ISC SSCP Online Practice Questions and Exam Preparation

ISC SSCP Online Questions & Answers

• Question 881:

  Due care is not related to:

  A. Good faith
  B. Prudent man
  C. Profit
  D. Best interest
  C. Profit

  ---

  Officers and directors of a company are expected to act carefully in fulfilling their tasks. A director shall act in good faith, with the care an ordinarily prudent person in a like position would exercise under similar circumstances and in a manner he reasonably believes is in the best interest of the enterprise. The notion of profit would tend to go against the due care principle.

  Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 10: Law, Investigation, and Ethics (page 186).

• Question 882:

  Which of the following is NOT a technique used to perform a penetration test?

  A. traffic padding
  B. scanning and probing
  C. war dialing
  D. sniffing
  A. traffic padding

  ---

  Traffic padding is a countermeasure to traffic analysis.

  Even if perfect cryptographic routines are used, the attacker can gain knowledge of the amount of traffic that was generated. The attacker might not know what Alice and Bob were talking about, but can know that they were talking and how

  much they talked. In certain circumstances this can be very bad. Consider for example when a military is organising a secret attack against another nation: it may suffice to alert the other nation for them to know merely that there is a lot of

  secret activity going on. As another example, when encrypting Voice Over IP streams that use variable bit rate encoding, the number of bits per unit of time is not obscured, and this can be exploited to guess spoken phrases.

  Padding messages is a way to make it harder to do traffic analysis. Normally, a number of random bits are appended to the end of the message with an indication at the end how much this random data is. The randomness should have a

  minimum value of 0, a maximum number of N and an even distribution between the two extremes. Note, that increasing 0 does not help, only increasing N helps, though that also means that a lower percentage of the channel will be used to transmit real data. Also note, that since the cryptographic routine is assumed to be uncrackable (otherwise the padding length itself is crackable), it does not help to put the padding anywhere else, e.g. at the beginning, in the middle, or in a sporadic manner.

  The other answers are all techniques used to do Penetration Testing.

  References:

  KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 233, 238.

  and

  https://secure.wikimedia.org/wikipedia/en/wiki/Padding_%28cryptography%29#Traffic_analysis

• Question 883:

  In this type of attack, the intruder re-routes data traffic from a network device to a personal machine. This diversion allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Pick the best choice below.

  A. Network Address Translation
  B. Network Address Hijacking
  C. Network Address Supernetting
  D. Network Address Sniffing
  B. Network Address Hijacking

  ---

  Network address hijacking allows an attacker to reroute data traffic from a network device to a personal computer.

  Also referred to as session hijacking, network address hijacking enables an attacker to capture and analyze the data addressed to a target system. This allows an attacker to gain access to critical resources and user credentials, such as

  passwords, and to gain unauthorized access to critical systems of an organization.

  Session hijacking involves assuming control of an existing connection after the user has successfully created an authenticated session. Session hijacking is the act of unauthorized insertion of packets into a data stream. It is normally based

  on sequence number attacks, where sequence numbers are either guessed or intercepted.

  The following are incorrect answers:

  Network address translation (NAT) is a methodology of modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP

  address space into another. See RFC 1918 for more details.

  Network Address Supernetting There is no such thing as Network Address Supernetting. However, a supernetwork, or supernet, is an Internet Protocol (IP) network that is formed from the combination of two or more networks (or subnets)

  with a common Classless Inter-Domain Routing (CIDR) prefix. The new routing prefix for the combined network aggregates the prefixes of the constituent networks.

  Network Address Sniffing This is another bogus choice that sound good but does not even exist. However, sniffing is a common attack to capture cleartext password and information unencrypted over the network. Sniffier is accomplished

  using a sniffer also called a Protocol Analyzer. A network sniffers monitors data flowing over computer network links. It can be a self-contained software program or a hardware device with the appropriate software or firmware programming.

  Also sometimes called "network probes" or "snoops," sniffers examine network traffic, making a copy of the data but without redirecting or altering it.

  The following reference(s) were used for this question:

  Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press ) (Kindle Locations 8641-8642). Auerbach Publications. Kindle Edition.

  http://compnetworking.about.com/od/networksecurityprivacy/g/bldef_sniffer.htm

  http://wiki.answers.com/Q/What_is_network_address_hijacking

  KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 239.

• Question 884:

  The major objective of system configuration management is which of the following?

  A. system maintenance.
  B. system stability.
  C. system operations.
  D. system tracking.
  B. system stability.

  ---

  A major objective with Configuration Management is stability. The changes to the system are controlled so that they don't lead to weaknesses or faults in th system.

  The following answers are incorrect:

  system maintenance. Is incorrect because it is not the best answer. Configuration Management does control the changes to the system but it is not as important as the overall stability of the system. system operations. Is incorrect because it is

  not the best answer, the overall stability of the system is much more important.

  system tracking. Is incorrect because while tracking changes is important, it is not the best answer. The overall stability of the system is much more important.

• Question 885:

  The concept of best effort delivery is best associated with?

  A. TCP
  B. HTTP
  C. RSVP
  D. IP
  D. IP

  ---

  The Internet Protocol (IP) is a data-oriented protocol used for communicating data across a packet- switched internetwork. IP provides an unreliable service (i.e., best effort delivery). This means that the network makes no guarantees about the packet. Low-level connectionless protocols such as DDP (under Appletalk) and IP usually provide besteffort delivery of data. Best-effort delivery means that the protocol attempts to deliver any packets that meet certain requirements, such as containing a valid destination address, but the protocol does not inform the sender when it is unable to deliver the data, nor does it attempt to recover from error conditions and data loss. Higher-level protocols such as TCP on the other hand, can provide reliable delivery of data. Reliable delivery includes error checking and recovery from error or loss of data. HTTP is the HyperText Transport Protocol used to establish connections to a web server and thus one of the higher level protocol using TCP to ensure delivery of all bytes between the client and the server. It was not a good choice according to the question presented. Here is another definition from the TCP/IP guide at: http://www.tcpipguide.com/free/t_IPOverviewandKeyOperationalCharacteristics.htm Delivered Unreliably: IP is said to be an "unreliable protocol". That doesn't mean that one day your IP software will decide to go fishing rather than run your network. J It does mean that when datagrams are sent from device A to device B, device A just sends each one and then moves on to the next. IP doesn't keep track of the ones it sent. It does not provide reliability or service quality capabilities such as error protection for the data it sends (though it does on the IP header), flow control or retransmission of lost datagrams. For this reason, IP is sometimes called a best-effort protocol. It does what it can to get data to where it needs to go, but "makes no guarantees" that the data will actually get there.

• Question 886:

  A deviation from an organization-wide security policy requires which of the following?

  A. Risk Acceptance
  B. Risk Assignment
  C. Risk Reduction
  D. Risk Containment
  A. Risk Acceptance

  ---

  A deviation from an organization-wide security policy requires you to manage the risk. If you deviate from the security policy then you are required to accept the risks that might occur.

  In some cases, it may be prudent for an organization to simply accept the risk that is presented in certain scenarios. Risk acceptance is the practice of accepting certain risk(s), typically based on a business decision that may also weigh the

  cost versus the benefit of dealing with the risk in another way.

  The OIG defines Risk Management as: This term characterizes the overall process.

  The first phase of risk assessment includes identifying risks, risk-reducing measures, and the budgetary impact of implementing decisions related to the acceptance, avoidance, or transfer of risk.

  The second phase of risk management includes the process of assigning priority to, budgeting, implementing, and maintaining appropriate risk-reducing measures.

  Risk management is a continuous process of ever-increasing complexity. It is how we evaluate the impact of exposures and respond to them. Risk management minimizes loss to information assets due to undesirable events through

  identification, measurement, and control. It encompasses the overall security review, risk analysis, selection and evaluation of safeguards, costbenefit analysis, management decision, and safeguard identification and implementation, along

  with ongoing effectiveness review.

  Risk management provides a mechanism to the organization to ensure that executive management knows current risks, and informed decisions can be made to use one of the risk management principles: risk avoidance, risk transfer, risk

  mitigation, or risk acceptance.

  The 4 ways of dealing with risks are: Avoidance, Transfer, Mitigation, Acceptance The following answers are incorrect:

  Risk assignment. Is incorrect because it is a distractor, assignment is not one of the ways to manage risk.

  Risk reduction. Is incorrect because there was a deviation of the security policy. You could have some additional exposure by the fact that you deviated from the policy.

  Risk containment. Is incorrect because it is a distractor, containment is not one of the ways to manage risk.

  Reference(s) used for this question:

  Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 8882-8886). Auerbach Publications. Kindle Edition.

  and

  Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 10206-10208). Auerbach Publications. Kindle Edition.

• Question 887:

  Which of the following NAT firewall translation modes offers no protection from hacking attacks to an internal host using this functionality?

  A. Network redundancy translation
  B. Load balancing translation
  C. Dynamic translation
  D. Static translation
  D. Static translation

  ---

  Static translation (also called port forwarding), assigns a fixed address to a specific internal network resource (usually a server).

  Static NAT is required to make internal hosts available for connection from external hosts. It merely replaces port information on a one-to-one basis. This affords no protection to statistically translated hosts:

  hacking attacks will be just as efficiently translated as any other valid connection attempt.

  NOTE FROM CLEMENT:

  Hiding Nat or Overloaded Nat is when you have a group of users behind a unique public IP address. This will provide you with some security through obscurity where an attacker scanning your network would see the unique IP address on the

  outside of the gateway but could not tell if there is one user, ten users, or hundreds of users behind that IP.

  NAT was NEVER built as a security mechanism.

  In the case of Static NAT used for some of your servers for example, your web server private IP is map to a valid external public IP on a one on one basis, your SMTP server private IP is mapped to a static public IP, and so on.

  If an attacker scan the IP address range on the external side of the gateway he would discover every single one of your servers or any other hosts using static natting. Ports that are open, services that are listening, and all of this info could be

  gathered just as if the server was in fact using a public IP. It does not provide this security through obscurity mentioned above.

  All of the other answer are incorrect.

  Reference used for this question:

  STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 7: Network Address Translation.

• Question 888:

  Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs?

  A. A known-plaintext attack
  B. A known-algorithm attack
  C. A chosen-ciphertext attack
  D. A chosen-plaintext attack
  A. A known-plaintext attack

  ---

  RFC2828 (Internet Security Glossary) defines a known-plaintext attack as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext- ciphertext pairs (although the analyst may also have other clues, such as the knowing the cryptographic algorithm). A chosen- ciphertext attack is defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of plaintext that corresponds to ciphertext selected (i.e., dictated) by the analyst. A chosen-plaintext attack is a cryptanalysis technique in which the analyst tries to determine the key from knowledge of ciphertext that corresponds to plaintext selected (i.e., dictated) by the analyst. The other choice is a distracter.

  The following are incorrect answers:

  A chosen-plaintext attacks

  The attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext. This gives her more power and possibly a deeper understanding of the way the encryption process works so

  she can gather more information about the key being used. Once the key is discovered, other messages encrypted with that key can be decrypted.

  A chosen-ciphertext attack

  In chosen-ciphertext attacks, the attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext. Again, the goal is to figure out the key. This is a harder attack to carry out compared to the previously

  mentioned attacks, and the attacker may need to have control of the system that contains the cryptosystem.

  A known-algorithm attack

  Knowing the algorithm does not give you much advantage without knowing the key. This is a bogus detractor. The algorithm should be public, which is the Kerckhoffs's Principle . The only secret should be the key.

  Reference(s) used for this question:

  Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

  and

  Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 866). McGraw-Hill.

  Kindle Edition.

  and

  Kerckhoffs's Principle

• Question 889:

  Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic?

  A. a firewall.
  B. dial-up.
  C. passwords.
  D. fiber optics.
  A. a firewall.

  ---

  The use of a firewall is a requirement to protect a local area network (LAN) that has external connections without that you have no real protection from fraudsters.

  The following answers are incorrect:

  dial-up. This is incorrect because this offers little protection once the connection has been established.

  passwords. This is incorrect because there are tools to crack passwords and once a user has been authenticated and connects to the external connections, passwords do not offer protection against incoming TCP packets.

  fiber optics. This is incorrect because this offers no protection from the external connection.

• Question 890:

  The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address?

  A. integrity and confidentiality.
  B. confidentiality and availability.
  C. integrity and availability.
  D. none of the above.
  C. integrity and availability.

  ---

  TCSEC focused on confidentiality while ITSEC added integrity and availability as security goals.

  The following answers are incorrect:

  integrity and confidentiality. Is incorrect because TCSEC addressed confidentiality.

  confidentiality and availability. Is incorrect because TCSEC addressed confidentiality.

  none of the above. Is incorrect because ITSEC added integrity and availability as security goals.