ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 811:

  Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. This method allocates bandwidth dynamically to physical channels having information to transmit?

  A. Time-division multiplexing
  B. Asynchronous time-division multiplexing
  C. Statistical multiplexing
  D. Frequency division multiplexing
  C. Statistical multiplexing

  ---

  Statistical multiplexing is a type of communication link sharing, very similar to dynamic bandwidth allocation (DBA). In statistical multiplexing, a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. The link sharing is adapted to the instantaneous traffic demands of the data streams that are transferred over each channel. This is an alternative to creating a fixed sharing of a link, such as in general time division multiplexing (TDM) and frequency division multiplexing (FDM). When performed correctly, statistical multiplexing can provide a link utilization improvement, called the statistical multiplexing gain. Generally, the methods for multiplexing data include the following : Time-division multiplexing (TDM): information from each data channel is allocated bandwidth based on pre-assigned time slots, regardless of whether there is data to transmit. Time-division multiplexing is used primarily for digital signals, but may be applied in analog multiplexing in which two or more signals or bit streams are transferred appearing simultaneously as subchannels in one communication channel, but are physically taking turns on the channel. The time domain is divided into several recurrent time slots of fixed length, one for each sub-channel. A sample byte or data block of sub-channel 1 is transmitted during time slot 1, sub-channel 2 during time slot 2, etc. One TDM frame consists of one time slot per sub-channel plus a synchronization channel and sometimes error correction channel before the synchronization. After the last sub-channel, error correction, and synchronization, the cycle starts all over again with a new frame, starting with the second sample, byte or data block from sub-channel 1, etc. Asynchronous time-division multiplexing (ATDM): information from data channels is allocated bandwidth as needed, via dynamically assigned time slots. ATM provides functionality that is similar to both circuit switching and packet switching networks: ATM uses asynchronous timedivision multiplexing, and encodes data into small, fixed-sized packets (ISO-OSI frames) called cells. This differs from approaches such as the Internet Protocol or Ethernet that use variable sized packets and frames. ATM uses a connection-oriented model in which a virtual circuit must be established between two endpoints before the actual data exchange begins. These virtual circuits may be "permanent", i.e. dedicated connections that are usually preconfigured by the service provider, or "switched", i.e. set up on a per-call basis using signalling and disconnected when the call is terminated. Frequency division multiplexing (FDM): information from each data channel is allocated bandwidth based on the signal frequency of the traffic. In telecommunications, frequencydivision multiplexing (FDM) is a technique by which the total bandwidth available in a communication medium is divided into a series of non-overlapping frequency sub-bands, each of which is used to carry a separate signal. This allows a single transmission medium such as the radio spectrum, a cable or optical fiber to be shared by many signals. Reference used for this question: http://en.wikipedia.org/wiki/Statistical_multiplexing and http://en.wikipedia.org/wiki/Frequency_division_multiplexing and Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure and Operational Practices (page 114).

• Question 812:

  Which of the following is not a component of a Operations Security "triples"?

  A. Asset
  B. Threat
  C. Vulnerability
  D. Risk
  D. Risk

  ---

  The Operations Security domain is concerned with triples - threats, vulnerabilities and assets.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 216.

• Question 813:

  Which backup method does not reset the archive bit on files that are backed up?

  A. Full backup method
  B. Incremental backup method
  C. Differential backup method
  D. Additive backup method
  C. Differential backup method

  ---

  The differential backup method only copies files that have changed since the last full backup was performed. It is additive in the fact that it does not reset the archive bit so all changed or added files are backed up in every differential backup until the next full backup. The "additive backup method" is not a common backup method.

  Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 3: Telecommunications and Network Security (page 69).

• Question 814:

  Before the advent of classless addressing, the address 128.192.168.16 would have been considered part of:

  A. a class A network.
  B. a class B network.
  C. a class C network.
  D. a class D network.
  B. a class B network.

  ---

  Before the advent of classless addressing, one could tell the size of a network by the first few bits of an IP address. If the first bit was set to zero (the first byte being from 0 to 127), the address was a class A network. Values from 128 to 191

  were used for class B networks whereas values between 192 and 223 were used for class C networks. Class D, with values from 224 to 239 (the first three bits set to one and the fourth to zero), was reserved for IP multicast. Source:

  STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 3:

  TCP/IP from a Security Viewpoint.

• Question 815:

  The IP header contains a protocol field. If this field contains the value of 6, what type of data is contained within the ip datagram?

  A. TCP.
  B. ICMP.
  C. UDP.
  D. IGMP.
  A. TCP.

  ---

  If the protocol field has a value of 6 then it would indicate it was TCP.

  The protocol field of the IP packet dictates what protocol the IP packet is using.

  TCP=6, ICMP=1, UDP=17, IGMP=2

  The following answers are incorrect:

  ICMP. Is incorrect because the value for an ICMP protocol would be 1.

  UDP. Is incorrect because the value for an UDP protocol would be 17.

  IGMP. Is incorrect because the value for an IGMP protocol would be 2.

  References:

  SANS http://www.sans.org/resources/tcpip.pdf?ref=3871

• Question 816:

  Which of the following offers confidentiality to an e-mail message?

  A. The sender encrypting it with its private key.
  B. The sender encrypting it with its public key.
  C. The sender encrypting it with the receiver's public key.
  D. The sender encrypting it with the receiver's private key.
  C. The sender encrypting it with the receiver's public key.

  ---

  An e-mail message's confidentiality is protected when encrypted with the receiver's public key, because he is the only one able to decrypt the message. The sender is not supposed to have the receiver's private key. By encrypting a message with its private key, anybody possessing the corresponding public key would be able to read the message. By encrypting the message with its public key, not even the receiver would be able to read the message.

  Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter

  8: Cryptography (page 517).

• Question 817:

  Which of the following mechanisms was created to overcome the problem of collisions that occur on wired networks when traffic is simultaneously transmitted from different nodes?

  A. Carrier sense multiple access with collision avoidance (CSMA/CA)
  B. Carrier sense multiple access with collision detection (CSMA/CD)
  C. Polling
  D. Token-passing
  D. Token-passing

• Question 818:

  An application layer firewall is also called a:

  A. Proxy
  B. A Presentation Layer Gateway.
  C. A Session Layer Gateway.
  D. A Transport Layer Gateway.
  A. Proxy

  ---

  An application layer firewall can also be called a proxy.

  "A presentation layer gateway" is incorrect. A gateway connects two unlike environments and is usually required to translate between diffferent types of applications or protocols. This is not the function of a firewall.

  "A session layer gateway" is incorrect. A gateway connects two unlike environments and is usually required to translate between diffferent types of applications or protocols. This is not the function of a firewall.

  "A transport layer gateway" is incorrect. A gateway connects two unlike environments and is usually required to translate between diffferent types of applications or protocols. This is not the function of a firewall.

  References:

  CBK, p. 467

  AIO3, pp. 486 - 490, 960

• Question 819:

  Which of the following is NOT a characteristic of a host-based intrusion detection system?

  A. A HIDS does not consume large amounts of system resources
  B. A HIDS can analyse system logs, processes and resources
  C. A HIDS looks for unauthorized changes to the system
  D. A HIDS can notify system administrators when unusual events are identified
  A. A HIDS does not consume large amounts of system resources

  ---

  A HIDS does not consume large amounts of system resources is the correct choice. HIDS can consume inordinate amounts of CPU and system resources in order to function effectively, especially during an event.

  All the other answers are characteristics of HIDSes

  A HIDS can:

  scrutinize event logs, critical system files, and other auditable system resources;

  look for unauthorized change or suspicious patterns of behavior or activity

  can send alerts when unusual events are discovered

  Reference:

  Official guide to the CISSP CBK. Pages 197 to 198.

• Question 820:

  In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?

  A. Bell-LaPadula model
  B. Biba model
  C. Access Matrix model
  D. Take-Grant model
  A. Bell-LaPadula model

  ---

  The Bell-LAPadula model is also called a multilevel security system because users with different clearances use the system and the system processes data with different classifications. Developed by the US Military in the 1970s.

  A security model maps the abstract goals of the policy to information system terms by specifying explicit data structures and techniques necessary to enforce the security policy. A security model is usually represented in mathematics and analytical ideas, which are mapped to system specifications and then developed by programmers through programming code. So we have a policy that encompasses security goals, such as "each subject must be authenticated and authorized before accessing an object." The security model takes this requirement and provides the necessary mathematical formulas, relationships, and logic structure to be followed to accomplish this goal.

  A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels. The level at which information is classified determines the handling procedures that should be used. The Bell- LaPadula model is a state machine model that enforces the confidentiality aspects of access control. A matrix and security levels are used to determine if subjects can access different objects. The subject's clearance is compared to the object's classification and then specific rules are applied to control how subject-to-object subject-to- object interactions can take place.

  Reference(s) used for this question:

  Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 369). McGraw-Hill. Kindle Edition.