This page was exported from Actual Test Materials [ http://blog.actualtests4sure.com ] Export date:Tue Feb 25 0:28:50 2025 / +0000 GMT ___________________________________________________ Title: View All SSCP Actual Exam Questions Answers and Explanations for Free Nov-2024 [Q220-Q238] --------------------------------------------------- View All SSCP Actual Exam Questions Answers and Explanations for Free Nov-2024 The Most In-Demand ISC SSCP Pass Guaranteed Quiz  ISC SSCP Practice Test Questions, ISC SSCP Exam Practice Test Questions The (ISC)2 SSCP certificate is designed for the IT directors, managers, administrators, and other network security professionals who are responsible for practical operational security of the critical assets of their organizations. The candidates for this path demonstrate the advanced knowledge and technical skills required to administer, implement, and monitor IT infrastructure with the use of the security procedures, policies, and best practices. To get the SSCP certification, you must pass one qualifying exam and fulfill some requirements. ISC SSCP Exam Syllabus Topics: TopicDetailsTopic 1Understand network attacks and counter measures Participate in the identity management lifecycleTopic 2Implement and operate endpoint device security Participate in security awareness and trainingTopic 3Operate and configure wireless technologies Operate and maintain monitoring systemsTopic 4Understand and support forensic investigations Understand reasons and requirements for cryptographyTopic 5Identify and analyze malicious code and activity Implement and maintain authentication methods The SSCP exam is designed to test the candidate's knowledge in seven domains of information security, including access controls, cryptography, network and communication security, risk identification, monitoring and analysis, security operations and administration, and systems and application security. SSCP exam consists of 125 multiple-choice questions and has a time limit of three hours. To pass the exam, candidates must score at least 700 out of a possible 1000 points. Once certified, individuals are recognized as experts in the field of information security and are able to advance their careers to higher levels.   NO.220 Which of the following should be emphasized during the Business Impact Analysis (BIA) considering that the BIA focus is on business processes?  Composition  Priorities  Dependencies  Service levels The Business Impact Analysis (BIA) identifies time-critical aspects of the critical business processes, and determines their maximum tolerable downtime. The BIA helps to Identify organization functions, the capabilities of each organization unit to handle outages, and the priority and sequence of functions and applications to be recovered, identify resources required for recovery of those areas and interdependenciesIn performing the Business Impact Analysis (BIA) it is very important to consider what the dependencies are. You cannot bring a system up if it depends on another system to be operational. You need to look at not only internal dependencies but external as well. You might not be able to get the raw materials for your business so dependencies are very important aspect of a BIA.The BIA committee will not truly understand all business processes, the steps that must take place, or the resources and supplies these processes require. So the committee must gather this information from the people who do know- department managers and specific employees throughout the organization. The committee starts by identifying the people who will be part of the BIA data-gathering sessions. The committee needs to identify how it will collect the data from the selected employees, be it through surveys, interviews, or workshops. Next, the team needs to collect the information by actually conducting surveys, interviews, and workshops. Data points obtained as part of the information gathering will be used later during analysis. It is important that the team members ask about how different tasks- whether processes, transactions, or services, along with any relevant dependencies- get accomplished within the organization.The following answers are incorrect: composition This is incorrect because it is not the best answer. While the make up of business may be important, if you have not determined the dependencies first you may not be able to bring the critical business processes to a ready state or have the materials on hand that are needed.priorities This is incorrect because it is not the best answer. While the priorities ofprocesses are important, if you have not determined the dependencies first you may not beable to bring the critical business processes to a ready state or have the materials on handthat are needed.service levels This is incorrect because it is not the best answer. Service levels are not asimportant as dependencies.Reference(s) used for this question:Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :Business Continuity and Disaster Recovery Planning (Kindle Locations 188-191). . KindleEdition.andHarris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations18562-18568). McGraw-Hill. Kindle Edition.NO.221 What is called a password that is the same for each log-on session?  “one-time password”  “two-time password”  static password  dynamic password Explanation/Reference:Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36.NO.222 An effective information security policy should not have which of the following characteristic?  Include separation of duties  Be designed with a short- to mid-term focus  Be understandable and supported by all stakeholders  Specify areas of responsibility and authority An effective information security policy should be designed with a long-termfocus. All other characteristics apply.Source: ALLEN, Julia H., The CERT Guide to System and Network Security Practices,Addison-Wesley, 2001, Appendix B, Practice-Level Policy Considerations (page 397).NO.223 What is the proper term to refer to a single unit of IP data?  IP segment.  IP datagram.  IP frame.  IP fragment. IP is a datagram based technology.DIFFERENCE BETWEEN PACKETS AND DATAGRAMAs specified at: http://en.wikipedia.org/wiki/Packet_(information_technology) In general, the term packet applies to any message formatted as a packet, while the term datagram is generally reserved for packets of an “unreliable” service.A “reliable” service is one that notifies the user if delivery fails, while an “unreliable” one does not notify the user if delivery fails. For example, IP provides an unreliable service.Together, TCP and IP provide a reliable service, whereas UDP and IP provide an unreliable one.All these protocols use packets, but UDP packets are generally called datagrams.If a network does not guarantee packet delivery, then it becomes the host’s responsibility to provide reliability by detecting and retransmitting lost packets. Subsequent experience on the ARPANET indicated that the network itself could not reliably detect all packet delivery failures, and this pushed responsibility for error detection onto the sending host in any case. This led to the development of the end-to-end principle, which is one of the Internet’s fundamental design assumptions.The following answers are incorrect:IP segment. Is incorrect because IP segment is a detractor, the correct terminology is TCP segment. IP is a datagram based technology.IP frame. Is incorrect because IP frame is a detractor, the correct terminology is Ethernet frame.IP is a datagram based technology.IP fragment. Is incorrect because IP fragment is a detractor.NO.224 Which of the following standards concerns digital certificates?  X.400  X.25  X.509  X.75 Explanation/Reference:X.509 is used in digital certificates. X.400 is used in e-mail as a message handling protocol. X.25 is a standard for the network and data link levels of a communication network and X.75 is a standard defining ways of connecting two X.25 networks.Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 164).NO.225 Which of the following backup methods makes a complete backup of every file on the server every time it is run?  full backup method.  incremental backup method.  differential backup method.  tape backup method. The Full Backup Method makes a complete backup of every file on the server every time it is run.NO.226 Which of the following can be defined as an Internet protocol by which a client workstation can dynamically access a mailbox on a server host to manipulate and retrieve mail messages that the server has received and is holding for the client?  IMAP4  SMTP  MIME  PEM Explanation/Reference:RFC 2828 (Internet Security Glossary) defines the Internet Message Access Protocol, version 4 (IMAP4) as an Internet protocol by which a client workstation can dynamically access a mailbox on a server host to manipulate and retrieve mail messages that the server has received and is holding for the client.IMAP4 has mechanisms for optionally authenticating a client to a server and providing other security services.MIME is the MultiPurpose Internet Mail Extension. MIME extends the format of Internet mail to allow non- US-ASCII textual messages, non-textual messages, multipart message bodies, and non-US-ASCII information in message headers.Simple Mail Transfer Protocol (SMTP) is a TCP-based, application-layer, Internet Standard protocol for moving electronic mail messages from one computer to another.Privacy Enhanced Mail (PEM) is an Internet protocol to provide data confidentiality, data integrity, and data origin authentication for electronic mail.Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.NO.227 Which of the following is not a preventive operational control?  Protecting laptops, personal computers and workstations.  Controlling software viruses.  Controlling data media access and disposal.  Conducting security awareness and technical training. Conducting security awareness and technical training to ensure that end users and system users are aware of the rules of behaviour and their responsibilities in protecting the organization’s mission is an example of a preventive management control, therefore not an operational control.NO.228 Which of the following Kerberos components holds all users’ and services’ cryptographic keys?  The Key Distribution Service  The Authentication Service  The Key Distribution Center  The Key Granting Service Section: Access ControlExplanationExplanation/Reference:The Key Distribution Center (KDC) holds all users’ and services’ cryptographic keys. It provides authentication services, as well as key distribution functionality. The Authentication Service is the part of the KDC that authenticates a principal. The Key Distribution Service and Key Granting Service are distracters and are not defined Kerberos components.Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#1 Access Control System & Methodology (page 3)NO.229 You work in a police department forensics lab where you examine computers for evidence of crimes.Your work is vital to the success of the prosecution of criminals.One day you receive a laptop and are part of a two man team responsible for examining it together.However, it is lunch time and after receiving the laptop you leave it on your desk and you both head out to lunch.What critical step in forensic evidence have you forgotten?  Chain of custody  Locking the laptop in your desk  Making a disk image for examination  Cracking the admin password with chntpw When evidence from a crime is to be used in the prosecution of a criminal it is critical that you follow the law when handling that evidence. Part of that process is called chain of custody and is when you maintain proactive and documented control over ALL evidence involved in a crime.Failure to do this can lead to the dismissal of charges against a criminal because if the evidence is compromised because you failed to maintain of chain of custody.A chain of custody is chronological documentation for evidence in a particular case, and is especially important with electronic evidence due to the possibility of fraudulent data alteration, deletion, or creation. A fully detailed chain of custody report is necessary to prove the physical custody of a piece of evidence and show all parties that had access to said evidence at any given time.Evidence must be protected from the time it is collected until the time it is presented in court.The following answers are incorrect:– Locking the laptop in your desk: Even this wouldn’t assure that the defense team would try to challenge chain of custody handling. It’s usually easy to break into a desk drawer and evidence should be stored in approved safes or other storage facility.– Making a disk image for examination: This is a key part of system forensics where we make a disk image of the evidence system and study that as opposed to studying the real disk drive. That could lead to loss of evidence. However if the original evidence is not secured than the chain of custoday has not been maintained properly.– Cracking the admin password with chntpw: This isn’t correct. Your first mistake was to compromise the chain of custody of the laptop. The chntpw program is a Linux utility to (re)set the password of any user that has a valid (local) account on a Windows system, by modifying the crypted password in the registry’s SAM file. You do not need to know the old password to set a new one. It works offline which means you must have physical access (i.e., you have to shutdown your computer and boot off a linux floppy disk). The bootdisk includes stuff to access NTFS partitions and scripts to glue the whole thing together. This utility works with SYSKEY and includes the option to turn it off. A bootdisk image is provided on their website athttp://freecode.com/projects/chntpw.NO.230 Packet Filtering Firewalls examines both the source and destination address of the:  incoming and outgoing data packets  outgoing data packets only  Incoming Data packets only  user data packet Packeting filtering firewalls are devices that enforce administrative security policies by filtering incoming traffic as well as outgoing traffic based on rules that can include the source and/or destination addresses.“Outgoing data packets” is incorrect. Firewalls filter incoming as well as outgoing traffic. This is sometimes called Egress and Ingress filtering.“Incoming data packets only” is incorrect. (see previous explantion)“User data packet” is incorrect. A packet filtering firewall does not typicallly look into the data portion of the packet.NO.231 Which of the following statements is most accurate regarding a digital signature?  It is a method used to encrypt confidential data.  It is the art of transferring handwritten signature to electronic media.  It allows the recipient of data to prove the source and integrity of data.  It can be used as a signature system and a cryptosystem. NO.232 In addition to the accuracy of the biometric systems, there are other factors that must alsobe considered:  These factors include the enrollment time and the throughput rate, but not acceptability.  These factors do not include the enrollment time, the throughput rate, and acceptability.  These factors include the enrollment time, the throughput rate, and acceptability.  These factors include the enrollment time, but not the throughput rate, neither the acceptability. In addition to the accuracy of the biometric systems, there are other factorsthat must also be considered.These factors include the enrollment time, the throughput rate, and acceptability.Enrollment time is the time it takes to initially “register” with a system by providing samplesof the biometric characteristic to be evaluated. An acceptable enrollment time is around twominutes.For example, in fingerprint systems, the actual fingerprint is stored and requiresapproximately 250kb per finger for a high quality image. This level of information is requiredfor one-to-many searches in forensics applications on very large databases.In finger-scan technology, a full fingerprint is not stored-the features extracted from thisfingerprint are stored using a small template that requires approximately 500 to 1000 bytesof storage. The original fingerprint cannot be reconstructed from this template.Updates of the enrollment information may be required because some biometriccharacteristics, such as voice and signature, may change with time.Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering theTen Domains of Computer Security, 2001, John Wiley & Sons, Page 37 & 38.NO.233 What IDS approach relies on a database of known attacks?  Signature-based intrusion detection  Statistical anomaly-based intrusion detection  Behavior-based intrusion detection  Network-based intrusion detection A weakness of the signature-based (or knowledge-based) intrusion detection approach is that only attack signatures that are stored in a database are detected. Network-based intrusion detection can either be signature-based or statistical anomaly-based (also called behavior-based).Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering theTen Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access controlsystems (page 49).NO.234 What are the three components of the AIC triad? (Choose three)  Accountability  Intelligence  Integrity  Confinement  Confidentiality  Availability The AIC triad is: availability, integrity, and confidentiality. This is a key concept of security.NO.235 What is used to protect programs from all unauthorized modification or executional interference?  A protection domain  A security perimeter  Security labels  Abstraction Explanation/Reference:A protection domain consists of the execution and memory space assigned to each process. The purpose of establishing a protection domain is to protect programs from all unauthorized modification or executional interference. The security perimeter is the boundary that separates the Trusted Computing Base (TCB) from the remainder of the system. Security labels are assigned to resources to denote a type of classification. Abstraction is a way to protect resources in the fact that it involves viewing system components at a high level and ignoring its specific details, thus performing information hiding.Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 193).NO.236 When should a post-mortem review meeting be held after an intrusion has been properly taken care of?  Within the first three months after the investigation of the intrusion is completed.  Within the first week after prosecution of intruders have taken place, whether successful or not.  Within the first month after the investigation of the intrusion is completed.  Within the first week of completing the investigation of the intrusion. Section: Risk, Response and RecoveryExplanation/Reference:A post-mortem review meeting should be held with all involved parties within three to five working days of completing the investigation of the intrusion. Otherwise, participants are likely to forget critical information.Even if it enabled an organization to validate the correctness of its chain of custody of evidence, it would not make sense to wait until prosecution is complete because it would take too much time and many cases of intrusion never get to court anyway.Source: ALLEN, Julia H., The CERT Guide to System and Network Security Practices, Addison-Wesley, 2001, Chapter 7: Responding to Intrusions (page 297).NO.237 Which of the following is NOT a known type of Message Authentication Code (MAC)?  Keyed-hash message authentication code (HMAC)  DES-CBC  Signature-based MAC (SMAC)  Universal Hashing Based MAC (UMAC) Explanation/Reference:There is no such thing as a Signature-Based MAC. Being the wrong choice in the list, it is the best answer to this question.WHAT IS A Message Authentication Code (MAC)?In Cryptography, a MAC (Message Authentication Code) also known as a cryptographic checksum, is a small block of data that is generated using a secret key and then appended to the message. When the message is received, the recipient can generate their own MAC using the secret key, and thereby know that the message has not changed either accidentally or intentionally in transit. Of course, this assurance is only as strong as the trust that the two parties have that no one else has access to the secret key.A MAC is a small representation of a message and has the following characteristics:A MAC is much smaller than the message generating it.Given a MAC, it is impractical to compute the message that generated it.Given a MAC and the message that generated it, it is impractical to find another message generating the same MAC.See the graphic below from Wikipedia showing the creation of a MAC value:Message Authentication Code MAC HMACIn the example above, the sender of a message runs it through a MAC algorithm to produce a MAC data tag. The message and the MAC tag are then sent to the receiver. The receiver in turn runs the message portion of the transmission through the same MAC algorithm using the same key, producing a second MAC data tag. The receiver then compares the first MAC tag received in the transmission to the second generated MAC tag. If they are identical, the receiver can safely assume that the integrity of the message was not compromised, and the message was not altered or tampered with during transmission.However, to allow the receiver to be able to detect replay attacks, the message itself must contain data that assures that this same message can only be sent once (e.g. time stamp, sequence number or use of a one-time MAC). Otherwise an attacker could – without even understanding its content – record this message and play it back at a later time, producing the same result as the original sender.NOTE: There are many ways of producing a MAC value. Below you have a short list of some implementation.The following were incorrect answers for this question:They were all incorrect answers because they are all real type of MAC implementation.In the case of DES-CBC, a MAC is generated using the DES algorithm in CBC mode, and the secret DES key is shared by the sender and the receiver. The MAC is actually just the last block of ciphertext generated by the algorithm. This block of data (64 bits) is attached to the unencrypted message and transmitted to the far end. All previous blocks of encrypted data are discarded to prevent any attack on the MAC itself. The receiver can just generate his own MAC using the secret DES key he shares to ensure message integrity and authentication. He knows that the message has not changed because the chaining function of CBC would significantly alter the last block of data if any bit had changed anywhere in the message. He knows the source of the message (authentication) because only one other person holds the secret key.A Keyed-hash message authentication code (HMAC) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authentication of a message. Any cryptographic hash function, such as MD5, SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly.The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and on the size and quality of the key.A message authentication code based on universal hashing, or UMAC, is a type of message authentication code (MAC) calculated choosing a hash function from a class of hash functions according to some secret (random) process and applying it to the message. The resulting digest or fingerprint is then encrypted to hide the identity of the hash function used. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. UMAC is specified in RFC 4418, it has provable cryptographic strength and is usually a lot less computationally intensive than other MACs.What is the MicMac (confusion) with MIC and MAC?The term message integrity code (MIC) is frequently substituted for the term MAC, especially in communications, where the acronym MAC traditionally stands for Media Access Control when referring to Networking. However, some authors use MIC as a distinctly different term from a MAC; in their usage of the term the MIC operation does not use secret keys. This lack of security means that any MIC intended for use gauging message integrity should be encrypted or otherwise be protected against tampering. MIC algorithms are created such that a given message will always produce the same MIC assuming the same algorithm is used to generate both. Conversely, MAC algorithms are designed to produce matching MACs only if the same message, secret key and initialization vector are input to the same algorithm. MICs do not use secret keys and, when taken on their own, are therefore a much less reliable gauge of message integrity than MACs. Because MACs use secret keys, they do not necessarily need to be encrypted to provide the same level of assurance.Reference(s) used for this question:Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 15799-15815). Auerbach Publications. Kindle Edition.andhttp://en.wikipedia.org/wiki/Message_authentication_codeandhttp://tools.ietf.org/html/rfc4418NO.238 Which one of the following authentication mechanisms creates a problem for mobile users?  Mechanisms based on IP addresses  Mechanism with reusable passwords  one-time password mechanism.  challenge response mechanism. Explanation/Reference:Anything based on a fixed IP address would be a problem for mobile users because their location and its associated IP address can change from one time to the next. Many providers will assign a new IP every time the device would be restarted. For example an insurance adjuster using a laptop to file claims online.He goes to a different client each time and the address changes every time he connects to the ISP.NOTE FROM CLEMENT:The term MOBILE in this case is synonymous with Road Warriors where a user is contantly traveling and changing location. With smartphone today that may not be an issue but it would be an issue for laptops or WIFI tablets. Within a carrier network the IP will tend to be the same and would change rarely. So this question is more applicable to devices that are not cellular devices but in some cases this issue could affect cellular devices as well.The following answers are incorrect:mechanism with reusable password. This is incorrect because reusable password mechanism would not present a problem for mobile users. They are the least secure and change only at specific interval.one-time password mechanism. This is incorrect because a one-time password mechanism would not present a problem for mobile users. Many are based on a clock and not on the IP address of the user.challenge response mechanism. This is incorrect because challenge response mechanism would not present a problem for mobile users. Loading … SSCP Free Certification Exam Material with 1338 Q&As : https://www.actualtests4sure.com/SSCP-test-questions.html --------------------------------------------------- Images: https://blog.actualtests4sure.com/wp-content/plugins/watu/loading.gif https://blog.actualtests4sure.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2024-11-25 12:40:50 Post date GMT: 2024-11-25 12:40:50 Post modified date: 2024-11-25 12:40:50 Post modified date GMT: 2024-11-25 12:40:50