[Aug-2022] SSCP Exam Dumps, SSCP Practice Test Questions
Attested SSCP Dumps PDF Resource [2022]
Duration of Time
The total availability of time for the exam SSCP is 03 Hours. At this time candidates have to attempt all the given questions.
NEW QUESTION 183
The control measures that are intended to reveal the violations of security policy using software and hardware are associated with:
- A. Detective/technical
- B. Detective/administrative
- C. Preventive/physical
- D. Detective/physical
Answer: A
Explanation:
The detective/technical control measures are intended to reveal the
violations of security policy using technical means.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 35.
NEW QUESTION 184
Which of the following questions is less likely to help in assessing physical and environmental protection?
- A. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information?
- B. Is physical access to data transmission lines controlled?
- C. Are entry codes changed periodically?
- D. Are appropriate fire suppression and prevention devices installed and working?
Answer: A
Explanation:
Physical security and environmental security are part of operational controls, and are measures taken to protect systems, buildings, and related supporting infrastructures against threats associated with their physical environment. All the questions above are useful in assessing physical and environmental protection except for the one regarding processes that ensuring that unauthorized individuals cannot access information, which is more a production control. Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Pages A-21 to A-24).
NEW QUESTION 185
Heuristic scanning in antivirus software is designed to catch 100% of all known and unknownvirus technologies.
- A. False
- B. True
Answer: A
NEW QUESTION 186
What mechanism does a system use to compare the security labels of a subject and an object?
- A. Clearance Check.
- B. Security Module.
- C. Reference Monitor.
- D. Validation Module.
Answer: C
Explanation:
Because the Reference Monitor is responsible for access control to the
objects by the subjects it compares the security labels of a subject and an object.
According to the OIG: The reference monitor is an access control concept referring to an
abstract machine that mediates all accesses to objects by subjects based on information in
an access control database. The reference monitor must mediate all access, be protected
from modification, be verifiable as correct, and must always be invoked. The reference
monitor, in accordance with the security policy, controls the checks that are made in the
access control database.
The following are incorrect:
Validation Module. A Validation Module is typically found in application source code and is
used to validate data being inputted.
Clearance Check. Is a distractor, there is no such thing other than what someone would do
when checking if someone is authorized to access a secure facility.
Security Module. Is typically a general purpose module that prerforms a variety of security
related functions.
References:
OIG CBK, Security Architecture and Design (page 324)
AIO, 4th Edition, Security Architecture and Design, pp 328-328.
Wikipedia - http://en.wikipedia.org/wiki/Reference_monitor
NEW QUESTION 187
At what stage of the applications development process should the security department become involved?
- A. During requirements development
- B. Prior to systems testing
- C. Prior to the implementation
- D. During unit testing
Answer: A
Explanation:
Section: Security Operation Adimnistration
Explanation/Reference:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
NEW QUESTION 188
Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ?
- A. DIACAP
- B. NIACAP
- C. ITSEC
- D. TCSEC
Answer: D
Explanation:
Explanation/Reference:
TCSEC; The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications.
Initially issued by the National Computer Security Center (NCSC) an arm of the National Security Agency in 1983 and then updated in 1985, TCSEC was replaced with the development of the Common Criteria international standard originally published in 2005.
References:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 197-199.
Wikepedia
http://en.wikipedia.org/wiki/TCSEC
NEW QUESTION 189
Which of the following is needed for System Accountability?
- A. Documented design as laid out in the Common Criteria.
- B. Audit mechanisms.
- C. Authorization.
- D. Formal verification of system design.
Answer: B
Explanation:
Explanation/Reference:
Is a means of being able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed.
Accountability is the ability to identify users and to be able to track user actions.
The following answers are incorrect:
Documented design as laid out in the Common Criteria. Is incorrect because the Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability.
Authorization. Is incorrect because Authorization is granting access to subjects, just because you have authorization does not hold the subject accountable for their actions.
Formal verification of system design. Is incorrect because all you have done is to verify the system design and have not taken any steps toward system accountability.
References:
OIG CBK Glossary (page 778)
NEW QUESTION 190
What is also known as 10Base5?
- A. UTP
- B. Thinnet
- C. ARCnet
- D. Thicknet
Answer: D
Explanation:
Explanation/Reference:
Thicknet is a coaxial cable with segments of up to 500 meters, also known as 10Base5. Thinnet is a coaxial cable with segments of up to 185 meters. Unshielded twisted pair (UTP) has three variations: 10 Mbps (10BaseT), 100 Mbps (100BaseT) or 1 Gbps (1000BaseT). ARCnet is a LAN media access method.
Source: KRUTZ, Ronald L & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page
108).
NEW QUESTION 191
Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true?
- A. Large plans can take a lot of work to maintain
- B. Continous auditing makes a Disaster Recovery plan irrelevant
- C. Infrastructure and environment changes
- D. Personnel turnover
Answer: B
Explanation:
Section: Risk, Response and Recovery
Explanation
Explanation/Reference:
Although a auditing is a part of corporate security, it in no way supercedes the requirments for a disaster recovery plan. All others can be blamed for a plan going out of date.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 9:
Disaster Recovery and Business continuity (page 609).
NEW QUESTION 192
When you update records in multiple locations or you make a copy of the whole database at a remote location as a way to achieve the proper level of fault-tolerance and redundancy, it is knows as?
- A. Data mirroring
- B. Shadowing
- C. Archiving
- D. Backup
Answer: B
Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
Updating records in multiple locations or copying an entire database to a remote location as a means to ensure the appropriate levels of fault-tolerance and redundancy is known as Database shadowing. Shadowing is the technique in which updates are shadowed in multiple locations. It is like copying the entire database on to a remote location.
Shadow files are an exact live copy of the original active database, allowing you to maintain live duplicates of your production database, which can be brought into production in the event of a hardware failure. They are used for security reasons: should the original database be damaged or incapacitated by hardware problems, the shadow can immediately take over as the primary database. It is therefore important that shadow files do not run on the same server or at least on the same drive as the primary database files.
The following are incorrect answers:
Data mirroring In data storage, disk mirroring is the replication of logical disk volumes onto separate physical hard disks in real time to ensure continuous availability. It is most commonly used in RAID 1. A mirrored volume is a complete logical representation of separate volume copies.
Backups In computing the phrase backup means to copy files to a second medium (a disk or tape) as a precaution in case the first medium fails. One of the cardinal rules in using computers is back up your files regularly. Backups are useful in recovering information or a system in the event of a disaster, else you may be very sorry :-( Archiving is the storage of data that is not in continual use for historical purposes. It is the process of copying files to a long-term storage medium for backup.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 27614-27626). Auerbach Publications. Kindle Edition.
http://en.wikipedia.org/wiki/Disk_mirroring
http://www.webopedia.com/TERM/A/archive.html
http://ibexpert.net/ibe/index.php?n=Doc.DatabaseShadow
NEW QUESTION 193
What is used to bind a document to its creation at a particular time?
- A. Digital Timestamp
- B. Certification Authority (CA)
- C. Network Time Protocol (NTP)
- D. Digital Signature
Answer: A
Explanation:
While a digital signature binds a document to the possessor of a particular key, a digital timestamp binds a document to its creation at a particular time.
Trusted timestamping is the process of securely keeping track of the creation and modification time of a document. Security here means that no one - not even the owner of the document - should be able to change it once it has been recorded provided that the timestamper's integrity is never compromised.
The administrative aspect involves setting up a publicly available, trusted timestamp management infrastructure to collect, process and renew timestamps or to make use of a commercially available time stamping service.
A modern example of using a Digital Timestamp is the case of an industrial research organization that may later need to prove, for patent purposes, that they made a particular discovery on a particular date; since magnetic media can be altered easily, this may be a nontrivial issue. One possible solution is for a researcher to compute and record in a hardcopy laboratory notebook a cryptographic hash of the relevant data file. In the future, should there be a need to prove the version of this file retrieved from a backup tape has not been altered, the hash function could be recomputed and compared with the hash value recorded in that paper notebook.
According to the RFC 3161 standard, a trusted timestamp is a timestamp issued by a trusted third party (TTP) acting as a Time Stamping Authority (TSA). It is used to prove the existence of certain data before a certain point (e.g. contracts, research data, medical records,...) without the possibility that the owner can backdate the timestamps. Multiple TSAs can be used to increase reliability and reduce vulnerability.
The newer ANSI ASC X9.95 Standard for trusted timestamps augments the RFC 3161 standard with data-level security requirements to ensure data integrity against a reliable time source that is provable to any third party. This standard has been applied to authenticating digitally signed data for regulatory compliance, financial transactions, and legal evidence.
Digital TimeStamp
The following are incorrect answers:
Network Time Protocol (NTP) is used to achieve high accuracy time synchronization for
computers across a network.
A Certification Authority (CA) is the entity responsible for the issuance of digital certificates.
A Digital Signature provides integrity and authentication but does not bind a document to a
specific time it was created.
Reference used for this question:
http://en.m.wikipedia.org/wiki/File:Trusted_timestamping.gif
and
http://en.wikipedia.org/wiki/Trusted_timestamping
NEW QUESTION 194
How many bits of a MAC address uniquely identify a vendor, as provided by the IEEE?
- A. 16 bits
- B. 6 bits
- C. 24 bits
- D. 12 bits
Answer: C
Explanation:
The MAC address is 48 bits long, 24 of which identify the vendor, as provided by the IEEE. The other 24 bits are provided by the vendor.
A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet. Logically, MAC addresses are used in the media access control protocol sublayer of the OSI reference model.
MAC addresses are most often assigned by the manufacturer of a network interface card (NIC) and are stored in its hardware, such as the card's read-only memory or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number and may be referred to as the burned-in address. It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. This is can be contrasted to a programmed address, where the host device issues commands to the NIC to use an arbitrary address. An example is many SOHO routers, where the ISP grants access to only one MAC address (used previously to inserting the router) so the router must use that MAC address on its Internet-facing NIC. Therefore the router administrator configures a MAC address to override the burned-in one.
A network node may have multiple NICs and each must have one unique MAC address per NIC.
See diagram below from Wikipedia showing the format of a MAC address. :
MAC Address format
Reference(s) used for this question: http://en.wikipedia.org/wiki/MAC_address
NEW QUESTION 195
What is the main issue with media reuse?
- A. Data remanence
- B. Media destruction
- C. Purging
- D. Degaussing
Answer: A
Explanation:
Explanation/Reference:
The main issue with media reuse is data remanence, where residual information still resides on a media that has been erased. Degaussing, purging and destruction are ways to handle media that contains data that is no longer needed or used.
Source: WALLHOFF, John, CBK#10 Physical Security (CISSP Study Guide), April 2002 (page 5).
NEW QUESTION 196
What is called an event or activity that has the potential to cause harm to the information systems or networks?
- A. Weakness
- B. Threat agent
- C. Threat
- D. Vulnerability
Answer: C
Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Pages 16, 32.
NEW QUESTION 197
Guards are appropriate whenever the function required by the security program involves which of the following?
- A. The use of physical force
- B. The operation of access control devices
- C. The need to detect unauthorized access
- D. The use of discriminating judgment
Answer: D
Explanation:
Section: Access Control
Explanation/Reference:
The Answer: The use of discriminating judgment, a guard can make the determinations that hardware or other automated security devices cannot make due to its ability to adjust to rapidly changing conditions, to learn and alter recognizable patterns, and to respond to various conditions in the environment. Guards are better at making value decisions at times of incidents. They are appropriate whenever immediate, discriminating judgment is required by the security entity.
The following answers are incorrect:
The use of physical force This is not the best answer. A guard provides discriminating judgment, and the ability to discern the need for physical force.
The operation of access control devices A guard is often uninvolved in the operations of an automated access control device such as a biometric reader, a smart lock, mantrap, etc.
The need to detect unauthorized access The primary function of a guard is not to detect unauthorized access, but to prevent unauthorized physical access attempts and may deter social engineering attempts.
The following reference(s) were/was used to create this question:
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: Physical security (page 339).
Source: ISC2 Offical Guide to the CBK page 288-289.
NEW QUESTION 198
Risk can be totally eliminated through planning, control, procedures, and insurance.<br>(True / False)
- A. False
- B. True
Answer: A
Explanation:
Whereas risk can be reduced to an acceptable level, it can NEVER be totally eliminated.
NEW QUESTION 199
Qualitative loss resulting from the business interruption does NOT usually include:
- A. Loss of competitive advantage or market share
- B. Loss of market leadership
- C. Loss of public confidence and credibility
- D. Loss of revenue
Answer: D
Explanation:
This question is testing your ability to evaluate whether items on the list are Qualitative or Quantitative. All of the items listed were Qualitative except Lost of Revenue which is Quantitative.
Those are mainly two approaches to risk analysis, see a description of each below:
A quantitative risk analysis is used to assign monetary and numeric values to all elements of the risk analysis process. Each element within the analysis (asset value, threat frequency, severity of vulnerability, impact damage, safeguard costs, safeguard effectiveness, uncertainty, and probability items) is quantified and entered into equations to
determine total and residual risks. It is more of a scientific or mathematical approach to risk
analysis compared to qualitative.
A qualitative risk analysis uses a "softer" approach to the data elements of a risk analysis .
It does not quantify that data, which means that it does not assign numeric values to the
data so that they can be used in equations.
Qualitative and quantitative impact information should be gathered and then properly
analyzed and interpreted. The goal is to see exactly how a business will be affected by
different threats.
The effects can be economical, operational, or both. Upon completion of the data analysis,
it should be reviewed with the most knowledgeable people within the company to ensure
that the findings are appropriate and that it describes the real risks and impacts the
organization faces. This will help flush out any additional data points not originally obtained
and will give a fuller understanding of all the possible business impacts.
Loss criteria must be applied to the individual threats that were identified. The criteria may
include the following:
Loss in reputation and public confidence
Loss of competitive advantages
Increase in operational expenses
Violations of contract agreements
Violations of legal and regulatory requirements
Delayed income costs
Loss in revenue
Loss in productivity
Reference used for this question:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 909). McGraw-
Hill. Kindle Edition.
NEW QUESTION 200
Why would a memory dump be admissible as evidence in court?
- A. Because it is used to demonstrate the truth of the contents.
- B. Because the state of the memory cannot be used as evidence.
- C. Because of the exclusionary rule.
- D. Because it is used to identify the state of the system.
Answer: D
Explanation:
A memory dump can be admitted as evidence if it acts merely as a statement of fact. A system dump is not considered hearsay because it is used to identify the state of the system, not the truth of the contents. The exclusionary rule mentions that evidence must be gathered legally or it can't be used. This choice is a distracter.
Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 10: Law, Investigation, and Ethics (page 187).
NEW QUESTION 201
The session layer provides a logical persistent connection between peer hosts. Which of the following is one of the modes used in the session layer to establish this connection?
- A. Full duplex
- B. Synchronous
- C. Asynchronous
- D. Half simplex
Answer: A
Explanation:
Layer 5 of the OSI model is the Session Layer. This layer provides a logical
persistent connection between peer hosts. A session is analogous to a conversation that is
necessary for applications to exchange information.
The session layer is responsible for establishing, managing, and closing end-to-end
connections, called sessions, between applications located at different network endpoints.
Dialogue control management provided by the session layer includes full-duplex, half-
duplex, and simplex communications. Session layer management also helps to ensure that
multiple streams of data stay synchronized with each other, as in the case of multimedia
applications like video conferencing, and assists with the prevention of application related
data errors.
The session layer is responsible for creating, maintaining, and tearing down the session.
Three modes are offered:
(Full) Duplex: Both hosts can exchange information simultaneously, independent of each
other.
Half Duplex: Hosts can exchange information, but only one host at a time.
Simplex: Only one host can send information to its peer. Information travels in one direction
only.
Another aspect of performance that is worthy of some attention is the mode of operation of
the network or connection. Obviously, whenever we connect together device A and device
B, there must be some way for A to send to B and B to send to A. Many people don't
realize, however, that networking technologies can differ in terms of how these two
directions of communication are handled. Depending on how the network is set up, and the
characteristics of the technologies used, performance may be improved through the
selection of performance-enhancing modes.
Basic Communication Modes of Operation
Let's begin with a look at the three basic modes of operation that can exist for any network
connection, communications channel, or interface. Simplex Operation
In simplex operation, a network cable or communications channel can only send information in one direction; it's a "one-way street". This may seem counter-intuitive: what's the point of communications that only travel in one direction? In fact, there are at least two different places where simplex operation is encountered in modern networking.
The first is when two distinct channels are used for communication: one transmits from A to B and the other from B to A. This is surprisingly common, even though not always obvious. For example, most if not all fiber optic communication is simplex, using one strand to send data in each direction. But this may not be obvious if the pair of fiber strands are combined into one cable.
Simplex operation is also used in special types of technologies, especially ones that are asymmetric. For example, one type of satellite Internet access sends data over the satellite only for downloads, while a regular dial-up modem is used for upload to the service provider. In this case, both the satellite link and the dial-up connection are operating in a simplex mode. Half-Duplex Operation
Technologies that employ half-duplex operation are capable of sending information in both directions between two nodes, but only one direction or the other can be utilized at a time. This is a fairly common mode of operation when there is only a single network medium (cable, radio frequency and so forth) between devices.
While this term is often used to describe the behavior of a pair of devices, it can more generally refer to any number of connected devices that take turns transmitting. For example, in conventional Ethernet networks, any device can transmit, but only one may do so at a time. For this reason, regular (unswitched) Ethernet networks are often said to be "half-duplex", even though it may seem strange to describe a LAN that way. Full-Duplex Operation
In full-duplex operation, a connection between two devices is capable of sending data in both directions simultaneously. Full-duplex channels can be constructed either as a pair of simplex links (as described above) or using one channel designed to permit bidirectional simultaneous transmissions. A full-duplex link can only connect two devices, so many such links are required if multiple devices are to be connected together.
Note that the term "full-duplex" is somewhat redundant; "duplex" would suffice, but everyone still says "full-duplex" (likely, to differentiate this mode from half-duplex).
For a listing of protocols associated with Layer 5 of the OSI model, see below:
ADSP - AppleTalk Data Stream Protocol ASP - AppleTalk Session Protocol
H.245 - Call Control Protocol for Multimedia Communication ISO-SP OSI session-layer protocol (X.225, ISO 8327) iSNS - Internet Storage Name Service
The following are incorrect answers:
Synchronous and Asynchronous are not session layer modes.
Half simplex does not exist. By definition, simplex means that information travels one way only, so half-simplex is a oxymoron.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 5603-5636). Auerbach Publications. Kindle Edition. and http://www.tcpipguide.com/free/t_SimplexFullDuplexandHalfDuplexOperation.htm and http://www.wisegeek.com/what-is-a-session-layer.htm
NEW QUESTION 202
Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1 Gbps) according to the EIA/TIA-568-B standards?
- A. Category 5e UTP
- B. Category 3 UTP
- C. Category 2 UTP
- D. Category 1e UTP
Answer: A
Explanation:
Explanation/Reference:
Categories 1 through 6 are based on the EIA/TIA-568-B standards.
On the newer wiring for LANs is CAT5e, an improved version of CAT5 which used to be outside of the standard, for more information on twisted pair, please see: twisted pair.
Category Cable Type Mhz Usage Speed
CAT1 UTP Analog voice, Plain Old Telephone System (POTS)
CAT2 UTP 4 Mbps on Token Ring, also used on Arcnet networks
CAT3 UTP, ScTP, STP 16 MHz 10 Mbps
CAT4 UTP, ScTP, STP 20 MHz 16 Mbps on Token Ring Networks
CAT5 UTP, ScTP, STP 100 MHz 100 Mbps on ethernet, 155 Mbps on ATM
CAT5e UTP, ScTP, STP 100 MHz 1 Gbps (out of standard version, improved version of CAT5) CAT6 UTP, ScTP, STP 250 MHz 10 Gbps
CAT7 ScTP, STP 600 M 100 Gbps
Category 6 has a minumum of 250 MHz of bandwidth. Allowing 10/100/1000 use with up to 100 meter cable length, along with 10GbE over shorter distances.
Category 6a or Augmented Category 6 has a minimum of 500 MHz of bandwidth. It is the newest standard and allows up to 10GbE with a length up to 100m.
Category 7 is a future cabling standard that should allow for up to 100GbE over 100 meters of cable.
Expected availability is in 2013. It has not been approved as a cable standard, and anyone now selling you Cat. 7 cable is fooling you.
REFERENCES:
http://donutey.com/ethernet.php
http://en.wikipedia.org/wiki/TIA/EIA-568-B
http://en.wikipedia.org/wiki/Category_1_cable
NEW QUESTION 203
SATAN stands for _______________________________________________
- A. Security Administrator Tool for Analyzing Networks
- B. Simple Administration Tool for Analyzing Networks
- C. SANS Administrator Tool for Analyzing Networks
- D. Scavanger Administrator Tool for Analyzing Networks
- E. System Administrator Tool for Analyzing Networks
- F. Storage Administration Tool for Analyzing Networks
Answer: A
Explanation:
: . SATAN (an acronym standing for Security Administrator Tool for Analyzing Networks) is a testing and reporting tool that gathers information from networks, such as type of machine and security flaws that may be on these machines. SATAN was developed by Dan Farmer of Silicon Graphics with a purpose of scanning thousands of host computers on the Internet for security vulnerabilities. Availability: anonymous ftp at ftp.cerias.purdue.edu
NEW QUESTION 204
......
Latest SSCP Actual Free Exam Questions Updated 1074 Questions: https://www.examsreviews.com/SSCP-pass4sure-exam-review.html
Free SSCP Exam Braindumps certification guide Q&A: https://drive.google.com/open?id=1TUkwcMt6UJjwGkAMJSF202c2Cx5EPpmB