[Jan 08, 2022] SSCP PDF Questions and Testing Engine With 1074 Questions Updated Exam Engine for SSCP Exam Free Demo 365 Day Updates NEW QUESTION 526 Which of the following is a device that is used to regenerate or replicate the receivedsignals? A. Brouter B. Repeater C. Bridge D. Router Answer: B Explanation:Repeaters offer the simplest form of connectivity. They regenerate received electrical signals [...]

All Products Contact now

[Jan 08, 2022] SSCP PDF Questions and Testing Engine With 1074 Questions [Q526-Q547]

Share

[Jan 08, 2022] SSCP PDF Questions and Testing Engine With 1074 Questions

Updated Exam Engine for SSCP Exam Free Demo & 365 Day Updates

NEW QUESTION 526
Which of the following is a device that is used to regenerate or replicate the received
signals?

  • A. Brouter
  • B. Repeater
  • C. Bridge
  • D. Router

Answer: B

Explanation:
Repeaters offer the simplest form of connectivity. They regenerate received electrical signals at their original strength between cable segments. Bridges are devices used to connect similar or dissimilar LANs together to form an extended LAN. Routers provide packet routing between network segments. Brouter are devices that combine router and bridge functionality. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (page 397).

 

NEW QUESTION 527
Which of the following is not a DES mode of operation?

  • A. Electronic code book
  • B. Cipher block chaining
  • C. Input feedback
  • D. Cipher feedback

Answer: C

Explanation:
Explanation/Reference:
Output feedback (OFB) is a DES mode of operation, not input feedback.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 149).

 

NEW QUESTION 528
Most access violations are:

  • A. Accidental
  • B. Caused by internal hackers
  • C. Related to Internet
  • D. Caused by external hackers

Answer: A

Explanation:
Explanation/Reference:
The most likely source of exposure is from the uninformed, accidental or unknowing person, although the greatest impact may be from those with malicious or fraudulent intent.
Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 4: Protection of Information Assets (page 192).

 

NEW QUESTION 529
The following actions have been noted as providing motivation to virus writers? (Choose all that apply)

  • A. Fame
  • B. Fortune
  • C. Boredom
  • D. Stupidity

Answer: A,C

 

NEW QUESTION 530
What is the main focus of the Bell-LaPadula security model?

  • A. Accountability
  • B. Confidentiality
  • C. Integrity
  • D. Availability

Answer: B

Explanation:
The Bell-LaPadula model is a formal model dealing with confidentiality.
The Bell-LaPadula Model (abbreviated BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Schell to formalize the U.S. Department of Defense (DoD) multilevel security (MLS) policy. The model is a formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g."Top Secret"), down to the least sensitive (e.g., "Unclassified" or "Public").
The Bell-LaPadula model focuses on data confidentiality and controlled access to classified information, in contrast to the Biba Integrity Model which describes rules for the protection of data integrity. In this formal model, the entities in an information system are divided into subjects and objects.
The notion of a "secure state" is defined, and it is proven that each state transition preserves security by moving from secure state to secure state, thereby inductively proving that the system satisfies the security objectives of the model. The Bell-LaPadula model is built on the concept of a state machine with a set of allowable states in a computer network system. The transition from one state to another state is defined by transition functions.
A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a security policy. To determine whether a specific access mode is allowed, the clearance of a subject is compared to the classification of the object (more precisely, to the combination of classification and set of compartments, making up the security level) to determine if the subject is authorized for the specific access mode.
The clearance/classification scheme is expressed in terms of a lattice. The model defines two mandatory access control (MAC) rules and one discretionary access control (DAC) rule with three security properties:
The Simple Security Property - a subject at a given security level may not read an object at a higher security level (no read-up).
The -property (read "star"-property) - a subject at a given security level must not write to any object at a lower security level (no write-down). The -property is also known as the Confinement property. The Discretionary Security Property - use of an access matrix to specify the discretionary access control.
The following are incorrect answers:
Accountability is incorrect. Accountability requires that actions be traceable to the user that
performed them and is not addressed by the Bell-LaPadula model.
Integrity is incorrect. Integrity is addressed in the Biba model rather than Bell-Lapadula.
Availability is incorrect. Availability is concerned with assuring that data/services are
available to authorized users as specified in service level objectives and is not addressed
by the Bell-Lapadula model.
References:
CBK, pp. 325-326
AIO3, pp. 279 - 284
AIOv4 Security Architecture and Design (pages 333 - 336)
AIOv5 Security Architecture and Design (pages 336 - 338)
Wikipedia at https://en.wikipedia.org/wiki/Bell-La_Padula_model

 

NEW QUESTION 531
The general philosophy for DMZ's is that:

  • A. any system on the DMZ cannot be compromized because it's not accessible from the Internet.
  • B. some systems on the DMZ can be compromized because they are accessible from the Internet.
  • C. any system on the DMZ can be compromized because it's accessible from the Internet.
  • D. any system on the DMZ cannot be compromized because it's by definition 100 percent safe and not accessible from the Internet.

Answer: C

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
Because the DMZ systems are accessible from the Internet, they are more at risk for attacka nd compromise and must be hardened appropriately.
"Any system on the DMZ cannot be compromised because it's not accessible from the Internet" is incorrect.
The reason a system is placed in the DMZ is so it can be accessible from the Internet.
"Some systems on the DMZ can be compromised because they are accessible from the Internet" is incorrect.
All systems in the DMZ face an increased risk of attack and compromise because they are accessible from the Internet.
"Any system on the DMZ cannot be compromised because it's by definition 100 percent safe and not accessible from the Internet" is incorrect. Again, a system is placed in the DMZ because it must be accessible from the Internet.
References:
CBK, p. 434
AIO3, p. 483

 

NEW QUESTION 532
Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards?

  • A. Declaration
  • B. Certification
  • C. Audit
  • D. Accreditation

Answer: D

Explanation:
Explanation/Reference:
Accreditation: is an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards. It is usually based on a technical certification of the system's security mechanisms.
Certification: Technical evaluation (usually made in support of an accreditation action) of an information system\'s security features and other safeguards to establish the extent to which the system\'s design and implementation meet specified security requirements.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

 

NEW QUESTION 533
Frame relay uses a public switched network to provide:

  • A. Local Area Network (LAN) connectivity.
  • B. World Area Network (WAN) connectivity.
  • C. Metropolitan Area Network (MAN) connectivity.
  • D. Wide Area Network (WAN) connectivity.

Answer: D

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
Frame relay uses a public switched network to provide Wide Area Network (WAN) connectivity.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 73.

 

NEW QUESTION 534
Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?

  • A. MAC
  • B. SSL
  • C. HTTP
  • D. Ethernet
  • E. L2TP

Answer: D

 

NEW QUESTION 535
Which of the following would best describe secondary evidence?

  • A. Oral testimony by an expert witness
  • B. Evidence that proves a specific act
  • C. Oral testimony by a non-expert witness
  • D. A copy of a piece of evidence

Answer: D

Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
Secondary evidence is defined as a copy of evidence or oral description of its contents. It is considered not as reliable as best evidence. Evidence that proves or disproves a specific act through oral testimony based on information gathered through he witness's five senses is considered direct evidence. The fact that testimony is given by an expert only affects the witness's ability to offer an opinion instead of only testifying of the facts.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 9: Law, Investigation, and Ethics (page 310).

 

NEW QUESTION 536
One of the following assertions is NOT a characteristic of Internet Protocol Security (IPsec)

  • A. Data cannot be read by unauthorized parties
  • B. Data is delivered in the exact order in which it is sent
  • C. The number of packets being exchanged can be counted.
  • D. The identity of all IPsec endpoints are confirmed by other endpoints

Answer: B

Explanation:
Section: Security Operation Adimnistration
Explanation/Reference:
IPSec provide replay protection that ensures data is not delivered multiple times, however IPsec does not ensure that data is delivered in the exact order in which it is sent. IPSEC uses TCP and packets may be delivered out of order to the receiving side depending which route was taken by the packet.
Internet Protocol Security (IPsec) has emerged as the most commonly used network layer security control for protecting communications. IPsec is a framework of open standards for ensuring private communications over IP networks. Depending on how IPsec is implemented and configured, it can provide any combination of the following types of protection:
Confidentiality. IPsec can ensure that data cannot be read by unauthorized parties. This is accomplished by encrypting data using a cryptographic algorithm and a secret key a value known only to the two parties exchanging data. The data can only be decrypted by someone who has the secret key.
Integrity. IPsec can determine if data has been changed (intentionally or unintentionally) during transit. The integrity of data can be assured by generating a message authentication code (MAC) value, which is a cryptographic checksum of the data. If the data is altered and the MAC is recalculated, the old and new MACs will differ.
Peer Authentication. Each IPsec endpoint confirms the identity of the other IPsec endpoint with which it wishes to communicate, ensuring that the network traffic and data is being sent from the expected host.
Replay Protection. The same data is not delivered multiple times, and data is not delivered grossly out of order. However, IPsec does not ensure that data is delivered in the exact order in which it is sent.
Traffic Analysis Protection. A person monitoring network traffic does not know which parties are communicating, how often communications are occurring, or how much data is being exchanged. However, the number of packets being exchanged can be counted.
Access Control. IPsec endpoints can perform filtering to ensure that only authorized IPsec users can access particular network resources. IPsec endpoints can also allow or block certain types of network traffic, such as allowing Web server access but denying file sharing.
The following are incorrect answers because they are all features provided by IPSEC:
"Data cannot be read by unauthorized parties" is wrong because IPsec provides confidentiality through the usage of the Encapsulating Security Protocol (ESP), once encrypted the data cannot be read by unauthorized parties because they have access only to the ciphertext. This is accomplished by encrypting data using a cryptographic algorithm and a session key, a value known only to the two parties exchanging data. The data can only be decrypted by someone who has a copy of the session key.
"The identity of all IPsec endpoints are confirmed by other endpoints" is wrong because IPsec provides peer authentication: Each IPsec endpoint confirms the identity of the other IPsec endpoint with which it wishes to communicate, ensuring that the network traffic and data is being sent from the expected host.
"The number of packets being exchanged can be counted" is wrong because although IPsec provides traffic protection where a person monitoring network traffic does not know which parties are communicating, how often communications are occurring, or how much data is being exchanged, the number of packets being exchanged still can be counted.
Reference(s) used for this question:
NIST 800-77 Guide to IPsec VPNs . Pages 2-3 to 2-4

 

NEW QUESTION 537
Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems?

  • A. Security testing
  • B. Stress/volume testing
  • C. Recovery testing
  • D. Interface testing

Answer: A

Explanation:
Section: Security Operation Adimnistration
Explanation/Reference:
Security testing makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems.
Recovery testing checks the system's ability to recover after a software or hardware failure.
Stress/volume testing involves testing an application with large quantities of data in order to evaluate performance during peak hours.
Interface testing evaluates the connection of two or more components that pass information from one area to another.
Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 300).

 

NEW QUESTION 538
Which of the following is less likely to accompany a contingency plan, either within the plan itself or in the form of an appendix?

  • A. The Business Impact Analysis.
  • B. Contact information for all personnel.
  • C. Equipment and system requirements lists of the hardware, software, firmware and other resources required to support system operations.
  • D. Vendor contact information, including offsite storage and alternate site.

Answer: B

Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
Why is this the correct answer? Simply because it is WRONG, you would have contact information for your emergency personnel within the plan but NOT for ALL of your personnel. Be careful of words such as ALL.
According to NIST's Special publication 800-34, contingency plan appendices provide key details not contained in the main body of the plan. The appendices should reflect the specific technical, operational, and management contingency requirements of the given system. Contact information for recovery team personnel (not all personnel) and for vendor should be included, as well as detailed system requirements to allow for supporting of system operations. The Business Impact Analysis (BIA) should also be included as an appendix for reference should the plan be activated.
Reference(s) used for this question:
SWANSON, Marianne, & al., National Institute of Standards and Technology (NIST), NIST Special Publication
800-34, Contingency Planning Guide for Information Technology Systems

 

NEW QUESTION 539
Which of the following mechanisms was created to overcome the problem of collisions that occur on wired networks when traffic is simultaneously transmitted from different nodes?

  • A. Carrier sense multiple access with collision detection (CSMA/CD)
  • B. Carrier sense multiple access with collision avoidance (CSMA/CA)
  • C. Polling
  • D. Token-passing

Answer: D

Explanation:
Section: Network and Telecommunications

 

NEW QUESTION 540
What is it called when a computer uses more than one CPU in parallel to execute
instructions?

  • A. Multithreading
  • B. Parallel running
  • C. Multiprocessing
  • D. Multitasking

Answer: C

Explanation:
A system with multiple processors is called a multiprocessing system.
Multitasking is incorrect. Multitasking involves sharing the processor amoung all ready processes. Though it appears to the user that multiple processes are executing at the same time, only one process is running at any point in time.
Multithreading is incorrect. The developer can structure a program as a collection of independent threads to achieve better concurrency. For example, one thread of a program might be performing a calculation while another is waiting for additional input from the user.
"Parallel running" is incorrect. This is not a real term and is just a distraction.
References:
CBK, pp. 315-316 AIO3, pp. 234 - 239

 

NEW QUESTION 541
Another type of access control is lattice-based access control. In this type of control a lattice model is applied.
How is this type of access control concept applied?

  • A. The pair of elements is the subject and object, and the subject has an upper bound lower then the upper bound of the object being accessed.
  • B. The pair of elements is the subject and object, and the subject has no special upper or lower bound needed within the lattice.
  • C. The pair of elements is the subject and object, and the subject has no access rights in relation to an object.
  • D. The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the upper bound of the object being accessed.

Answer: D

Explanation:
Section: Access Control
Explanation/Reference:
To apply this concept to access control, the pair of elements is the subject and object, and the subject has to have an upper bound equal or higher than the object being accessed.
WIKIPEDIA has a great explanation as well:
In computer security, lattice-based access control (LBAC) is a complex access control based on the interaction between any combination of objects (such as resources, computers, and applications) and subjects (such as individuals, groups or organizations).
In this type of label-based mandatory access control model, a lattice is used to define the levels of security that an object may have and that a subject may have access to. The subject is only allowed to access an object if the security level of the subject is greater than or equal to that of the object.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.
and
http://en.wikipedia.org/wiki/Lattice-based_access_control

 

NEW QUESTION 542
In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process?

  • A. Created a message digest for log files
  • B. Made a full-disk image
  • C. Displayed the contents of a folder
  • D. Using a write blocker

Answer: C

Explanation:
Section: Analysis and Monitoring
Explanation/Reference:
Displaying the directory contents of a folder can alter the last access time on each listed file.
Using a write blocker is wrong because using a write blocker ensure that you cannot modify the data on the host and it prevent the host from writing to its hard drives.
Made a full-disk image is wrong because making a full-disk image can preserve all data on a hard disk, including deleted files and file fragments.
Created a message digest for log files is wrong because creating a message digest for log files. A message digest is a cryptographic checksum that can demonstrate that the integrity of a file has not been compromised (e.g. changes to the content of a log file) Domain: LEGAL, REGULATIONS, COMPLIANCE AND INVESTIGATIONS References:
AIO 3rd Edition, page 783-784
NIST 800-61 Computer Security Incident Handling guide page 3-18 to 3-20

 

NEW QUESTION 543
In regards to information classification what is the main responsibility of information (data) owner?

  • A. periodically check the validity and accuracy of the data
  • B. determining the data sensitivity or classification level
  • C. running regular data backups
  • D. audit the data users

Answer: B

Explanation:
Section: Access Control
Explanation/Reference:
Making the determination to decide what level of classification the information requires is the main responsibility of the data owner.
The data owner within classification is a person from Management who has been entrusted with a data set that belong to the company. It could be for example the Chief Financial Officer (CFO) who has been entrusted with all financial date or it could be the Human Resource Director who has been entrusted with all Human Resource data. The information owner will decide what classification will be applied to the data based on Confidentiality, Integrity, Availability, Criticality, and Sensitivity of the data.
The Custodian is the technical person who will implement the proper classification on objects in accordance with the Data Owner. The custodian DOES NOT decide what classification to apply, it is the Data Owner who will dictate to the Custodian what is the classification to apply.
NOTE:
The term Data Owner is also used within Discretionary Access Control (DAC). Within DAC it means the person who has created an object. For example, if I create a file on my system then I am the owner of the file and I can decide who else could get access to the file. It is left to my discretion. Within DAC access is granted based solely on the Identity of the subject, this is why sometimes DAC is referred to as Identity Based Access Control.
The other choices were not the best answer
Running regular backups is the responsibility of custodian.
Audit the data users is the responsibility of the auditors
Periodically check the validity and accuracy of the data is not one of the data owner responsibility Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Page 14, Chapter 1: Security Management Practices.

 

NEW QUESTION 544
Which of the following standards concerns digital certificates?

  • A. X.400
  • B. X.25
  • C. X.75
  • D. X.509

Answer: D

Explanation:
Section: Cryptography
Explanation/Reference:
X.509 is used in digital certificates. X.400 is used in e-mail as a message handling protocol. X.25 is a standard for the network and data link levels of a communication network and X.75 is a standard defining ways of connecting two X.25 networks.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 164).

 

NEW QUESTION 545
What does the simple security (ss) property mean in the Bell-LaPadula model?

  • A. No read up
  • B. No write down
  • C. No read down
  • D. No write up

Answer: A

Explanation:
Explanation/Reference:
The ss (simple security) property of the Bell-LaPadula access control model states that reading of information by a subject at a lower sensitivity level from an object at a higher sensitivity level is not permitted (no read up).
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architectures and Models (page 202).

 

NEW QUESTION 546
Risk analysis is MOST useful when applied during which phase of the system development process?

  • A. Development and Implementation
  • B. Functional Requirements definition
  • C. Project initiation and Planning
  • D. System Design Specification

Answer: C

Explanation:
Explanation/Reference:
In most projects the conditions for failure are established at the beginning of the project. Thus risk management should be established at the commencement of the project with a risk assessment during project initiation.
As it is clearly stated in the ISC2 book: Security should be included at the first phase of development and throughout all of the phases of the system development life cycle. This is a key concept to understand for the purpose for the exam.
The most useful time is to undertake it at project initiation, although it is often valuable to update the current risk analysis at later stages.
Attempting to retrofit security after the SDLC is completed would cost a lot more money and might be impossible in some cases. Look at the family of browsers we use today, for the past 8 years they always claim that it is the most secure version that has been released and within days vulnerabilities will be found.
Risks should be monitored throughout the SDLC of the project and reassessed when appropriate.
The phases of the SDLC can very from one source to another one. It could be as simple as Concept, Design, and Implementation. It could also be expanded to include more phases such as this list proposed within the ISC2 Official Study book:
Project Initiation and Planning
Functional Requirements Definition
System Design Specification
Development and Implementation
Documentations and Common Program Controls
Testing and Evaluation Control, certification and accreditation (C&A)
Transition to production (Implementation)
And there are two phases that will extend beyond the SDLC, they are:
Operation and Maintenance Support (O&M)
Revisions and System Replacement (Disposal)
Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 291).
and
The Official ISC2 Guide to the CISSP CBK , Second Edition, Page 182-185

 

NEW QUESTION 547
......

Exam Passing Guarantee SSCP Exam with Accurate Quastions: https://testking.guidetorrent.com/SSCP-dumps-questions.html

Related Articles

more
ISC SSCP Certification Practice Exam