• Home
  • Articles
  • SSCP Dumps (2023) Prepare Your Exam With 1074 Questions [Q162-Q186]

SSCP Dumps (2023) Prepare Your Exam With 1074 Questions [Q162-Q186]

Share

SSCP Dumps (2023) Prepare Your Exam With 1074 Questions

New SSCP Dumps - Real ISC Exam Questions

NEW QUESTION 162
Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards?

  • A. Declaration
  • B. Certification
  • C. Audit
  • D. Accreditation

Answer: D

Explanation:
Section: Security Operation Adimnistration
Explanation/Reference:
Accreditation: is an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards. It is usually based on a technical certification of the system's security mechanisms.
Certification: Technical evaluation (usually made in support of an accreditation action) of an information system
\'s security features and other safeguards to establish the extent to which the system\'s design and implementation meet specified security requirements.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

 

NEW QUESTION 163
Another example of Computer Incident Response Team (CIRT) activities is:

  • A. Management of the netware logs, including collection, retention, review, and analysis of data
  • B. Management of the network logs, including collection and analysis of data
  • C. Management of the network logs, including collection, retention, review, and analysis of data
  • D. Management of the network logs, including review and analysis of data

Answer: C

Explanation:
Additional examples of CIRT activities are:
Management of the network logs, including collection, retention, review, and analysis of data Management of the resolution of an incident, management of the remediation of a vulnerability, and post-event reporting to the appropriate parties. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 64.

 

NEW QUESTION 164
Which of the following would be MOST important to guarantee that the computer evidence will be admissible in court?

  • A. Its reliability must be proven.
  • B. It must prove a fact that is immaterial to the case.
  • C. The chain of custody of the evidence must show who collected, secured, controlled, handled, transported the evidence, and that it was not tampered with.
  • D. The process for producing it must be documented and repeatable.

Answer: C

Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
It has to be material, relevant and reliable, and the chain of custody must be maintained, it is unlikely that it will be admissible in court if it has been tampered with.
The following answers are incorrect:
It must prove a fact that is immaterial to the case. Is incorrect because evidence must be relevant. If it is immaterial then it is not relevant.
Its reliability must be proven. Is incorrect because it is not the best answer. While evidence must be relevant if the chain of custody cannot be verified, then the evidence could lose it's credibility because there is no proof that the evidence was not tampered with. So, the correct answer above is the BEST answer.
The process for producing it must be documented and repeatable. Is incorrect because just because the process is documented and repeatable does not mean that it will be the same. This amounts to Corroborative Evidence that may help to support a case.

 

NEW QUESTION 165
Which of the following algorithms is used today for encryption in PGP?

  • A. RC5
  • B. RSA
  • C. IDEA
  • D. Blowfish

Answer: C

Explanation:
The Pretty Good Privacy (PGP) email encryption system was developed by Phil Zimmerman. For encrypting messages, it actually uses AES with up to 256-bit keys, CAST, TripleDES, IDEA and Twofish. RSA is also used in PGP, but only for symmetric key exchange and for digital signatures, but not for encryption.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (pages 154, 169). More info on PGP can be found on their site at http://www.pgp.com/display.php?pageID=29.

 

NEW QUESTION 166
Which of the following is the most important consideration in locating an alternate computing facility during the development of a disaster recovery plan?

  • A. It is close enough to serve its users.
  • B. It is convenient to airports and hotels.
  • C. It is close enough to become operational quickly.
  • D. It is unlikely to be affected by the same disaster.

Answer: D

Explanation:
You do not want the alternate or recovery site located in close proximity to the original site because the same event that create the situation in the first place might very well impact that site also.
From NIST: "The fixed site should be in a geographic area that is unlikely to be negatively affected by the same disaster event (e.g., weather-related impacts or power grid failure) as the organization's primary site.
The following answers are incorrect:
It is close enough to become operational quickly. Is incorrect because it is not the best answer. You'd want the alternate site to be close but if it is too close the same event could impact that site as well.
It is close enough to serve its users. Is incorrect because it is not the best answer. You'd want the alternate site to be close to users if applicable, but if it is too close the same event could impact that site as well
It is convenient to airports and hotels. Is incorrect because it is not the best answer, it is more important that the same event does not impact the alternate site then convenience.
References:
OIG CBK Business Continuity and Disaster Recovery Planning (pages 368 - 369) NIST document 800-34 pg 21

 

NEW QUESTION 167
Which port does the Post Office Protocol Version 3 (POP3) make use of?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

Explanation:
Explanation/Reference:
The other answers are not correct because of the following protocol/port numbers matrix:
Post Office Protocol (POP2) 109
Network News Transfer Protocol 119
NetBIOS 139

 

NEW QUESTION 168
In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the:

  • A. Network or Transport Layer.
  • B. Application Layer.
  • C. Inspection Layer.
  • D. Data Link Layer.

Answer: A

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
Most stateful packet inspection firewalls work at the network or transport layers. For the TCP/IP protcol, this allows the firewall to make decisions both on IP addresses, protocols and TCP/UDP port numbers Application layer is incorrect. This is too high in the OSI stack for this type of firewall.
Inspection layer is incorrect. There is no such layer in the OSI stack.
"Data link layer" is incorrect. This is too low in the OSI stack for this type of firewall.
References:
CBK, p. 466
AIO3, pp. 485 - 486

 

NEW QUESTION 169
What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire?

  • A. Untrusted certificate list
  • B. Authority revocation list
  • C. Certificate revocation list
  • D. Certificate revocation tree

Answer: B

Explanation:
Explanation/Reference:
The Internet Security Glossary (RFC2828) defines the Authority Revocation List (ARL) as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire.
Do not to confuse with an ARL with a Certificate Revocation List (CRL). A certificate revocation list is a mechanism for distributing notices of certificate revocations. The question specifically mentions "issued to CAs" which makes ARL a better answer than CRL.
http://rfclibrary.hosting.com/rfc/rfc2828/rfc2828-29.asp
$ certificate revocation list (CRL)
(I) A data structure that enumerates digital certificates that have been invalidated by their issuer prior to when they were
scheduled to expire. (See: certificate expiration, X.509 certificate revocation list.)
http://rfclibrary.hosting.com/rfc/rfc2828/rfc2828-17.asp
$ authority revocation list (ARL)
(I) A data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire. (See: certificate expiration, X.509 authority revocation list.)
In a few words: We use CRL's for end-user cert revocation and ARL's for CA cert revocation - both can be placed in distribution points.

 

NEW QUESTION 170
Which of the following backup methods is most appropriate for off-site archiving?

  • A. Incremental backup method
  • B. Off-site backup method
  • C. Full backup method
  • D. Differential backup method

Answer: C

Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
The full backup makes a complete backup of every file on the system every time it is run. Since a single backup set is needed to perform a full restore, it is appropriate for off-site archiving.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page
69).

 

NEW QUESTION 171
When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems?

  • A. Functional business units
  • B. Senior business unit management
  • C. Executive management staff
  • D. BCP committee

Answer: B

Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
Many elements of a BCP will address senior management, such as the statement of importance and priorities, the statement of organizational responsibility, and the statement of urgency and timing. Executive management staff initiates the project, gives final approval and gives ongoing support. The BCP committee directs the planning, implementation, and tests processes whereas functional business units participate in implementation and testing.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity Planning and Disaster Recovery Planning (page 275).

 

NEW QUESTION 172
Which TCSEC level is labeled Controlled Access Protection?

  • A. B1
  • B. C3
  • C. C1
  • D. C2

Answer: D

Explanation:
Explanation/Reference:
C2 is labeled Controlled Access Protection.
The TCSEC defines four divisions: D, C, B and A where division A has the highest security.
Each division represents a significant difference in the trust an individual or organization can place on the evaluated system. Additionally divisions C, B and A are broken into a series of hierarchical subdivisions called classes: C1, C2, B1, B2, B3 and A1.
Each division and class expands or modifies as indicated the requirements of the immediately prior division or class.
D - Minimal protection
Reserved for those systems that have been evaluated but that fail to meet the requirements for a higher division
C - Discretionary protection
C1 - Discretionary Security Protection
Identification and authentication
Separation of users and data
Discretionary Access Control (DAC) capable of enforcing access limitations on an individual basis Required System Documentation and user manuals
C2 - Controlled Access Protection
More finely grained DAC
Individual accountability through login procedures
Audit trails
Object reuse
Resource isolation
B - Mandatory protection
B1 - Labeled Security Protection
Informal statement of the security policy model
Data sensitivity labels
Mandatory Access Control (MAC) over selected subjects and objects
Label exportation capabilities
All discovered flaws must be removed or otherwise mitigated
Design specifications and verification
B2 - Structured Protection
Security policy model clearly defined and formally documented
DAC and MAC enforcement extended to all subjects and objects
Covert storage channels are analyzed for occurrence and bandwidth
Carefully structured into protection-critical and non-protection-critical elements Design and implementation enable more comprehensive testing and review
Authentication mechanisms are strengthened
Trusted facility management is provided with administrator and operator segregation Strict configuration management controls are imposed
B3 - Security Domains
Satisfies reference monitor requirements
Structured to exclude code not essential to security policy enforcement Significant system engineering directed toward minimizing complexity
Security administrator role defined
Audit security-relevant events
Automated imminent intrusion detection, notification, and response
Trusted system recovery procedures
Covert timing channels are analyzed for occurrence and bandwidth
An example of such a system is the XTS-300, a precursor to the XTS-400
A - Verified protection
A1 - Verified Design
Functionally identical to B3
Formal design and verification techniques including a formal top-level specification Formal management and distribution procedures
An example of such a system is Honeywell's Secure Communications Processor SCOMP, a precursor to the XTS-400
Beyond A1
System Architecture demonstrates that the requirements of self-protection and completeness for reference monitors have been implemented in the Trusted Computing Base (TCB).
Security Testing automatically generates test-case from the formal top-level specification or formal lower-level specifications.
Formal Specification and Verification is where the TCB is verified down to the source code level, using formal verification methods where feasible.
Trusted Design Environment is where the TCB is designed in a trusted facility with only trusted (cleared) personnel.
The following are incorrect answers:
C1 is Discretionary security
C3 does not exists, it is only a detractor
B1 is called Labeled Security Protection.
Reference(s) used for this question:
HARE, Chris, Security management Practices CISSP Open Study Guide, version 1.0, april 1999.
and
AIOv4 Security Architecture and Design (pages 357 - 361)
AIOv5 Security Architecture and Design (pages 358 - 362)

 

NEW QUESTION 173
Making sure that only those who are supposed to access the data can access is which of the following?

  • A. availability.
  • B. integrity.
  • C. capability.
  • D. confidentiality.

Answer: D

Explanation:
From the published (ISC)2 goals for the Certified Information Systems Security Professional candidate, domain definition. Confidentiality is making sure that only those who are supposed to access the data can access it. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 59.

 

NEW QUESTION 174
This type of backup management provides a continuous on-line backup by using optical or tape
"jukeboxes," similar to WORMs (Write Once, Read Many):

  • A. Hierarchical Access Management (HAM).
  • B. Hierarchical Resource Management (HRM).
  • C. Hierarchical Storage Management (HSM).
  • D. Hierarchical Instance Management (HIM).

Answer: C

Explanation:
Explanation/Reference:
Hierarchical Storage Management (HSM) provides a continuous on-line backup by using optical or tape
"jukeboxes," similar to WORMs.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 71.

 

NEW QUESTION 175
Which xDSL flavour delivers both downstream and upstream speeds of 1.544 Mbps over two copper twisted pairs?

  • A. VDSL
  • B. HDSL
  • C. ADSL
  • D. SDSL

Answer: B

Explanation:
High-rate Digital Subscriber Line (HDSL) delivers 1.544 Mbps of bandwidth each way over two copper twisted pairs. SDSL also delivers 1.544 Mbps but over a single copper twisted pair. ADSL and VDSL offer a higher bandwidth downstream than upstream. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 115).

 

NEW QUESTION 176
Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette?

  • A. Zeroization
  • B. Buffer overflow
  • C. Degaussing
  • D. Parity Bit Manipulation

Answer: C

Explanation:
A "Degausser (Otherwise known as a Bulk Eraser) has the main function of reducing to near zero the magnetic flux stored in the magnetized medium. Flux density is measured in Gauss or Tesla. The operation is speedier than overwriting and done in one short operation. This is achieved by subjecting the subject in bulk to a series of fields of alternating polarity and gradually decreasing strength.
The following answers are incorrect:Parity Bit Manipulation. Parity has to do with disk lerror detection, not data removal. A bit or series of bits appended to a character or block of characters to ensure that the information received is the same as the infromation that was sent.
Zeroization. Zeroization involves overwrting data to sanitize it. It is time-consuming and not foolproof. The potential of restoration of data does exist with this method. Buffer overflow. This is a detractor. Although many Operating Systems use a disk buffer to temporarily hold data read from disk, its primary purpose has no connection to data removal. An overflow goes outside the constraints defined for the buffer and is a method used by an attacker to attempt access to a system.
The following reference(s) were/was used to create this question:
Shon Harris AIO v3. pg 908 Reference: What is degaussing.

 

NEW QUESTION 177
Which security model uses division of operations into different parts and requires different users to perform each part?

  • A. Clark-Wilson model
  • B. Biba model
  • C. Non-interference model
  • D. Bell-LaPadula model

Answer: A

Explanation:
Section: Access Control
Explanation/Reference:
The Clark-Wilson model uses separation of duties, which divides an operation into different parts and requires different users to perform each part. This prevents authorized users from making unauthorized modifications to data, thereby protecting its integrity.
The Clark-Wilson integrity model provides a foundation for specifying and analyzing an integrity policy for a computing system.
The model is primarily concerned with formalizing the notion of information integrity. Information integrity is maintained by preventing corruption of data items in a system due to either error or malicious intent. An integrity policy describes how the data items in the system should be kept valid from one state of the system to the next and specifies the capabilities of various principals in the system. The model defines enforcement rules and certification rules.
The model's enforcement and certification rules define data items and processes that provide the basis for an integrity policy. The core of the model is based on the notion of a transaction.
A well-formed transaction is a series of operations that transition a system from one consistent state to another consistent state.
In this model the integrity policy addresses the integrity of the transactions.
The principle of separation of duty requires that the certifier of a transaction and the implementer be different entities.
The model contains a number of basic constructs that represent both data items and processes that operate on those data items. The key data type in the Clark-Wilson model is a Constrained Data Item (CDI). An Integrity Verification Procedure (IVP) ensures that all CDIs in the system are valid at a certain state.
Transactions that enforce the integrity policy are represented by Transformation Procedures (TPs). A TP takes as input a CDI or Unconstrained Data Item (UDI) and produces a CDI. A TP must transition the system from one valid state to another valid state. UDIs represent system input (such as that provided by a user or adversary). A TP must guarantee (via certification) that it transforms all possible values of a UDI to a "safe" CDI.
In general, preservation of data integrity has three goals:
Prevent data modification by unauthorized parties
Prevent unauthorized data modification by authorized parties
Maintain internal and external consistency (i.e. data reflects the real world) Clark-Wilson addresses all three rules but BIBA addresses only the first rule of intergrity.
References:
HARRIS, Shon, All-In-One CISSP Certification Fifth Edition, McGraw-Hill/Osborne, Chapter 5: Security Architecture and Design (Page 341-344).
and
http://en.wikipedia.org/wiki/Clark-Wilson_model

 

NEW QUESTION 178
_______ and ________ are the primary controls of most access control systems.<br>(Choose two)

  • A. Biometrics
  • B. Authorization
  • C. Identification
  • D. Authentication
  • E. Tickets

Answer: C,D

Explanation:
Identifying a user and authenticating them into the system form the foundations of most access control systems.

 

NEW QUESTION 179
What is the PRIMARY use of a password?

  • A. Authenticate the user.
  • B. Allow access to files.
  • C. Segregate various user's accesses.
  • D. Identify the user.

Answer: A

Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

 

NEW QUESTION 180
What refers to legitimate users accessing networked services that would normally be restricted to them?

  • A. Piggybacking
  • B. Logon abuse
  • C. Eavesdropping
  • D. Spoofing

Answer: B

Explanation:
Section: Access Control
Explanation/Reference:
Unauthorized access of restricted network services by the circumvention of security access controls is known as logon abuse. This type of abuse refers to users who may be internal to the network but access resources they would not normally be allowed.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page
74).

 

NEW QUESTION 181
For which areas of the enterprise are business continuity plans required?

  • A. All areas of the enterprise.
  • B. The marketing, finance, and information processing areas.
  • C. The financial and information processing areas of the enterprise.
  • D. The operating areas of the enterprise.

Answer: A

Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

 

NEW QUESTION 182
Which of the following can be used as a covert channel?

  • A. Storage and timing.
  • B. Storage and low bits.
  • C. Storage and permissions.
  • D. Storage and classification.

Answer: A

Explanation:
The Orange book requires protection against two types of covert channels,
Timing and Storage.
The following answers are incorrect:
Storage and low bits. Is incorrect because, low bits would not be considered a covert
channel.
Storage and permissions. Is incorrect because, permissions would not be considered a
covert channel.
Storage and classification. Is incorrect because, classification would not be considered a
covert channel.

 

NEW QUESTION 183
Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the OSI model?

  • A. Session Layer.
  • B. Application Layer.
  • C. Transport Layer.
  • D. Network Layer.

Answer: B

Explanation:
The Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at the Application Layer of the Open Systems Interconnect (OSI) model.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 89.

 

NEW QUESTION 184
Which of the following is NOT a characteristic or shortcoming of packet filtering gateways?

  • A. They are appropriate for medium-risk environment.
  • B. They don't protect against IP or DNS address spoofing.
  • C. They do not support strong user authentication.
  • D. The source and destination addresses, protocols, and ports contained in the IP packet header are the only information that is available to the router in making a decision whether or not to permit traffic access to an internal network.

Answer: A

Explanation:
Explanation/Reference:
Packet filtering firewalls use routers with packet filtering rules to grant or deny access based on source address, destination address, and port.
They offer minimum security but at a very low cost, and can be an appropriate choice for a low-risk environment.
Source: TIPTON, Harold F & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 3, Secured Connections to External Networks (page 60).

 

NEW QUESTION 185
Which backup method does not reset the archive bit on files that are backed up?

  • A. Incremental backup method
  • B. Full backup method
  • C. Differential backup method
  • D. Additive backup method

Answer: C

Explanation:
Explanation/Reference:
The differential backup method only copies files that have changed since the last full backup was performed. It is additive in the fact that it does not reset the archive bit so all changed or added files are backed up in every differential backup until the next full backup. The "additive backup method" is not a common backup method.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page
69).

 

NEW QUESTION 186
......

Get Ready with SSCP Exam Dumps: https://www.passleadervce.com/ISCCertification/reliable-SSCP-exam-learning-guide.html

Dependable SSCP Exam Dumps to Become ISC Certified: https://drive.google.com/open?id=1op1z1y99kmyBMFjBK7kMxW8x7HJK0tkv

Related Articles

more
ISC SSCP Certification Practice Exam