
1074 Exam Questions for SSCP Updated Versions With Test Engine
Pass SSCP Exam with Updated SSCP Exam Dumps PDF 2021
Target Audience
The potential candidates for the (ISC)2 SSCP certificate are the professionals with practical skills, proven technical knowledge, and hands-on security competence in various IT operational roles. These individuals can implement, administer, and monitor IT infrastructure based on the information security procedures and policies that ensure the availability, integrity, and confidentiality of data.
SSCP - System Security Certified Practitioner (SSCP)
SSCP exam is part of the new System Security Certified Practitioner (SSCP) certification. This exam measures your ability and skills related to Systems Security Certified Practitioner. Candidates will need to show they have technical skills and practical, hands-on security knowledge in operational IT roles. The SSCP certification exam will also verify that the candidate has the ability to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity, and availability.
NEW QUESTION 641
What is Kerberos?
- A. A three-headed dog from the egyptian mythology.
- B. A remote authentication dial in user server.
- C. A trusted third-party authentication protocol.
- D. A security model.
Answer: C
Explanation:
Explanation/Reference:
Is correct because that is exactly what Kerberos is.
The following answers are incorrect:
A three-headed dog from Egyptian mythology. Is incorrect because we are dealing with Information Security and not the Egyptian mythology but the Greek Mythology.
A security model. Is incorrect because Kerberos is an authentication protocol and not just a security model.
A remote authentication dial in user server. Is incorrect because Kerberos is not a remote authentication dial in user server that would be called RADIUS.
NEW QUESTION 642
Which of the following IEEE standards defines the token ring media access method?
- A. 802.11
- B. 802.2
- C. 802.3
- D. 802.5
Answer: B
Explanation:
Section: Network and Telecommunications
Explanation/Reference:
The IEEE 802.5 standard defines the token ring media access method. 802.3 refers to Ethernet's CSMA/CD,
802.11 refers to wireless communications and 802.2 refers to the logical link control.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page
109).
NEW QUESTION 643
What can a packet filtering firewall also be called?
- A. a scanning router
- B. a sniffing router
- C. a shielding router
- D. a screening router
Answer: D
Explanation:
Explanation/Reference:
While neither CBK nor AIO3 use the term "screening router," they both discuss how the packet filtering capabilities of a router can be used to block traffic much like a packet filtering firewall. Krutz and Vine use this term on p. 90.
"A scanning router" is incorrect. This is a nonsense term to distract you.
"A shielding router" is incorrect. This is a nonsense term to distract you.
"A sniffing router" is incorrect. This is a nonsense term to distract you.
References:
CBK, p. 433
AIO3, pp.484 - 485
NEW QUESTION 644
An Intrusion Detection System (IDS) is what type of control?
- A. A preventive control.
- B. A directive control.
- C. A recovery control.
- D. A detective control.
Answer: B
Explanation:
Explanation/Reference:
These controls can be used to investigate what happen after the fact. Your IDS may collect information on where the attack came from, what port was use, and other details that could be used in the investigation steps.
"Preventative control" is incorrect. Preventative controls preclude events or actions that might compromise a system or cause a policy violation. An intrusion prevention system would be an example of a preventative control.
"Recovery control" is incorrect. Recover controls include processes used to return the system to a secure state after the occurrence of a security incident. Backups and redundant components are examples of recovery controls.
"Directive controls" is incorrect. Directive controls are administrative instruments such as policies, procedures, guidelines, and aggreements. An acceptable use policy is an example of a directive control.
References:
CBK, pp. 646 - 647
NEW QUESTION 645
Which of the following backup methods is most appropriate for off-site archiving?
- A. Differential backup method
- B. Off-site backup method
- C. Incremental backup method
- D. Full backup method
Answer: D
Explanation:
The full backup makes a complete backup of every file on the system every
time it is run. Since a single backup set is needed to perform a full restore, it is appropriate
for off-site archiving.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3:
Telecommunications and Network Security (page 69).
NEW QUESTION 646
What is the name of the third party authority that vouches for the binding between the data items in a digital certificate?
- A. Vouching authority
- B. Issuing authority
- C. Certification authority
- D. Registration authority
Answer: C
Explanation:
A certification authority (CA) is a third party entity that issues digital
certificates (especially X.509 certificates) and vouches for the binding between the data
items in a certificate. An issuing authority could be considered a correct answer, but not the
best answer, since it is too generic.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
NEW QUESTION 647
What is the difference between Access Control Lists (ACLs) and Capability Tables?
- A. They are basically the same.
- B. Access control lists are related/attached to an object whereas capability tables are related/attached to a subject.
- C. Access control lists are related/attached to a subject whereas capability tables are related/attached to an object.
- D. Capability tables are used for objects whereas access control lists are used for users.
Answer: B
Explanation:
Section: Access Control
Explanation/Reference:
Capability tables are used to track, manage and apply controls based on the object and rights, or capabilities of a subject. For example, a table identifies the object, specifies access rights allowed for a subject, and permits access based on the user's posession of a capability (or ticket) for the object. It is a row within the matrix.
To put it another way, A capabiltiy table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL.
CLEMENT NOTE:
If we wish to express this very simply:
Capabilities are attached to a subject and it describe what access the subject has to each of the objects on the row that matches with the subject within the matrix. It is a row within the matrix.
ACL's are attached to objects, it describe who has access to the object and what type of access they have. It is a column within the matrix.
The following are incorrect answers:
"Access control lists are subject-based whereas capability tables are object-based" is incorrect.
"Capability tables are used for objects whereas access control lists are used for users" is incorrect.
"They are basically the same" is incorrect.
References used for this question:
CBK, pp. 191 - 192
AIO3 p. 169
NEW QUESTION 648
In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?
- A. Bell-LaPadula model
- B. Biba model
- C. Access Matrix model
- D. Take-Grant model
Answer: A
Explanation:
The Bell-LAPadula model is also called a multilevel security system because users with different clearances use the system and the system processes data with different classifications. Developed by the US Military in the 1970s.
A security model maps the abstract goals of the policy to information system terms by specifying explicit data structures and techniques necessary to enforce the security policy. A security model is usually represented in mathematics and analytical ideas, which are mapped to system specifications and then developed by programmers through programming code. So we have a policy that encompasses security goals, such as "each subject must be authenticated and authorized before accessing an object." The security model takes this requirement and provides the necessary mathematical formulas, relationships, and logic structure to be followed to accomplish this goal.
A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels. The level at which information is classified determines the
handling procedures that should be used. The Bell-LaPadula model is a state machine
model that enforces the confidentiality aspects of access control. A matrix and security
levels are used to determine if subjects can access different objects. The subject's
clearance is compared to the object's classification and then specific rules are applied to
control how subject-to-object subject-to-object interactions can take place.
Reference(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 369). McGraw-
Hill. Kindle Edition.
NEW QUESTION 649
Which of the following is most concerned with personnel security?
- A. Operational controls
- B. Human resources controls
- C. Technical controls
- D. Management controls
Answer: A
Explanation:
Section: Security Operation Adimnistration
Explanation/Reference:
Many important issues in computer security involve human users, designers, implementers, and managers.
A broad range of security issues relates to how these individuals interact with computers and the access and authorities they need to do their jobs. Since operational controls address security methods focusing on mechanisms primarily implemented and executed by people (as opposed to systems), personnel security is considered a form of operational control.
Operational controls are put in place to improve security of a particular system (or group of systems). They often require specialized expertise and often rely upon management activities as well as technical controls.
Implementing dual control and making sure that you have more than one person that can perform a task would fall into this category as well.
Management controls focus on the management of the IT security system and the management of risk for a system. They are techniques and concerns that are normally addressed by management.
Technical controls focus on security controls that the computer system executes. The controls can provide automated protection for unauthorized access of misuse, facilitate detection of security violations, and support security requirements for applications and data.
Reference use for this question:
NIST SP 800-53 Revision 4 http://dx.doi.org/10.6028/NIST.SP.800-53r4
You can get it as a word document by clicking HERE
NIST SP 800-53 Revision 4 has superseded the document below:
SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Page A-18).
NEW QUESTION 650
What can best be defined as high-level statements, beliefs, goals and objectives?
- A. Policies
- B. Standards
- C. Procedures
- D. Guidelines
Answer: A
Explanation:
Section: Security Operation Adimnistration
Explanation/Reference:
Policies are high-level statements, beliefs, goals and objectives and the general means for their attainment for a specific subject area. Standards are mandatory activities, action, rules or regulations designed to provide policies with the support structure and specific direction they require to be effective. Guidelines are more general statements of how to achieve the policies objectives by providing a framework within which to implement procedures. Procedures spell out the specific steps of how the policy and supporting standards and how guidelines will be implemented.
Source: HARE, Chris, Security management Practices CISSP Open Study Guide, version 1.0, april 1999.
NEW QUESTION 651
It is a violation of the "separation of duties" principle when which of the following individuals access the software on systems implementing security?
- A. security administrator
- B. systems programmer
- C. security analyst
- D. systems auditor
Answer: B
Explanation:
Section: Security Operation Adimnistration
Explanation/Reference:
Reason: The security administrator, security analysis, and the system auditor need access to portions of the security systems to accomplish their jobs. The system programmer does not need access to the working (AKA: Production) security systems.
Programmers should not be allowed to have ongoing direct access to computers running production systems (systems used by the organization to operate its business). To maintain system integrity, any changes they make to production systems should be tracked by the organization's change management control system.
Because the security administrator's job is to perform security functions, the performance of non-security tasks must be strictly limited. This separation of duties reduces the likelihood of loss that results from users abusing their authority by taking actions outside of their assigned functional responsibilities.
References:
OFFICIAL (ISC)2 GUIDE TO THE CISSP EXAM (2003), Hansche, S., Berti, J., Hare, H., Auerbach Publication, FL, Chapter 5 - Operations Security, section 5.3,"Security Technology and Tools," Personnel section (page 32).
KRUTZ, R. & VINES, R. The CISSP Prep Guide: Gold Edition (2003), Wiley Publishing Inc., Chapter 6:
Operations Security, Separations of Duties (page 303).
NEW QUESTION 652
Which of the following are WELL KNOWN PORTS assigned by the IANA?
- A. Ports 0 to 127
- B. Ports 0 to 1024
- C. Ports 0 to 1023
- D. Ports 0 to 255
Answer: C
Explanation:
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports. The range for assigned "Well Known" ports managed by the IANA (Internet Assigned Numbers Authority) is 0-1023.
Source: iana.org: port assignments.
NEW QUESTION 653
Which OSI/ISO layer does a SOCKS server operate at?
- A. Session layer
- B. Data link layer
- C. Transport layer
- D. Network layer
Answer: A
Explanation:
A SOCKS based server operates at the Session layer of the OSI model.
SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network firewall. SOCKS is an abbreviation for "SOCKetS". As of Version 5 of SOCK, both UDP and TCP is supported.
One of the best known circuit-level proxies is SOCKS proxy server. The basic purpose of the protocol is to enable hosts on one side of a SOCKS server to gain access to hosts on the other side of a SOCKS Server, without requiring direct "IP-reachability"
The protocol was originally developed by David Koblas, a system administrator of MIPS Computer Systems. After MIPS was taken over by Silicon Graphics in 1992, Koblas presented a paper on SOCKS at that year's Usenix Security Symposium and SOCKS became publicly available. The protocol was extended to version 4 by Ying-Da Lee of NEC.
SOCKS includes two components, the SOCKS server and the SOCKS client.
The SOCKS protocol performs four functions:
Making connection requests Setting up proxy circuits Relaying application data Performing user authentication (optional)
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 96). and http://en.wikipedia.org/wiki/SOCKS and http://www.faqs.org/rfcs/rfc1928.html and The ISC2 OIG on page 619
NEW QUESTION 654
Which of the following access methods is used by Ethernet?
- A. FIFO.
- B. CSMA/CD.
- C. TCP/IP.
- D. CSU/DSU.
Answer: B
Explanation:
Section: Network and Telecommunications
Explanation/Reference:
Ethernet uses Carrier Sense Multiple Access with Collision Detection (CSMA/CD) to minimize the effect of broadcast collisions.
The following answers are incorrect:
CSU/DSU Is incorrect because Channel Service Unit/Digital Service Unit(CSU/DSU) is a digital interface normally used to connect a router to a digital circuit.
TCP/IP Is incorrect because Transmission Control Protocol/Internet Protocol(TCP/IP) is a network protocol not an access method.
FIFO Is incorrect as it is a distractor. First In, First Out (FIFO) is typically a processing methodology in which first come, first served.
Ethernet is a frame based network technology.
References:
OIG CBK Telecommunications and Network Security (pages 437 - 438)
Wikipedia http://en.wikipedia.org/wiki/FIFO
NEW QUESTION 655
A common way to create fault tolerance with leased lines is to group several T1s together with an inverse multiplexer placed:
- A. at both ends of the connection.
- B. in the middle of the connection.
- C. at one end of the connection.
- D. somewhere between both end points.
Answer: A
Explanation:
A common way to create fault tolerance with leased lines is to group several T1s together with an inverse multiplexer placed at both ends of the connection.
In fact it would be a Multiplexer at one end and DeMultiplexer at other end or vice versa. Inverse Multiplexer at both end.
In electronics, a multiplexer (or mux) is a device that selects one of several analog or digital input signals and forwards the selected input into a single line. A multiplexer of 2n inputs has n select lines, which are used to select which input line to send to the output. Multiplexers are mainly used to increase the amount of data that can be sent over the network within a certain amount of time and bandwidth. A multiplexer is also called a data selector.
An electronic multiplexer makes it possible for several signals to share one device or resource, for example one A/D converter or one communication line, instead of having one device per input signal.
On the other hand, a demultiplexer (or demux) is a device taking a single input signal and selecting one of many data-output-lines, which is connected to the single input. A multiplexer is often used with a complementary demultiplexer on the receiving end. An electronic multiplexer can be considered as a multiple-input, single-output switch, and a demultiplexer as a single-input, multiple-output switch
References: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 72. and https://secure.wikimedia.org/wikipedia/en/wiki/Multiplexer
NEW QUESTION 656
What is the difference between Advisory and Regulatory security policies?
- A. there is no difference between them
- B. regulatory policies are high level policy, while advisory policies are very detailed
- C. Advisory policies are not mandated. Regulatory policies must be implemented.
- D. Advisory policies are mandated while Regulatory policies are not
Answer: C
Explanation:
Explanation/Reference:
Advisory policies are security polices that are not mandated to be followed but are strongly suggested, perhaps with serious consequences defined for failure to follow them (such as termination, a job action warning, and so forth). A company with such policies wants most employees to consider these policies mandatory.
Most policies fall under this broad category.
Advisory policies can have many exclusions or application levels. Thus, these policies can control some employees more than others, according to their roles and responsibilities within that organization. For example, a policy that
requires a certain procedure for transaction processing might allow for an alternative procedure under certain, specified conditions.
Regulatory
Regulatory policies are security policies that an organization must implement due to compliance, regulation, or other legal requirements. These companies might be financial institutions, public utilities, or some other type of organization that operates in the public interest. These policies are usually very detailed and are specific to the industry in which the organization operates.
Regulatory polices commonly have two main purposes:
1. To ensure that an organization is following the standard procedures or base practices of operation in its specific industry
2. To give an organization the confidence that it is following the standard and accepted industry policy Informative
Informative policies are policies that exist simply to inform the reader. There are no implied or specified requirements, and the audience for this information could be certain internal (within the organization) or external parties. This does not mean that the policies are authorized for public consumption but that they are general enough to be distributed to external parties (vendors accessing an extranet, for example) without a loss of confidentiality.
References:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Page 12, Chapter 1: Security Management Practices.
also see:
The CISSP Prep Guide:Mastering the Ten Domains of Computer Security by Ronald L. Krutz, Russell Dean Vines, Edward M. Stroz
also see:
http://i-data-recovery.com/information-security/information-security-policies-standards-guidelines-and- procedures
NEW QUESTION 657
DES, 3DES, Blowfish, and AES are all examples of what type of cryptography?
- A. Public Key B. Message Digest
- B. Hash Algorithm
- C. Secret Key
Answer: C
NEW QUESTION 658
Which OSI/ISO layer is responsible for determining the best route for data to be transferred?
- A. Network layer
- B. Session layer
- C. Transport layer
- D. Physical layer
Answer: A
Explanation:
Explanation/Reference:
The main responsibility of the network layer is to insert information into the packet's header so that it can be properly routed. The protocols at the network layer must determine the best path for the packet to take.
The following answers are incorrect:
Session layer. The session layer is responsible for establishing a connection between two applications.
Physical layer. The physical layer if responsible for converting electronic impulses into bits and vice-versa.
Transport layer. The transport layer is responsible for data transmission and error detection.
The following reference(s) were/was used to create this question:
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, v3, chapter 7:
Telecommunications and Network Security (page 422-428).
ISC2 Official ISC2 Guide to the CBK (OIG) 2007, p. 409-412
NEW QUESTION 659
Which is the last line of defense in a physical security sense?
- A. interior barriers
- B. perimeter barriers
- C. people
- D. exterior barriers
Answer: C
Explanation:
Explanation/Reference:
"Ultimately, people are the last line of defense for your company's assets" (Pastore & Dulaney, 2006, p.
529).
Pastore, M. and Dulaney, E. (2006). CompTIA Security+ study guide: Exam SY0-101. Indianapolis, IN:
Sybex.
NEW QUESTION 660
Which type of firewall can be used to track connectionless protocols such as UDP and RPC?
- A. Application level firewalls
- B. Circuit level firewalls
- C. Packet filtering firewalls
- D. Stateful inspection firewalls
Answer: D
Explanation:
Section: Network and Telecommunications
Explanation/Reference:
Packets in a stateful inspection firewall are queued and then analyzed at all OSI layers, providing a more complete inspection of the data. By examining the state and context of the incoming data packets, it helps to track the protocols that are considered "connectionless", such as UDP-based applications and Remote Procedure Calls (RPC).
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page
91).
NEW QUESTION 661
Which of the following is needed for System Accountability?
- A. Audit mechanisms.
- B. Documented design as laid out in the Common Criteria.
- C. Authorization.
- D. Formal verification of system design.
Answer: A
Explanation:
Section: Access Control
Explanation/Reference:
Is a means of being able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed.
Accountability is the ability to identify users and to be able to track user actions.
The following answers are incorrect:
Documented design as laid out in the Common Criteria. Is incorrect because the Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability.
Authorization. Is incorrect because Authorization is granting access to subjects, just because you have authorization does not hold the subject accountable for their actions.
Formal verification of system design. Is incorrect because all you have done is to verify the system design and have not taken any steps toward system accountability.
References:
OIG CBK Glossary (page 778)
NEW QUESTION 662
After a company is out of an emergency state, what should be moved back to the original site first?
- A. Least critical components
- B. Executives
- C. Most critical components
- D. IT support staff
Answer: A
Explanation:
This will expose any weaknesses in the plan and ensure the primary site has been properly repaired before moving back. Moving critical assets first may induce a second disaster if the primary site has not been repaired properly.
The first group to go back would test items such as connectivity, HVAC, power, water, improper procedures, and/or steps that has been overlooked or not done properly. By moving these first, and fixing any problems identified, the critical operations of the company are not negatively affected.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 9: Disaster Recovery and Business continuity (page 621).
NEW QUESTION 663
......
Risk Identification, Analysis, & Monitoring (15%):
- Understanding the Process of Risk Management – It includes risk visibility & reporting, risk treatment, risk management frameworks, and risk management concepts;
- Operating & Maintaining Monitoring Systems – This area includes the information about logging, events of interest, source systems, as well as regulatory and legal concerns;
- Analyzing Monitoring Results – As for this domain, it requires the students’ skills in performing event data analysis, finding security anomalies and baselines, as well as your knowledge about the visualization, trends, and metrics. It also covers their expertise in documenting and communicating findings.
- Performing Various Security Evaluation Activities – This objective covers audit finding remediation, remediation validation, interpreting & reporting testing and scanning results, as well as participating in security testing;
SSCP Exam Dumps - Free Demo & 365 Day Updates: https://www.torrentvalid.com/SSCP-valid-braindumps-torrent.html
Free Sales Ending Soon - Use Real SSCP PDF Questions: https://drive.google.com/open?id=134Xv8l5EyXzSnf5h9emA84u7XULBSvJf