following would be used to compare accuracy of devices?

  A. the CER is used.
  B. the FRR is used
  C. the FAR is used
  D. the FER is used
  A. the CER is used.

  ---

  equal error rate or crossover error rate (EER or CER): the rate at which both accept and reject errors are equal. The value of the EER can be easily obtained from the ROC curve. The EER is a quick way to compare the accuracy of devices

  with different ROC curves. In general, the device with the lowest EER is most accurate.

  In the context of Biometric Authentication almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such as in an airport metal detector, the

  system becomes increasingly selective and has a higher False Reject Rate (FRR).

  Conversely, if the sensitivity is decreased, the False Acceptance Rate (FAR) will increase.

  Thus, to have a valid measure of the system performance, the CrossOver Error Rate (CER) is used.

  The following are used as performance metrics for biometric systems:

  false accept rate or false match rate (FAR or FMR): the probability that the system incorrectly matches the input pattern to a non-matching template in the database. It measures the percent of invalid inputs which are incorrectly accepted. In

  case of similarity scale, if the person is imposter in real, but the matching score is higher than the threshold, then he is treated as genuine that increase the FAR and hence performance also depends upon the selection of threshold value.

  false reject rate or false non-match rate (FRR or FNMR): the probability that the system fails to detect a match between the input pattern and a matching template in the database. It measures the percent of valid inputs which are incorrectly

  rejected.

  failure to enroll rate (FTE or FER): the rate at which attempts to create a template from an input is unsuccessful. This is most commonly caused by low quality inputs.

  failure to capture rate (FTC): Within automatic systems, the probability that the system fails to detect a biometric input when presented correctly.

  template capacity: the maximum number of sets of data which can be stored in the system.

  Reference(s) used for this question:

  KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 37.

  and

  Wikipedia at: https://en.wikipedia.org/wiki/Biometrics

• Question 793:

  Password management falls into which control category?

  A. Compensating
  B. Detective
  C. Preventive
  D. Technical
  C. Preventive

  ---

  Password management is an example of preventive control.

  Proper passwords prevent unauthorized users from accessing a system. There are literally hundreds of different access approaches, control methods, and technologies, both in the physical world and in the virtual electronic world. Each method addresses a different type of access control or a specific access need. For example, access control solutions may incorporate identification and authentication mechanisms, filters, rules, rights, logging and monitoring, policy, and a plethora of other controls. However, despite the diversity of access control

  methods, all access control systems can be categorized into seven primary categories. The seven main categories of access control are:

  1.

  Directive: Controls designed to specify acceptable rules of behavior within an organization

  2.

  Deterrent: Controls designed to discourage people from violating security directives

  3.

  Preventive: Controls implemented to prevent a security incident or information breach

  4.

  Compensating: Controls implemented to substitute for the loss of primary controls and mitigate risk down to an acceptable level

  5.

  Detective: Controls designed to signal a warning when a security control has been breached

  6.

  Corrective: Controls implemented to remedy circumstance, mitigate damage, or restore controls

  7.

  Recovery: Controls implemented to restore conditions to normal after a security incident

  Reference(s) used for this question:

  Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1156-1176). Auerbach Publications. Kindle Edition.

• Question 794:

  What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext?

  A. Key collision
  B. Key clustering
  C. Hashing
  D. Ciphertext collision
  B. Key clustering

  ---

  Key clustering happens when a plaintext message generates identical ciphertext messages using the same transformation algorithm, but with different keys. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 4: Cryptography (page 130).

• Question 795:

  What is the key size of the International Data Encryption Algorithm (IDEA)?

  A. 64 bits
  B. 128 bits
  C. 160 bits
  D. 192 bits
  B. 128 bits

  ---

  The International Data Encryption Algorithm (IDEA) is a block cipher that operates on 64 bit blocks of data with a 128-bit key. The data blocks are divided into 16 smaller blocks and each has eight rounds of mathematical functions performed on it. It is used in the PGP encryption software.

  Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 3).

• Question 796:

  Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis?

  A. DSS is aimed at solving highly structured problems.
  B. DSS emphasizes flexibility in the decision making approach of users.
  C. DSS supports only structured decision-making tasks.
  D. DSS combines the use of models with non-traditional data access and retrieval functions.
  B. DSS emphasizes flexibility in the decision making approach of users.

  ---

  DSS emphasizes flexibility in the decision-making approach of users. It is aimed at solving less structured problems, combines the use of models and analytic techniques with traditional data access and retrieval functions and supports semistructured decision-making tasks.

  DSS is sometimes referred to as the Delphi Method or Delphi Technique:

  The Delphi technique is a group decision method used to ensure that each member gives an honest opinion of what he or she thinks the result of a particular threat will be. This avoids a group of individuals feeling pressured to go along with

  others' thought processes and enables them to participate in an independent and anonymous way. Each member of the group provides his or her opinion of a certain threat and turns it in to the team that is performing the analysis. The results

  are compiled and distributed to the group members, who then write down their comments anonymously and return them to the analysis group. The comments are compiled and redistributed for more comments until a consensus is formed.

  This method is used to obtain an agreement on cost, loss values, and probabilities of occurrence without individuals having to agree verbally.

  Here is the ISC2 book coverage of the subject:

  One of the methods that uses consensus relative to valuation of information is the consensus/modified Delphi method. Participants in the valuation exercise are asked to comment anonymously on the task being discussed. This information is

  collected and disseminated to a participant other than the original author. This participant comments upon the observations of the original author. The information gathered is discussed in a public forum and the best course is agreed upon by

  the group (consensus).

  EXAM TIP:

  The DSS is what some of the books are referring to as the Delphi Method or Delphi Technique. Be familiar with both terms for the purpose of the exam.

  The other answers are incorrect:

  'DSS is aimed at solving highly structured problems' is incorrect because it is aimed at solving less structured problems.

  'DSS supports only structured decision-making tasks' is also incorrect as it supports semi- structured decision-making tasks.

  'DSS combines the use of models with non-traditional data access and retrieval functions' is also incorrect as it combines the use of models and analytic techniques with traditional data access and retrieval functions.

  Reference(s) used for this question:

  Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 91). McGraw-Hill.

  Kindle Edition.

  and

  Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :

  Information Security Governance and Risk Management ((ISC)2 Press) (Kindle Locations 1424- 1426). Auerbach Publications. Kindle Edition.

• Question 797:

  Which type of attack involves impersonating a user or a system?

  A. Smurfing attack
  B. Spoofing attack
  C. Spamming attack
  D. Sniffing attack
  B. Spoofing attack

  ---

  A spoofing attack is when an attempt is made to gain access to a computer system by posing as an authorized user or system. Spamming refers to sending out or posting junk advertising and unsolicited mail. A smurf attack is a type of denial-of-service attack using PING and a spoofed address. Sniffing refers to observing packets passing on a network.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 3: Telecommunications and Network Security (page 77).

• Question 798:

  The primary service provided by Kerberos is which of the following?

  A. non-repudiation
  B. confidentiality
  C. authentication
  D. authorization
  C. authentication

  ---

  The Answer: authentication. Kerberos is an authentication service. It can use single-factor or multi-factor authentication methods.

  The following answers are incorrect:

  non-repudiation. Since Kerberos deals primarily with symmetric cryptography, it does not help with non- repudiation.

  confidentiality. Once the client is authenticated by Kerberos and obtains its session key and ticket, it may use them to assure confidentiality of its communication with a server; however, that is not a Kerberos service as such.

  authorization. Although Kerberos tickets may include some authorization information, the meaning of the authorization fields is not standardized in the Kerberos specifications, and authorization is not a primary Kerberos service.

  The following reference(s) were/was used to create this question:

  ISC2 OIG,2007 p. 179-184

  Shon Harris AIO v.3 152-155

• Question 799:

  Which of the following encryption methods is known to be unbreakable?

  A. Symmetric ciphers.
  B. DES codebooks.
  C. One-time pads.
  D. Elliptic Curve Cryptography.
  C. One-time pads.

  ---

  A One-Time Pad uses a keystream string of bits that is generated completely at random that is used only once. Because it is used only once it is considered unbreakable.

  The following answers are incorrect:

  Symmetric ciphers. This is incorrect because a Symmetric Cipher is created by substitution and transposition. They can and have been broken

  DES codebooks. This is incorrect because Data Encryption Standard (DES) has been broken, it was replaced by Advanced Encryption Standard (AES).

  Elliptic Curve Cryptography. This is incorrect because Elliptic Curve Cryptography or ECC is typically used on wireless devices such as cellular phones that have small processors. Because of the lack of processing power the keys used at

  often small. The smaller the key, the easier it is considered to be breakable. Also, the technology has not been around long enough or tested thourough enough to be considered truly unbreakable.

• Question 800:

  Which of the following are NOT a countermeasure to traffic analysis?

  A. Padding messages.
  B. Eavesdropping.
  C. Sending noise.
  D. Faraday Cage
  B. Eavesdropping.

  ---

  Eavesdropping is not a countermeasure, it is a type of attack where you are collecting traffic and attempting to see what is being send between entities communicating with each other.

  The following answers are incorrect:

  Padding Messages. Is incorrect because it is considered a countermeasure you make messages uniform size, padding can be used to counter this kind of attack, in which decoy traffic is sent out over the network to disguise patterns and

  make it more difficult to uncover patterns.

  Sending Noise. Is incorrect because it is considered a countermeasure, tansmitting non- informational data elements to disguise real data.

  Faraday Cage Is incorrect because it is a tool used to prevent emanation of electromagnetic waves. It is a very effective tool to prevent traffic analysis.