Login / Register   My Cart (0)

Pay attention to our Valid and Useful Exam Reviews and take our Exam Torrent as your Study Material. With little time and energy investment, you have a High Efficiency Study experience. Pass your Actual Test with the help of our Actual Reviews.

All Products Contact now
  • Home
  • Articles
  • [Dec-2021] SSCP Exam Dumps - Free Demo & 365 Day Updates [Q383-Q408]

[Dec-2021] SSCP Exam Dumps - Free Demo & 365 Day Updates [Q383-Q408]

Share

[Dec-2021] SSCP Exam Dumps - Free Demo & 365 Day Updates

Free Sales Ending Soon - Use Real  SSCP PDF Questions


Training Materials for SSCP Exam

Obtaining the (ISC)2 SSCP validation can be obtained if the candidates manage to find the right mix between the training classes delivered by (ISC)2 expert trainers and the self-paced materials that they find on verified sources. The candidates who want to get certified can try the following:

  • Instructor-led Online Training for Systems Security Certified Practitioner

    This is one of the official training classes delivered by the vendor. It is organized either in a session that lasts for 8 weeks during which the exam-takers will have classes 2 times per week while the second delivery method will be during 5 consecutive days. Irrespective of the method candidates choose, the (ISC)2 authorized trainer will deliver the class by following the exam topics and offering comprehensive details on different information security concepts. The trainers will organize the course by combining different methods to help the attendees improve their knowledge retention and reinforce the topics in which they were not so experienced. Apart from the instructor-led training, the attendees will also get additional materials from (ISC)2. Therefore, they will receive the official (ISC)2 courseware and the student’s handbook, available in electronic format. Also, examinees will receive interactive flashcards and access to post-course assessment that will help them consolidate their knowledge.

  • (ISC)2 SSCP Study Guide and SSCP Practice Test Kit

    This is the second edition available for this kit that provides comprehensive information to candidates who want to get SSCP certified. The kit is available on Amazon in paperback format. Its author is Mike Wills. As it combines both the study guide and practice tests workbook, this kit becomes an all-inclusive official exam preparation material. Also, this kit is approved by the vendor, which means that it comes with verified and updated information on the topics tested during the certification exam. The second edition was created based on the best practices and experience from past real tests. Thus, it includes an in-depth look at each of the domains assessed in the SSCP certification exam, following (ISC)2 guidelines and principles. Thanks to the expert content included in these materials, the exam-takers will pass the official exam faster and smarter. Besides, the practice questions are permanently updated to help the candidates understand how the exam is structured and check their preparedness level.

  • (ISC)2 SSCP Actual Exam Questions and Answers

    This book was published by Exam Boost and it is available on Amazon. The exam-takers can buy it in Kindle format for $19.99. It contains more than 500 real exam questions that help the candidates check their preparedness level and get used to the exam difficulty. All answers are displayed at the end of the book and they are organized in a table. Therefore, the readers are not spoiled with answers after each chapter. In addition, the author follows the chapters tested in the SSCP exam. So, all questions are extracted from past real validations. This means that all information provided in this book is 100% verified and should be considered a reliable source of training. Finally, the answers help the readers understand which topics they should focus on more and help them get the necessary information to get certified easier and faster.

 

NEW QUESTION 383
What is defined as the rules for communicating between computers on a Local Area Network (LAN)?

  • A. Contention Access Control
  • B. LAN transmission methods
  • C. LAN topologies
  • D. LAN Media Access methods

Answer: D

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
Media contention occurs when two or more network devices have data to send at the same time. Because multiple devices cannot talk on the network simultaneously, some type of method must be used to allow one device access to the network media at a time.
This is done in two main ways: carrier sense multiple access collision detect (CSMA/CD) and token passing.
In networks using CSMA/CD technology such as Ethernet, network devices contend for the network media.
When a device has data to send, it first listens to see if any other device is currently using the network. If not, it starts sending its data. After finishing its transmission, it listens again to see if a collision occurred. A collision occurs when two devices send data simultaneously. When a collision happens, each device waits a random length of time before resending its data. In most cases, a collision will not occur again between the two devices. Because of this type of network contention, the busier a network becomes, the more collisions occur.
This is why performance of Ethernet degrades rapidly as the number of devices on a single network increases.
In token-passing networks such as Token Ring and FDDI, a special network frame called a token is passed around the network from device to device. When a device has data to send, it must wait until it has the token and then sends its data. When the data transmission is complete, the token is released so that other devices may use the network media. The main advantage of token-passing networks is that they are deterministic. In other words, it is easy to calculate the maximum time that will pass before a device has the opportunity to send data. This explains the popularity of token-passing networks in some real-time environments such as factories, where machinery must be capable of communicating at a determinable interval.
For CSMA/CD networks, switches segment the network into multiple collision domains. This reduces the number of devices per network segment that must contend for the media. By creating smaller collision domains, the performance of a network can be increased significantly without requiring addressing changes.
The following are incorrect answers:
LAN topologies: Think of a topology as a network's virtual shape or structure. This shape does not necessarily correspond to the actual physical layout of the devices on the network. For example, the computers on a home LAN may be arranged in a circle in a family room, but it would be highly unlikely to find a ring topology there.
Common topologies are: bus, ring, star or meshed. See THIS LINK for more information.
LAN transmission methods: refer to the way packets are sent on the network and are either unicast, multicast or broadcast. See THIS LINK for more information.
Contention Access Control: This is a bogus detractor.
Contention is a real term but Contention Access Control is just made up. Contention methods is very closely related to Media Access Control methods. In communication networks, contention is a media access method that is used to share a broadcast medium. In contention, any computer in the network can transmit data at any time (first come-first served). This system breaks down when two computers attempt to transmit at the same time. This is a case of collision. To avoid collision, carrier sensing mechanism is used. Here each computer listens to the network before attempting to transmit. If the network is busy, it waits until network quiets down. In carrier detection, computers continue to listen to the network as they transmit. If computer detects another signal that interferes with the signal it is sending, it stops transmitting. Both computers then wait for random amount of time and attempt to transmit. Contention methods are most popular media access control method on LANs.
Reference(s) used for this question:
http://docwiki.cisco.com/wiki/Introduction_to_LAN_Protocols#LAN_Media-Access_Methods
http://en.wikipedia.org/wiki/Contention_%28telecommunications%29

 

NEW QUESTION 384
Which of the following is the FIRST step in protecting data's confidentiality?

  • A. Review all user access rights
  • B. Install a firewall
  • C. Identify which information is sensitive
  • D. Implement encryption

Answer: C

Explanation:
Section: Access Control
Explanation/Reference:
In order to protect the confidentiality of the data.
The following answers are incorrect because :
Install a firewall is incorrect as this would come after the information has been identified for sensitivity levels.
Implement encryption is also incorrect as this is one of the mechanisms to protect the data once it has been identified.
Review all user access rights is also incorrect as this is also a protection mechanism for the identified information.
Reference : Shon Harris AIO v3 , Chapter-4 : Access Control , Page : 126

 

NEW QUESTION 385
In the course of responding to and handling an incident, you work on determining the root cause of the incident.
In which step are you in?

  • A. Containment
  • B. Triage
  • C. Recovery
  • D. Analysis and tracking

Answer: D

Explanation:
Section: Risk, Response and Recovery
Explanation
Explanation/Reference:
In this step, your main objective is to examine and analyze what has occurred and focus on determining the root cause of the incident.
Recovery is incorrect as recovery is about resuming operations or bringing affected systems back into production Containment is incorrect as containment is about reducing the potential impact of an incident.
Triage is incorrect as triage is about determining the seriousness of the incident and filtering out false positives Reference:
Official Guide to the CISSP CBK, pages 700-704

 

NEW QUESTION 386
The type of discretionary access control (DAC) that is based on an individual's identity is also called:

  • A. Lattice-based Access control
  • B. Non-Discretionary Access Control
  • C. Rule-based Access control
  • D. Identity-based Access control

Answer: D

Explanation:
An identity-based access control is a type of Discretionary Access Control
(DAC) that is based on an individual's identity.
DAC is good for low level security environment. The owner of the file decides who has
access to the file.
If a user creates a file, he is the owner of that file. An identifier for this user is placed in the
file header and/or in an access control matrix within the operating system.
Ownership might also be granted to a specific individual. For example, a manager for a
certain department might be made the owner of the files and resources within her
department. A system that uses discretionary access control (DAC) enables the owner of
the resource to specify which subjects can access specific resources.
This model is called discretionary because the control of access is based on the discretion
of the owner. Many times department managers, or business unit managers , are the
owners of the data within their specific department. Being the owner, they can specify who
should have access and who should not.
Reference(s) used for this question:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 220). McGraw-
Hill . Kindle Edition.

 

NEW QUESTION 387
The control of communications test equipment should be clearly addressed by security policy for which of the following reasons?

  • A. Test equipment is difficult to replace if lost or stolen.
  • B. Test equipment is easily damaged.
  • C. Test equipment must always be available for the maintenance personnel.
  • D. Test equipment can be used to browse information passing on a network.

Answer: D

Explanation:
Section: Security Operation Adimnistration
Explanation/Reference:
Test equipment must be secured. There are equipment and other tools that if in the wrong hands could be used to "sniff" network traffic and also be used to commit fraud. The storage and use of this equipment should be detailed in the security policy for this reason.
The following answers are incorrect:
Test equipment is easily damaged. Is incorrect because it is not the best answer, and from a security point of view not relevent.
Test equipment is difficult to replace if lost or stolen. Is incorrect because it is not the best answer, and from a security point of view not relevent.
Test equipment must always be available for the maintenance personnel. Is incorrect because it is not the best answer, and from a security point of view not relevent.
References:
OIG CBK Operations Security (pages 642 - 643)

 

NEW QUESTION 388
Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms?

  • A. El Gamal
  • B. Elliptic Curve Cryptography (ECC)
  • C. Rivest, Shamir, Adleman (RSA)
  • D. Advanced Encryption Standard (AES)

Answer: B

Explanation:
Explanation/Reference:
The other answers are not correct because:
"Rivest, Shamir, Adleman (RSA)" is incorrect because RSA is a "traditional" asymmetric algorithm. While it is reasonably strong, it is not considered to be as strong as ECC based systems.
"El Gamal" is incorrect because it is also a "traditional" asymmetric algorithm and not considered as strong as ECC based systems.
"Advanced Encryption Standard (AES)" is incorrect because the question asks specifically about asymmetric algorithms and AES is a symmetric algorithm.
References:
Official ISC2 Guide page: 258
All in One Third Edition page: 638
The RSA Crypto FAQ: http://www.rsa.com/rsalabs/node.asp?id=2241

 

NEW QUESTION 389
Which of the following is an example of a passive attack?

  • A. Smurfing
  • B. Shoulder surfing
  • C. Denying services to legitimate users
  • D. Brute-force password cracking

Answer: B

Explanation:
Section: Access Control
Explanation/Reference:
Shoulder surfing is a form of a passive attack involving stealing passwords, personal identification numbers or other confidential information by looking over someone's shoulder. All other forms of attack are active attacks, where a threat makes a modification to the system in an attempt to take advantage of a vulnerability.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 3:
Security Management Practices (page 63).

 

NEW QUESTION 390
Which one of these formulas is used in Quantitative risk analysis?

  • A. ALO - Annual Loss Occurrence
  • B. ARE - Annual Rate of Exposure
  • C. SLE - Single Loss Expectancy
  • D. SLO - Single Loss Occurrence

Answer: C

 

NEW QUESTION 391
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring?

  • A. Capacitance detectors
  • B. Wave pattern motion detectors
  • C. Field-powered devices
  • D. Audio detectors

Answer: A

Explanation:
Section: Access Control
Explanation/Reference:
Capacitance detectors monitor an electrical field surrounding the object being monitored. They are used for spot protection within a few inches of the object, rather than for overall room security monitoring used by wave detectors. Penetration of this field changes the electrical capacitance of the field enough to generate and alarm. Wave pattern motion detectors generate a frequency wave pattern and send an alarm if the pattern is disturbed as it is reflected back to its receiver. Field-powered devices are a type of personnel access control devices. Audio detectors simply monitor a room for any abnormal sound wave generation and trigger an alarm.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: Physical security (page 344).

 

NEW QUESTION 392
The scope and focus of the Business continuity plan development depends most on:

  • A. Skills of BCP committee
  • B. Business Impact Analysis (BIA)
  • C. Scope and Plan Initiation
  • D. Directives of Senior Management

Answer: B

Explanation:
SearchStorage.com Definitions mentions "As part of a disaster recovery plan, BIA is likely to identify costs linked to failures, such as loss of cash flow, replacement of equipment, salaries paid to catch up with a backlog of work, loss of profits, and so on.
A BIA report quantifies the importance of business components and suggests appropriate fund allocation for measures to protect them. The possibilities of failures are likely to be assessed in terms of their impacts on safety, finances, marketing, legal compliance, and quality assurance.
Where possible, impact is expressed monetarily for purposes of comparison. For example, a business may spend three times as much on marketing in the wake of a disaster to rebuild customer confidence."
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Page 278.

 

NEW QUESTION 393
What is the RESULT of a hash algorithm being applied to a message ?

  • A. A message digest
  • B. A ciphertext
  • C. A digital signature
  • D. A plaintext

Answer: A

Explanation:
Explanation/Reference:
As when a hash algorithm is applied on a message , it produces a message digest.
The other answers are incorrect because :
A digital signature is a hash value that has been encrypted with a sender's private key.
A ciphertext is a message that appears to be unreadable.
A plaintext is a readable data.
Reference : Shon Harris , AIO v3 , Chapter-8 : Cryptography , Page : 593-594 , 640 , 648

 

NEW QUESTION 394
Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses asymmetric or public key cryptography for:

  • A. Peer Authentication
  • B. Name Resolution
  • C. Peer Identification
  • D. Server Authentication

Answer: A

Explanation:
Explanation/Reference:
SSL provides for Peer Authentication. Though peer authentication is possible, authentication of the client is seldom used in practice when connecting to public e-commerce web sites. Once authentication is complete, confidentiality is assured over the session by the use of symmetric encryption in the interests of better performance.
The following answers were all incorrect:
"Peer identification" is incorrect. The desired attribute is assurance of the identity of the communicating parties provided by authentication and NOT identification. Identification is only who you claim to be.
Authentication is proving who you claim to be.
"Server authentication" is incorrect. While server authentication only is common practice, the protocol provides for peer authentication (i.e., authentication of both client and server). This answer was not complete.
"Name resolution" is incorrect. Name resolution is commonly provided by the Domain Name System (DNS) not SSL.
Reference(s) used for this question:
CBK, pp. 496 - 497.

 

NEW QUESTION 395
Which of the following is NOT a characteristic or shortcoming of packet filtering gateways?

  • A. They are appropriate for medium-risk environment.
  • B. They do not support strong user authentication.
  • C. They don't protect against IP or DNS address spoofing.
  • D. The source and destination addresses, protocols, and ports contained in the IP packet header are the only information that is available to the router in making a decision whether or not to permit traffic access to an internal network.

Answer: A

Explanation:
Packet filtering firewalls use routers with packet filtering rules to grant or deny access based on source address, destination address, and port.
They offer minimum security but at a very low cost, and can be an appropriate choice for a low-risk environment.
Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 3, Secured Connections to External Networks (page 60).

 

NEW QUESTION 396
Which of the following would MOST likely ensure that a system development project meets business objectives?

  • A. User involvement in system specification and acceptance
  • B. Development of a project plan identifying all development activities
  • C. Development and tests are run by different individuals
  • D. Strict deadlines and budgets

Answer: A

Explanation:
Section: Security Operation Adimnistration
Explanation/Reference:
Effective user involvement is the most critical factor in ensuring that the application meets business objectives.
A great way of getting early input from the user community is by using Prototyping. The prototyping method was formally introduced in the early 1980s to combat the perceived weaknesses of the waterfall model with regard to the speed of development. The objective is to build a simplified version (prototype) of the application, release it for review, and use the feedback from the users' review to build a second, better version.
This is repeated until the users are satisfied with the product. t is a four-step process:
initial concept,
design and implement initial prototype,
refine prototype until acceptable, and
complete and release final version.
There is also the Modified Prototype Model (MPM. This is a form of prototyping that is ideal for Web application development. It allows for the basic functionality of a desired system or component to be formally deployed in a quick time frame. The maintenance phase is set to begin after the deployment. The goal is to have the process be flexible enough so the application is not based on the state of the organization at any given time. As the organization grows and the environment changes, the application evolves with it, rather than being frozen in time.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 12101-12108 and 12099-12101). Auerbach Publications. Kindle Edition.
and
Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page
296).

 

NEW QUESTION 397
Which of the following is given the responsibility of the maintenance and protection of the data?

  • A. Security administrator
  • B. Data owner
  • C. User
  • D. Data custodian

Answer: D

Explanation:
Explanation/Reference:
It is usually responsible for maintaining and protecting the data.
The following answers are incorrect:
Data owner is usually a member of management , in charge of a specific business unit and is ultimately responsible for the protection and use of the information.
User is any individual who routinely uses the data for work-related tasks.
Security administrator's tasks include creating new system user accounts , implementing new security software.
References : Shon Harris AIO v3 , Chapter - 3: Security Management Practices , Pages : 99 - 103

 

NEW QUESTION 398
Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect?

  • A. PPTP allow the tunnelling of any protocols that can be carried within PPP.
  • B. PPTP does not provide strong encryption.
  • C. PPTP is derived from L2TP.
  • D. PPTP does not support any token-based authentication method for users.

Answer: C

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
PPTP is an encapsulation protocol based on PPP that works at OSI layer 2 (Data Link) and that enables a single point-to-point connection, usually between a client and a server.
While PPTP depends on IP to establish its connection.
As currently implemented, PPTP encapsulates PPP packets using a modified version of the generic routing encapsulation (GRE) protocol, which gives PPTP to the flexibility of handling protocols other than IP, such as IPX and NETBEUI over IP networks.
PPTP does have some limitations:
It does not provide strong encryption for protecting data, nor does it support any token-based methods for authenticating users.
L2TP is derived from L2F and PPTP, not the opposite.

 

NEW QUESTION 399
Which of the following statements pertaining to IPSec is incorrect?

  • A. IPSec protects against man-in-the-middle attacks.
  • B. IPSec can help in protecting networks from some of the IP network attacks.
  • C. IPSec provides confidentiality and integrity to information transferred over IP networks through transport layer encryption and authentication.
  • D. IPSec protects against spoofing.

Answer: C

Explanation:
Explanation/Reference:
IPSec provides confidentiality and integrity to information transferred over IP networks through network (not transport) layer encryption and authentication. All other statements are correct.
Source: TIPTON, Harold F & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 6, Extranet Access Control Issues (page 110).

 

NEW QUESTION 400
What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?

  • A. Accountability controls
  • B. Assurance procedures
  • C. Mandatory access controls
  • D. Administrative controls

Answer: B

Explanation:
Explanation/Reference:
Controls provide accountability for individuals accessing information. Assurance procedures ensure that access control mechanisms correctly implement the security policy for the entire life cycle of an information system.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 33).

 

NEW QUESTION 401
In the Open Systems Interconnect (OSI) Reference Model, at what level are TCP and UDP provided?

  • A. Transport
  • B. Presentation
  • C. Application
  • D. Network

Answer: A

Explanation:
Explanation/Reference:
Transport. The Layer 4 Transport layer supports the TCP and UDP protocols in the OSI Reference Model. This layer creates an end-to-end transportation between peer hosts. The transmission can be connectionless and unreliable such as UDP, or connection-oriented and ensure error-free delivery such as TCP.
The following answers are incorrect:
Network. The Network layer moves information between hosts that are not physically connected. It deals with routing of information. IP is a protocol that is used in Network Layer. TCP and UDP do not reside at the Layer 3 Network Layer in the OSI Reference Model.
Presentation. The Presentation Layer is concerned with the formatting of data into a standard presentation such as
ASCII. TCP and UDP do not reside at the Layer 6 Presentation Layer in the OSI Reference Model.
Application. The Application Layer is a service for applications and Operating Systems data transmission, for example HTTP, FTP and SMTP. TCP and UDP do not reside at the Layer 7 Application Layer in the OSI Reference Model.
The following reference(s) were/was used to create this question:
ISC2 OIG, 2007 p. 411
Shon Harris AIO v.3 p. 424

 

NEW QUESTION 402
What is the primary goal of setting up a honeypot?

  • A. To know when certain types of attacks are in progress and to learn about attack techniques so the network can be fortified.
  • B. To entrap and track down possible hackers
  • C. To lure hackers into attacking unused systems
  • D. To set up a sacrificial lamb on the network

Answer: A

Explanation:
Explanation/Reference:
The primary purpose of a honeypot is to study the attack methods of an attacker for the purposes of understanding their methods and improving defenses.
"To lure hackers into attacking unused systems" is incorrect. Honeypots can serve as decoys but their primary purpose is to study the behaviors of attackers.
"To entrap and track down possible hackers" is incorrect. There are a host of legal issues around enticement vs entrapment but a good general rule is that entrapment is generally prohibited and evidence gathered in a scenario that could be considered as "entrapping" an attacker would not be admissible in a court of law.
"To set up a sacrificial lamb on the network" is incorrect. While a honeypot is a sort of sacrificial lamb and may attract attacks that might have been directed against production systems, its real purpose is to study the methods of attackers with the goals of better understanding and improving network defenses.
References
AIO3, p. 213

 

NEW QUESTION 403
Which of the following are the steps usually followed in the development of documents such as security policy, standards and procedures?

  • A. feasibility, development, approval, implementation, and integration.
  • B. initiation, evaluation, development, approval, publication, implementation, and maintenance.
  • C. design, evaluation, approval, publication, and implementation.
  • D. design, development, publication, coding, and testing.

Answer: B

Explanation:
Explanation/Reference:
The common steps used the the development of security policy are initiation of the project, evaluation, development, approval, publication, implementation, and maintenance. The other choices listed are the phases of the software development life cycle and not the step used to develop ducuments such as Policies, Standards, etc...
Reference: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 3, 2002, Auerbach Publications.

 

NEW QUESTION 404
Which of the following best describes remote journaling?

  • A. Send hourly tapes containing transactions off-site.
  • B. Real-time capture of transactions to multiple storage devices.
  • C. Send daily tapes containing transactions off-site.
  • D. Real time transmission of copies of the entries in the journal of transactions to an alternate site.

Answer: D

Explanation:
Explanation/Reference:
Remote Journaling is a technology to facilitate sending copies of the journal of transaction entries from a production system to a secondary system in realtime. The remote nature of such a connection is predicated upon having local journaling already established. Local journaling on the production side allows each change that ensues for a journal-eligible object e.g., database physical file, SQL table, data area, data queue, byte stream file residing within the IFS) to be recorded and logged. It's these local images that flow to the remote system. Once there, the journal entries serve a variety of purposes, from feeding a high availability software replay program or data warehouse to offering an offline, realtime vault of the most recent database changes.
Reference(s) used for this question:
The Essential Guide to Remote Journaling by IBM
and
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
and
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity Planning and Disaster Recovery Planning (page 286).

 

NEW QUESTION 405
How is Annualized Loss Expectancy (ALE) derived from a threat?

  • A. SLE/EF
  • B. SLE x ARO
  • C. ARO x (SLE - EF)
  • D. AV x EF

Answer: B

Explanation:
Explanation/Reference:
Three steps are undertaken in a quantitative risk assessment:
Initial management approval
Construction of a risk assessment team, and
The review of information currently available within the organization.
There are a few formulas that you MUST understand for the exam. See them below:
SLE (Single Loss Expectancy)
Single loss expectancy (SLE) must be calculated to provide an estimate of loss. SLE is defined as the difference between the original value and the remaining value of an asset after a single exploit.
The formula for calculating SLE is as follows: SLE = asset value (in $) × exposure factor (loss due to successful threat exploit, as a %)
Losses can include lack of availability of data assets due to data loss, theft, alteration, or denial of service (perhaps due to business continuity or security issues).
ALE (Annualized Loss Expectancy)
Next, the organization would calculate the annualized rate of occurrence (ARO).
This is done to provide an accurate calculation of annualized loss expectancy (ALE).
ARO is an estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year.
When this is completed, the organization calculates the annualized loss expectancy (ALE).
The ALE is a product of the yearly estimate for the exploit (ARO) and the loss in value of an asset after an SLE.
The calculation follows ALE = SLE x ARO
Note that this calculation can be adjusted for geographical distances using the local annual frequency estimate (LAFE) or the standard annual frequency estimate (SAFE). Given that there is now a value for SLE, it is possible to determine what the organization should spend, if anything, to apply a countermeasure for the risk in question.
Remember that no countermeasure should be greater in cost than the risk it mitigates, transfers, or avoids.
Countermeasure cost per year is easy and straightforward to calculate. It is simply the cost of the countermeasure divided by the years of its life (i.e., use within the organization). Finally, the organization is able to compare the cost of the risk versus the cost of the countermeasure and make some objective decisions regarding its countermeasure selection.
The following were incorrect answers:
All of the other choices were incorrect.
The following reference(s) were used for this quesiton:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 10048-10069). Auerbach Publications. Kindle Edition.

 

NEW QUESTION 406
Which type of firewall can be used to track connectionless protocols such as UDP and RPC?

  • A. Application level firewalls
  • B. Circuit level firewalls
  • C. Packet filtering firewalls
  • D. Stateful inspection firewalls

Answer: D

Explanation:
Packets in a stateful inspection firewall are queued and then analyzed at all OSI layers, providing a more complete inspection of the data. By examining the state and context of the incoming data packets, it helps to track the protocols that are considered "connectionless", such as UDP-based applications and Remote Procedure Calls (RPC). Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 91).

 

NEW QUESTION 407
Controls are implemented to:

  • A. eliminate risk and eliminate the potential for loss
  • B. mitigate risk and reduce the potential for loss
  • C. mitigate risk and eliminate the potential for loss
  • D. eliminate risk and reduce the potential for loss

Answer: B

Explanation:
Section: Risk, Response and Recovery
Explanation
Explanation/Reference:
Controls are implemented to mitigate risk and reduce the potential for loss. Preventive controls are put in place to inhibit harmful occurrences; detective controls are established to discover harmful occurrences; corrective controls are used to restore systems that are victims of harmful attacks.
It is not feasible and possible to eliminate all risks and the potential for loss as risk/threats are constantly changing.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 32.

 

NEW QUESTION 408
......


Prerequisites

The applicants must possess a minimum of one year of cumulative, full-time, and paid work experience in at least one of the seven domains of the SSCP CBK. Additionally, they must pass the qualifying exam to get the certification. Those individuals who do not possess the required work experience can proceed to take the (ISC)2 SSCP test and earn the Associate of (ISC)2 certificate, while working to gain the required experience to obtain SSCP. In this case, you will need to get two years of experience to get the required expertise for the SSCP certification.

 

SSCP Dumps - Pass Your Certification Exam: https://www.examsreviews.com/SSCP-pass4sure-exam-review.html

Latest Real ISC SSCP Exam Dumps Questions: https://drive.google.com/open?id=14qYEoj0RSoMGFNfeLpq3zI1G5rSe6-Bw

Related Articles

more
ISC SSCP Certification Practice Exam

Pay attention to our Valid and Useful Exam Reviews and take our Exam Torrent as your Study Material. With little time and energy investment, you have a High Efficiency Study experience. Pass your Actual Test with the help of our Actual Reviews.

Latest Exam

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ExamsReviews NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy