Online SSCP Test Brain Dump Question and Test Engine
Real ISC SSCP Exam Dumps with Correct 1074 Questions and Answers
Topics Tested in SSCP
The (ISC)2 SSCP certification exam checks the candidates’ skills in seven domains. Each of them has a different weight in the total test questions, as follows:
- Understanding security administration and operations (15%);
- Performing constant monitoring, risk identification, and analysis (15%);
- Identifying and analyzing applications and systems security (15%).
- Applying and understanding communications and network security (16%);
- Implementation and maintenance of access controls and authentication methods (16%);
- Understanding and managing cryptography fundamental concepts (10%);
- Incident response management and development of recovery methods (13%);
ISC SSCP Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
| Topic 11 |
|
ISC2 SSCP Exam Certification Details:
| Schedule Exam | Pearson VUE |
| Exam Name | ISC2 Systems Security Certified Practitioner (SSCP) |
| Exam Code | SSCP |
| Duration | 180 mins |
| Sample Questions | ISC2 SSCP Sample Questions |
| Number of Questions | 125 |
| Passing Score | 700/1000 |
| Exam Price | $249 (USD) |
NEW QUESTION 237
Physically securing backup tapes from unauthorized access is obviously a security concern and is considered a function of the:
- A. Operations Security Domain Analysis.
- B. Telecommunications and Network Security Domain.
- C. Operations Security Domain.
- D. Business Continuity Planning and Disater Recovery Planning.
Answer: C
Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
Physically securing the tapes from unauthorized access is obviously a security concern and is considered a function of the Operations Security Domain.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 71.
NEW QUESTION 238
Which of the following best describes signature-based detection?
- A. Compare source code, looking for events or sets of events that could cause damage to a system or network.
- B. Compare system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack.
- C. Compare system activity for the behaviour patterns of new attacks.
- D. Compare network nodes looking for objects or sets of objects that match a predefined pattern of objects that may describe a known attack.
Answer: B
Explanation:
Section: Analysis and Monitoring
Explanation/Reference:
Misuse detectors compare system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack. As the patterns corresponding to known attacks are called signatures, misuse detection is sometimes called "signature-based detection." The most common form of misuse detection used in commercial products specifies each pattern of events corresponding to an attack as a separate signature. However, there are more sophisticated approaches to doing misuse detection (called "state-based" analysis techniques) that can leverage a single signature to detect groups of attacks.
Reference:
Old Document:
BACE, Rebecca & MELL, Peter, NIST Special Publication 800-31 on Intrusion Detection Systems, Page 16.
The publication above has been replaced by 800-94 on page 2-4
The Updated URL is: http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
NEW QUESTION 239
Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model?
- A. TLS and SSL
- B. IPsec and L2TP
- C. S/MIME and SSH
- D. PKCS#10 and X.509
Answer: B
Explanation:
Explanation/Reference:
Reference: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001, McGraw-Hill/Osborne, page
467; SMITH, Richard E., Internet Cryptography, 1997, Addison-Wesley Pub Co.
NEW QUESTION 240
The Orange Book states that "Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB [Trusted Computing Base]." This statement is the formal requirement for:
- A. System Integrity.
- B. Security Testing.
- C. System Architecture Specification.
- D. Design Verification.
Answer: A
Explanation:
Section: Security Operation Adimnistration
Explanation/Reference:
This is a requirement starting as low as C1 within the TCSEC rating.
The Orange book requires the following for System Integrity Hardware and/or software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB.
NOTE FROM CLEMENT:
This is a question that confuses a lot of people because most people take for granted that the orange book with its associated Bell LaPadula model has nothing to do with integrity. However you have to be careful about the context in which the word integrity is being used. You can have Data Integrity and you can have System Integrity which are two completely different things.
Yes, the Orange Book does not specifically address the Integrity requirements, however it has to run on top of systems that must meet some integrity requirements.
This is part of what they call operational assurance which is defined as a level of confidence of a trusted system's architecture and implementation that enforces the system's security policy. It includes:
System architecture
Covert channel analysis
System integrity
Trusted recovery
DATA INTEGRITY
Data Integrity is very different from System Integrity. When you have integrity of the data, there are three goals:
1. Prevent authorized users from making unauthorized modifications
2. Preven unauthorized users from making modifications
3. Maintaining internal and external consistancy of the data
Bell LaPadula which is based on the Orange Book address does not address Integrity, it addresses only Confidentiality.
Biba address only the first goal of integrity.
Clark-Wilson addresses the three goals of integrity.
In the case of this question, there is a system integrity requirement within the TCB. As mentioned above here is an extract of the requirements: Hardware and/or software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB.
The following answers are incorrect:
Security Testing. Is incorrect because Security Testing has no set of requirements in the Orange book.
Design Verification. Is incorrect because the Orange book's requirements for Design Verification include: A formal model of the security policy must be clearly identified and documented, including a mathematical proof that the model is consistent with its axioms and is sufficient to support the security policy.
System Architecture Specification. Is incorrect because there are no requirements for System Architecture Specification in the Orange book.
The following reference(s) were used for this question:
Trusted Computer Security Evaluation Criteria (TCSEC), DoD 5200.28-STD, page 15, 18, 25, 31, 40, 50.
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition, Security Architecture and Design, Page
392-397, for users with the Kindle Version see Kindle Locations 28504-28505.
and
DOD TCSEC - http://www.cerberussystems.com/INFOSEC/stds/d520028.htm
NEW QUESTION 241
Which of the following does NOT use token-passing?
- A. Token-ring
- B. IEEE 802.3
- C. FDDI
- D. ARCnet
Answer: B
Explanation:
IEEE 802.3 specifies the standard for Ethernet and uses CSMA/CD, not token-passing.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 104).
NEW QUESTION 242
Which TCSEC level is labeled Controlled Access Protection?
- A. C2
- B. C1
- C. B1
- D. C3
Answer: A
Explanation:
Section: Access Control
Explanation/Reference:
C2 is labeled Controlled Access Protection.
The TCSEC defines four divisions: D, C, B and A where division A has the highest security.
Each division represents a significant difference in the trust an individual or organization can place on the evaluated system. Additionally divisions C, B and A are broken into a series of hierarchical subdivisions called classes: C1, C2, B1, B2, B3 and A1.
Each division and class expands or modifies as indicated the requirements of the immediately prior division or class.
D - Minimal protection
Reserved for those systems that have been evaluated but that fail to meet the requirements for a higher division C - Discretionary protection C1 - Discretionary Security Protection Identification and authentication Separation of users and data Discretionary Access Control (DAC) capable of enforcing access limitations on an individual basis Required System Documentation and user manuals C2 - Controlled Access Protection More finely grained DAC Individual accountability through login procedures Audit trails Object reuse Resource isolation B - Mandatory protection B1 - Labeled Security Protection Informal statement of the security policy model Data sensitivity labels Mandatory Access Control (MAC) over selected subjects and objects Label exportation capabilities All discovered flaws must be removed or otherwise mitigated Design specifications and verification B2 - Structured Protection Security policy model clearly defined and formally documented DAC and MAC enforcement extended to all subjects and objects Covert storage channels are analyzed for occurrence and bandwidth Carefully structured into protection-critical and non-protection-critical elements Design and implementation enable more comprehensive testing and review Authentication mechanisms are strengthened Trusted facility management is provided with administrator and operator segregation Strict configuration management controls are imposed B3 - Security Domains Satisfies reference monitor requirements Structured to exclude code not essential to security policy enforcement Significant system engineering directed toward minimizing complexity Security administrator role defined Audit security-relevant events Automated imminent intrusion detection, notification, and response Trusted system recovery procedures Covert timing channels are analyzed for occurrence and bandwidth An example of such a system is the XTS-300, a precursor to the XTS-400 A - Verified protection A1 - Verified Design Functionally identical to B3 Formal design and verification techniques including a formal top-level specification Formal management and distribution procedures An example of such a system is Honeywell's Secure Communications Processor SCOMP, a precursor to the XTS-400 Beyond A1 System Architecture demonstrates that the requirements of self-protection and completeness for reference monitors have been implemented in the Trusted Computing Base (TCB).
Security Testing automatically generates test-case from the formal top-level specification or formal lower- level specifications.
Formal Specification and Verification is where the TCB is verified down to the source code level, using formal verification methods where feasible.
Trusted Design Environment is where the TCB is designed in a trusted facility with only trusted (cleared) personnel.
The following are incorrect answers:
C1 is Discretionary security
C3 does not exists, it is only a detractor
B1 is called Labeled Security Protection.
Reference(s) used for this question:
HARE, Chris, Security management Practices CISSP Open Study Guide, version 1.0, april 1999.
and
AIOv4 Security Architecture and Design (pages 357 - 361)
AIOv5 Security Architecture and Design (pages 358 - 362)
NEW QUESTION 243
What is the name of the third party authority that vouches for the binding between the data items in a digital certificate?
- A. Vouching authority
- B. Issuing authority
- C. Certification authority
- D. Registration authority
Answer: C
Explanation:
A certification authority (CA) is a third party entity that issues digital
certificates (especially X.509 certificates) and vouches for the binding between the data
items in a certificate. An issuing authority could be considered a correct answer, but not the
best answer, since it is too generic.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
NEW QUESTION 244
To protect and/or restore lost, corrupted, or deleted information, thereby preserving the data integrity and availability is the purpose of:
- A. Database shadowing.
- B. Mirroring.
- C. A tape backup method.
- D. Remote journaling.
Answer: C
Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
The purpose of a tape backup method is to protect and/or restore lost, corrupted, or deleted information, thereby preserving the data integrity and ensuring availability.
All other choices could suffer from corruption and it might not be possible to restore the data without proper backups being done.
This is a tricky question, if the information is lost, corrupted, or deleted only a good backup could be use to restore the information. Any synchronization mechanism would update the mirror copy and the data could not be recovered.
With backups there could be a large gap where your latest data may not be available. You would have to look at your Recovery Point Objective and see if this is acceptable for your company recovery objectives.
The following are incorrect answers:
Mirroring will preserve integrity and restore points in all cases of drive failure. However, if you have corrupted data on the primary set of drives you may get corrupted data on the secondary set as well.
Remote Journaling provides Continuous or periodic synchronized recording of transaction data at a remote location as a backup strategy. (http://www.businessdictionary.com/definition/remote-journaling.html) With journaling there might be a gap of time between the data updates being send in batch at regular interval. So some of the data could be lost.
Database shadowing is synonymous with Mirroring but it only applies to databases, but not to information and data as a whole.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 68.
NEW QUESTION 245
Which of the following protocols suite does the Internet use?
- A. IP/UDP/TCP
- B. IP/UDP/ICMP/TCP
- C. IMAP/SMTP/POP3
- D. TCP/IP
Answer: D
Explanation:
Explanation/Reference:
Transmission Control Protocol/Internet Protocol (TCP/IP) is the common name for the suite of protocols that was developed by the Department of Defense (DoD) in the 1970's to support the construction of the internet. The Internet is based on TCP/IP.
The Internet protocol suite is the networking model and a set of communications protocols used for the Internet and similar networks. It is commonly known as TCP/IP, because its most important protocols, the Transmission Control Protocol (TCP) and the Internet Protocol (IP), were the first networking protocols defined in this standard. It is occasionally known as the DoD model, because the development of the networking model was funded by DARPA, an agency of the United States Department of Defense.
TCP/IP provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination. This functionality has been organized into four abstraction layers within the DoD Model which are used to sort all related protocols according to the scope of networking involved.
From lowest to highest, the layers are:
The link layer, containing communication technologies for a single network segment (link), The internet layer, connecting independent networks, thus establishing internetworking, The transport layer handling process-to-process communication,
The application layer, which interfaces to the user and provides support services.
The TCP/IP model and related protocols are maintained by the Internet Engineering Task Force (IETF).
The following answers are incorrect:
IP/UDP/TCP. This is incorrect, all three are popular protocol and they are not considered a suite of protocols.
IP/UDP/ICMP/TCP. This is incorrect, all 4 are some of the MOST commonly used protocol but they are not called a suite of protocol.
IMAP/SMTP/POP3 . This is incorrect because they are all email protocol and consist of only a few of the protocol that would be included in the TCP/IP suite of protocol.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 5267-5268). Auerbach Publications. Kindle Edition.
http://en.wikipedia.org/wiki/Internet_protocol_suite
NEW QUESTION 246
A 'Pseudo flaw' is which of the following?
- A. A normally generated page fault causing the system to halt.
- B. Used for testing for bounds violations in application programming.
- C. An apparent loophole deliberately implanted in an operating system program as a trap for intruders.
- D. An omission when generating Psuedo-code.
Answer: C
Explanation:
A Pseudo flaw is something that looks like it is vulnerable to attack, but really
acts as an alarm or triggers automatic actions when an intruder attempts to exploit the flaw.
The following answers are incorrect:
An omission when generating Psuedo-code. Is incorrect because it is a distractor.
Used for testing for bounds violations in application programming. Is incorrect, this is a
testing methodology.
A normally generated page fault causing the system to halt. This is incorrect because it is
distractor.
NEW QUESTION 247
Which of the following groups represents the leading source of computer crime losses?
- A. Industrial saboteurs
- B. Hackers
- C. Foreign intelligence officers
- D. Employees
Answer: D
Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
There are some conflicting figures as to which group is a bigger threat hackers or employees. Employees are still considered to the leading source of computer crime losses. Employees often have an easier time gaining access to systems or source code then ousiders or other means of creating computer crimes.
A word of caution is necessary: although the media has tended to portray the threat of cybercrime as existing almost exclusively from the outside, external to a company, reality paints a much different picture. Often the greatest risk of cybercrime comes from the inside, namely, criminal insiders. Information security professionals must be particularly sensitive to the phenomena of the criminal or dangerous insider, as these individuals usually operate under the radar, inside of the primarily outward/external facing security controls, thus significantly increasing the impact of their crimes while leaving few, if any, audit trails to follow and evidence for prosecution.
Some of the large scale crimes committed agains bank lately has shown that Internal Threats are the worst and they are more common that one would think. The definition of what a hacker is can vary greatly from one country to another but in some of the states in the USA a hacker is defined as Someone who is using resources in a way that is not authorized. A recent case in Ohio involved an internal employee who was spending most of his day on dating website looking for the love of his life. The employee was taken to court for hacking the company resources.
The following answers are incorrect:
hackers. Is incorrect because while hackers represent a very large problem and both the frequency of attacks and overall losses have grown hackers are considered to be a small segment of combined computer fraudsters.
industrial saboteurs. Is incorrect because industrial saboteurs tend to go after trade secrets. While the loss to the organization can be great, they still fall short when compared to the losses created by employees. Often it is an employee that was involved in industrial sabotage.
foreign intelligence officers. Is incorrect because the losses tend to be national secrets. You really can't put t cost on this and the number of frequency and occurances of this is less than that of employee related losses.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 22327-22331). Auerbach Publications. Kindle Edition.
NEW QUESTION 248
Which of the following biometric devices offers the LOWEST CER?
- A. Iris scan
- B. Keystroke dynamics
- C. Fingerprint
- D. Voice verification
Answer: A
Explanation:
From most effective (lowest CER) to least effective (highest CER) are: Iris scan, fingerprint, voice verification, keystroke dynamics. Reference : Shon Harris Aio v3 , Chapter-4 : Access Control , Page : 131 Also see: http://www.sans.org/reading_room/whitepapers/authentication/biometricselection-body-parts-online_139
NEW QUESTION 249
Which conceptual approach to intrusion detection system is the most common?
- A. Statistical anomaly-based intrusion detection
- B. Host-based intrusion detection
- C. Knowledge-based intrusion detection
- D. Behavior-based intrusion detection
Answer: C
Explanation:
Explanation/Reference:
There are two conceptual approaches to intrusion detection. Knowledge-based intrusion detection uses a database of known vulnerabilities to look for current attempts to exploit them on a system and trigger an alarm if an attempt is found. The other approach, not as common, is called behaviour-based or statistical analysis-based. A host-based intrusion detection system is a common implementation of intrusion detection, not a conceptual approach.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page
63).
Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4:
Access Control (pages 193-194).
NEW QUESTION 250
Which of the following is an advantage of a qualitative over a quantitative risk analysis?
- A. It provides specific quantifiable measurements of the magnitude of the impacts.
- B. It makes a cost-benefit analysis of recommended controls easier.
- C. It can easily be automated.
- D. It prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities.
Answer: D
Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
The main advantage of the qualitative impact analysis is that it prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities. It does not provide specific quantifiable measurements of the magnitude of the impacts, therefore making a cost-analysis of any recommended controls difficult. Since it involves a consensus of export and some guesswork based on the experience of Subject Matter Experts (SME's), it can not be easily automated.
Reference used for this question:
STONEBURNER, Gary et al., NIST Special publication 800-30, Risk management Guide for Information Technology Systems, 2001 (page 23).
NEW QUESTION 251
A deviation from an organization-wide security policy requires which of the following?
- A. Risk Containment
- B. Risk Assignment
- C. Risk Acceptance
- D. Risk Reduction
Answer: C
Explanation:
Explanation/Reference:
A deviation from an organization-wide security policy requires you to manage the risk. If you deviate from the security policy then you are required to accept the risks that might occur.
In some cases, it may be prudent for an organization to simply accept the risk that is presented in certain scenarios. Risk acceptance is the practice of accepting certain risk(s), typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way.
The OIG defines Risk Management as: This term characterizes the overall process.
The first phase of risk assessment includes identifying risks, risk-reducing measures, and the budgetary impact of implementing decisions related to the acceptance, avoidance, or transfer of risk.
The second phase of risk management includes the process of assigning priority to, budgeting, implementing, and maintaining appropriate risk-reducing measures.
Risk management is a continuous process of ever-increasing complexity. It is how we evaluate the impact of exposures and respond to them. Risk management minimizes loss to information assets due to undesirable events through identification, measurement, and control. It encompasses the overall security review, risk analysis, selection and evaluation of safeguards, cost-benefit analysis, management decision, and safeguard identification and implementation, along with ongoing effectiveness review.
Risk management provides a mechanism to the organization to ensure that executive management knows current risks, and informed decisions can be made to use one of the risk management principles: risk avoidance, risk transfer, risk mitigation, or risk acceptance.
The 4 ways of dealing with risks are: Avoidance, Transfer, Mitigation, Acceptance The following answers are incorrect:
Risk assignment. Is incorrect because it is a distractor, assignment is not one of the ways to manage risk.
Risk reduction. Is incorrect because there was a deviation of the security policy. You could have some additional exposure by the fact that you deviated from the policy.
Risk containment. Is incorrect because it is a distractor, containment is not one of the ways to manage risk.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 8882-8886). Auerbach Publications. Kindle Edition.
and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 10206-10208). Auerbach Publications. Kindle Edition.
NEW QUESTION 252
What would be the name of a Logical or Virtual Table dynamically generated to restrict the information a user can access in a database?
- A. Database Management system
- B. Database views
- C. Database security
- D. Database shadowing
Answer: B
Explanation:
Database views; Database views are mechanisms that restrict
access to the information that a user can access in a database.Source: KRUTZ, Ronald L.
& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, 2001, John Wiley & Sons, Page 35.
Wikipedia has a detailed explantion as well:
In database theory, a view is a virtual or logical table composed of the result set of a query.
Unlike ordinary tables (base tables) in a relational database, a view is not part of the
physical schema: it is a dynamic, virtual table computed or collated from data in the
database. Changing the data in a table alters the data shown in the view.
Views can provide advantages over tables;
They can subset the data contained in a table
They can join and simplify multiple tables into a single virtual table
Views can act as aggregated tables, where aggregated data (sum, average etc.) are
calculated and presented as part of the data
Views can hide the complexity of data, for example a view could appear as Sales2000 or
Sales2001, transparently partitioning the actual underlying table
Views do not incur any extra storage overhead
Depending on the SQL engine used, views can provide extra security.
Limit the exposure to which a table or tables are exposed to outer world
Just like functions (in programming) provide abstraction, views can be used to create
abstraction. Also, just like functions, views can be nested, thus one view can aggregate
data from other views. Without the use of views it would be much harder to normalise
databases above second normal form. Views can make it easier to create lossless join
decomposition.
NEW QUESTION 253
......
Valid SSCP Test Answers & ISC SSCP Exam PDF: https://www.fast2test.com/SSCP-premium-file.html
ISC SSCP Certification Real 2021 Mock Exam: https://drive.google.com/open?id=1vyKD4EGtBEhNSC5rBIZgkaSkE5CcgtWR