• Home
  • Articles
  • 1338 Exam Questions for SSCP Updated Versions With Test Engine [Q381-Q401]

1338 Exam Questions for SSCP Updated Versions With Test Engine [Q381-Q401]

Share

1338 Exam Questions for SSCP Updated Versions With Test Engine

Pass SSCP Exam with Updated SSCP Exam Dumps PDF 2025

NEW QUESTION # 381
Smart cards are an example of which type of control?

  • A. Administrative control
  • B. Technical control
  • C. Physical control
  • D. Detective control

Answer: B

Explanation:
Explanation/Reference:
Logical or technical controls involve the restriction of access to systems and the protection of information.
Smart cards and encryption are examples of these types of control.
Controls are put into place to reduce the risk an organization faces, and they come in three main flavors:
administrative, technical, and physical. Administrative controls are commonly referred to as "soft controls" because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting.
Many types of technical controls enable a user to access a system and the resources within that system. A technical control may be a username and password combination, a Kerberos implementation, biometrics, public key infrastructure (PKI), RADIUS, TACACS +, or authentication using a smart card through a reader connected to a system. These technologies verify the user is who he says he is by using different types of authentication methods. Once a user is properly authenticated, he can be authorized and allowed access to network resources.
Reference(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 245). McGraw-Hill. Kindle Edition.
and
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 32).


NEW QUESTION # 382
Which of the following is most appropriate to notify an external user that session monitoring is being conducted?

  • A. Written agreement
  • B. Logon Banners
  • C. Wall poster
  • D. Employee Handbook

Answer: B

Explanation:
Banners at the log-on time should be used to notify external users of any monitoring that is being conducted. A good banner will give you a better legal stand and also makes it obvious the user was warned about who should access the system and if it is an unauthorized user then he is fully aware of trespassing.
This is a tricky question, the keyword in the question is External user.
There are two possible answers based on how the question is presented, this question could either apply to internal users or ANY anonymous user.
Internal users should always have a written agreement first, then logon banners serve as a constant reminder.
Anonymous users, such as those logging into a web site, ftp server or even a mail server; their only notification system is the use of a logon banner.


NEW QUESTION # 383
What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?

  • A. Imminent risk
  • B. Residual risk
  • C. Infinite risk
  • D. Terminal risk

Answer: B


NEW QUESTION # 384
Unshielded Twisted Pair cabling is a:

  • A. four-pair wire medium that is used in a variety of networks.
  • B. three-pair wire medium that is used in a variety of networks.
  • C. two-pair wire medium that is used in a variety of networks.
  • D. one-pair wire medium that is used in a variety of networks.

Answer: A

Explanation:
Unshielded Twisted Pair cabling is a four-pair wire medium that is used in a variety of networks.


NEW QUESTION # 385
Which of the following is NOT a technical control?

  • A. Intrusion Detection Systems
  • B. Identification and authentication methods
  • C. Password and resource management
  • D. Monitoring for physical intrusion

Answer: D

Explanation:
It is considered to be a 'Physical Control'
There are three broad categories of access control: administrative, technical, and physical. Each category has different access control mechanisms that can be carried out manually or automatically. All of these access control mechanisms should work in concert with each other to protect an infrastructure and its data.
Each category of access control has several components that fall within it, a partial list is shown here. Not all controls fall into a single category, many of the controls will be in two or more categories. Below you have an example with backups where it is in all three categories:
Administrative Controls Policy and procedures
-A backup policy would be in place
Personnel controls Supervisory structure Security-awareness training Testing Physical Controls Network segregation Perimeter security Computer controls Work area separation
Data backups (actual storage of the media, i:e Offsite Storage Facility)
Cabling Technical Controls System access Network architecture Network access Encryption and protocols Control zone Auditing Backup (Actual software doing the backups)
The following answers are incorrect :
Password and resource management is considered to be a logical or technical control.
Identification and authentication methods is considered to be a logical or technical control.
Intrusion Detection Systems is considered to be a logical or technical control.
Reference : Shon Harris , AIO v3 , Chapter - 4 : Access Control , Page : 180 - 185


NEW QUESTION # 386
What are the three most important functions that Digital Signatures perform?

  • A. Integrity, Authentication and Nonrepudiation
  • B. Authorization, Authentication and Nonrepudiation
  • C. Authorization, Detection and Accountability
  • D. Integrity, Confidentiality and Authorization

Answer: A

Explanation:
Explanation/Reference:
Reference: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2.


NEW QUESTION # 387
What is the Maximum Tolerable Downtime (MTD)?

  • A. Maximum elapsed time required to move back to primary site after a major disruption
  • B. Minimum elapsed time required to complete recovery of application data
  • C. Maximum elapsed time required to complete recovery of application data
  • D. It is maximum delay businesses can tolerate and still remain viable

Answer: D

Explanation:
The Maximum Tolerable Downtime (MTD) is the maximum length of time a BUSINESS FUNCTION can endure without being restored, beyond which the BUSINESS is no longer viable NIST SAYS:
The ISCP Coordinator should analyze the supported mission/business processes and with the process owners, leadership and business managers determine the acceptable downtime if a given process or specific system data were disrupted or otherwise unavailable. Downtime can be identified in several ways.
Maximum Tolerable Downtime (MTD). The MTD represents the total amount of time the system owner/authorizing official is willing to accept for a mission/business process outage or disruption and includes all impact considerations. Determining MTD is important because it could leave contingency planners with imprecise direction on selection of an appropriate recovery method, and the depth of detail which will be required when developing recovery procedures, including their scope and content.
Other BCP and DRP terms you must be familiar with are:
Recovery Time Objective (RTO). RTO defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business processes, and the MTD. Determining the information system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD. When it is not feasible to immediately meet the RTO and the MTD is inflexible, a Plan of Action and Milestone should be initiated to document the situation and plan for its mitigation.
Recovery Point Objective (RPO). The RPO represents the point in time, prior to a disruption or system outage, to which mission/business process data can be recovered (given the most recent backup copy of the data) after an outage. Unlike RTO, RPO is not considered as part of MTD.
Rather, it is a factor of how much data loss the mission/business process can tolerate during the recovery process. Because the RTO must ensure that the MTD is not exceeded, the RTO must normally be shorter than the MTD. For example, a system outage may prevent a particular process from being completed, and because it takes time to reprocess the data, that additional processing time must be added to the RTO to stay within the time limit established by the MTD.


NEW QUESTION # 388
What is defined as the manner in which the network devices are organized to facilitate communications?

  • A. LAN transmission protocols
  • B. LAN topologies
  • C. LAN media access methods
  • D. LAN transmission methods

Answer: B

Explanation:
Explanation/Reference:
A network topology defines the manner in which the network devices are organized to facilitate communications. Common LAN technologies are:
bus
ring
star
meshed
LAN transmission methods refer to the way packets are sent on the network and are:
unicast
multicast
broadcast
LAN transmission protocols are the rules for communicating between computers on a LAN. Common LAN transmission protocols are:
CSMA/CD
polling
token-passing
LAN media access methods control the use of a network (physical and data link layers). They can be:
Ethernet
ARCnet
Token ring
FDDI
Source: KRUTZ, Ronald L & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page
105).


NEW QUESTION # 389
Which of the following usually provides reliable, real-time information without consuming network or host resources?

  • A. firewall-based IDS
  • B. network-based IDS
  • C. host-based IDS
  • D. application-based IDS

Answer: B

Explanation:
A network-based IDS usually provides reliable, real-time information without consuming network or host resources.


NEW QUESTION # 390
What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire?

  • A. Certificate revocation list
  • B. Untrusted certificate list
  • C. Certificate revocation tree
  • D. Authority revocation list

Answer: D

Explanation:
The Internet Security Glossary (RFC2828) defines the Authority Revocation List (ARL) as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire.
Do not to confuse with an ARL with a Certificate Revocation List (CRL). A certificate revocation list is a mechanism for distributing notices of certificate revocations. The question specifically mentions "issued to CAs" which makes ARL a better answer than CRL.
http://rfclibrary.hosting.com/rfc/rfc2828/rfc2828-29.asp $ certificate revocation list (CRL) (I) A data structure that enumerates digital certificates that have been invalidated by their issuer prior to when they were scheduled to expire. (See: certificate expiration, X.509 certificate revocation list.)
http://rfclibrary.hosting.com/rfc/rfc2828/rfc2828-17.asp $ authority revocation list (ARL) (I) A data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire. (See: certificate expiration, X.509 authority revocation list.) In a few words: We use CRL's for end-user cert revocation and ARL's for CA cert revocation - both can be placed in distribution points.


NEW QUESTION # 391
In what way could Java applets pose a security threat?

  • A. Their transport can interrupt the secure distribution of World Wide Web pages over the Internet by removing SSL and S-HTTP
  • B. Java interpreters do not provide the ability to limit system access that an applet could have on a client system.
  • C. Java does not check the bytecode at runtime or provide other safety mechanisms for program isolation from the client system.
  • D. Executables from the Internet may attempt an intentional attack when they are downloaded on a client system.

Answer: D

Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Topic 3, Analysis and Monitoring


NEW QUESTION # 392
A code, as is pertains to cryptography:

  • A. Deals with linguistic units.
  • B. Is specific to substitution ciphers.
  • C. Is specific to transposition ciphers.
  • D. Is a generic term for encryption.

Answer: A

Explanation:
Explanation/Reference:
Historically, a code refers to a cryptosystem that deals with linguistic units: words, phrases, sentences, and so forth. Codes are only useful for specialized circumstances where the message to transmit has an already defined equivalent ciphertext word.
Source: DUPUIS, Cl?ment, CISSP Open Study Guide on domain 5, cryptography, April 1999.


NEW QUESTION # 393
Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism?

  • A. IPsec Key exchange (IKE)
  • B. Internet Security Association and Key Management Protocol (ISAKMP)
  • C. OAKLEY
  • D. Simple Key-management for Internet Protocols (SKIP)

Answer: B

Explanation:
RFC 2828 (Internet Security Glossary) defines the Internet Security Association and Key Management Protocol (ISAKMP) as an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism.
Let's clear up some confusion here first. Internet Key Exchange (IKE) is a hybrid protocol, it consists of 3 "protocols"
ISAKMP: It's not a key exchange protocol per se, it's a framework on which key exchange protocols operate. ISAKMP is part of IKE. IKE establishs the shared security policy and authenticated keys. ISAKMP is the protocol that specifies the mechanics of the key exchange.
Oakley: Describes the "modes" of key exchange (e.g. perfect forward secrecy for keys, identity protection, and authentication). Oakley describes a series of key exchanges and services.
SKEME: Provides support for public-key-based key exchange, key distribution centres, and manual installation, it also outlines methods of secure and fast key refreshment.
So yes, IPSec does use IKE, but ISAKMP is part of IKE.
The questions did not ask for the actual key negotiation being done but only for the
"exchange of key generation and authentication data" being done. Under Oakly it would be
Diffie Hellman (DH) that would be used for the actual key nogotiation.
The following are incorrect answers:
Simple Key-management for Internet Protocols (SKIP) is a key distribution protocol that
uses hybrid encryption to convey session keys that are used to encrypt data in IP packets.
OAKLEY is a key establishment protocol (proposed for IPsec but superseded by IKE)
based on the Diffie-Hellman algorithm and designed to be a compatible component of
ISAKMP.
IPsec Key Exchange (IKE) is an Internet, IPsec, key-establishment protocol [R2409] (partly
based on OAKLEY) that is intended for putting in place authenticated keying material for
use with ISAKMP and for other security associations, such as in AH and ESP.
Reference used for this question:
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.


NEW QUESTION # 394
What does it mean to say that sensitivity labels are "incomparable"?

  • A. The number of classification in the two labels is different.
  • B. Neither label contains all the classifications of the other.
  • C. Neither label contains all the categories of the other.
  • D. the number of categories in the two labels are different.

Answer: C

Explanation:
If a category does not exist then you cannot compare it. Incomparable is
when you have two disjointed sensitivity labels, that is a category in one of the labels is not
in the other label. "Because neither label contains all the categories of the other, the labels
can't be compared. They're said to be incomparable"
COMPARABILITY:
The label:
TOP SECRET [VENUS ALPHA]
is "higher" than either of the labels:
SECRET [VENUS ALPHA] TOP SECRET [VENUS]
But you can't really say that the label:
TOP SECRET [VENUS]
is higher than the label:
SECRET [ALPHA]
Because neither label contains all the categories of the other, the labels can't be compared.
They're said to be incomparable. In a mandatory access control system, you won't be
allowed access to a file whose label is incomparable to your clearance.
The Multilevel Security policy uses an ordering relationship between labels known as the
dominance relationship. Intuitively, we think of a label that dominates another as being
"higher" than the other. Similarly, we think of a label that is dominated by another as being
"lower" than the other. The dominance relationship is used to determine permitted
operations and information flows.
DOMINANCE
The dominance relationship is determined by the ordering of the Sensitivity/Clearance
component of the label and the intersection of the set of Compartments.
Sample Sensitivity/Clearance ordering are:
Top Secret > Secret > Confidential > Unclassified
s3 > s2 > s1 > s0
Formally, for label one to dominate label 2 both of the following must be true:
The sensitivity/clearance of label one must be greater than or equal to the
sensitivity/clearance of label two.
The intersection of the compartments of label one and label two must equal the
compartments of label two.
Additionally:
Two labels are said to be equal if their sensitivity/clearance and set of compartments are
exactly equal. Note that dominance includes equality.
One label is said to strictly dominate the other if it dominates the other but is not equal to
the other.
Two labels are said to be incomparable if each label has at least one compartment that is
not included in the other's set of compartments.
The dominance relationship will produce a partial ordering over all possible MLS labels,
resulting in what is known as the MLS Security Lattice.
The following answers are incorrect:
The number of classification in the two labels is different. Is incorrect because the
categories are what is being compared, not the classifications.
Neither label contains all the classifications of the other. Is incorrect because the categories
are what is being compared, not the classifications.
the number of categories in the two labels is different. Is incorrect because it is possibe a
category exists more than once in one sensitivity label and does exist in the other so they
would be comparable.
Reference(s) used for this question:
OReilly - Computer Systems and Access Control (Chapter 3)
http://www.oreilly.com/catalog/csb/chapter/ch03.html
and
http://rubix.com/cms/mls_dom


NEW QUESTION # 395
Select three ways to deal with risk.

  • A. Mitigate
  • B. Acceptance
  • C. Avoid / Eliminate
  • D. Deny
  • E. Transfer

Answer: A,B,E


NEW QUESTION # 396
What can be described as an imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?

  • A. The reference perimeter
  • B. The security kernel
  • C. The reference monitor
  • D. The security perimeter

Answer: D

Explanation:
Explanation/Reference:
The security perimeter is the imaginary line that separates the trusted components of the kernel and the Trusted Computing Base (TCB) from those elements that are not trusted. The reference monitor is an abstract machine that mediates all accesses to objects by subjects. The security kernel can be software, firmware or hardware components in a trusted system and is the actual instantiation of the reference monitor. The reference perimeter is not defined and is a distracter.
Source: HARE, Chris, Security Architecture and Models, Area 6 CISSP Open Study Guide, January 2002.


NEW QUESTION # 397
The first step in the implementation of the contingency plan is to perform:

  • A. A firmware backup
  • B. An operating systems software backup
  • C. An application software backup
  • D. A data backup

Answer: D

Explanation:
Explanation/Reference:
A data backup is the first step in contingency planning.
Without data, there is nothing to process. "No backup, no recovery".
Backup for hardware should be taken care of next.
Formal arrangements must be made for alternate processing capability in case the need should arise.
Operating systems and application software should be taken care of afterwards.
Source: VALLABHANENI, S. Rao, CISSP Examination Textbooks, Volume 2: Practice, SRV Professional Publications, 2002, Chapter 8, Business Continuity Planning & Disaster Recovery Planning (page 506).


NEW QUESTION # 398
Which of the following is the simplest type of firewall ?

  • A. Dual-homed host firewall
  • B. Stateful packet filtering firewall
  • C. Packet filtering firewall
  • D. Application gateway

Answer: C

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
A static packet filtering firewall is the simplest and least expensive type of firewalls, offering minimum security provisions to a low-risk computing environment.
A static packet filter firewall examines both the source and destination addresses of the incoming data packet and applies ACL's to them. They operates at either the Network or Transport layer. They are known as the First generation of firewall.
Older firewalls that were only packet filters were essentially routing devices that provided access control functionality for host addresses and communication sessions. These devices, also known as stateless inspection firewalls, do not keep track of the state of each flow of traffic that passes though the firewall; this means, for example, that they cannot associate multiple requests within a single session to each other. Packet filtering is at the core of most modern firewalls, but there are few firewalls sold today that only do stateless packet filtering. Unlike more advanced filters, packet filters are not concerned about the content of packets.
Their access control functionality is governed by a set of directives referred to as a ruleset. Packet filtering capabilities are built into most operating systems and devices capable of routing; the most common example of a pure packet filtering device is a network router that employs access control lists.
There are many types of Firewall:
Application Level Firewalls - Often called a Proxy Server. It works by transferring a copy of each accepted data packet from one network to another. They are known as the Second generation of firewalls.
An application-proxy gateway is a feature of advanced firewalls that combines lower-layer access control with upper-layer functionality. These firewalls contain a proxy agent that acts as an intermediary between two hosts that wish to communicate with each other, and never allows a direct connection between them. Each successful connection attempt actually results in the creation of two separate connections-one between the client and the proxy server, and another between the proxy server and the true destination. The proxy is meant to be transparent to the two hosts-from their perspectives there is a direct connection. Because external hosts only communicate with the proxy agent, internal IP addresses are not visible to the outside world. The proxy agent interfaces directly with the firewall ruleset to determine whether a given instance of network traffic should be allowed to transit the firewall.
Stateful Inspection Firewall - Packets are captured by the inspection engine operating at the network layer and then analyzed at all layers. They are known as the Third generation of firewalls.
Stateful inspection improves on the functions of packet filters by tracking the state of connections and blocking packets that deviate from the expected state. This is accomplished by incorporating greater awareness of the transport layer. As with packet filtering, stateful inspection intercepts packets at the network layer and inspects them to see if they are permitted by an existing firewall rule, but unlike packet filtering, stateful inspection keeps track of each connection in a state table. While the details of state table entries vary by firewall product, they typically include source IP address, destination IP address, port numbers, and connection state information.
Web Application Firewalls - The HTTP protocol used in web servers has been exploited by attackers in many ways, such as to place malicious software on the computer of someone browsing the web, or to fool a person into revealing private information that they might not have otherwise. Many of these exploits can be detected by specialized application firewalls called web application firewalls that reside in front of the web server.
Web application firewalls are a relatively new technology, as compared to other firewall technologies, and the type of threats that they mitigate are still changing frequently. Because they are put in front of web servers to prevent attacks on the server, they are often considered to be very different than traditional firewalls.
Host-Based Firewalls and Personal Firewalls - Host-based firewalls for servers and personal firewalls for desktop and laptop personal computers (PC) provide an additional layer of security against network-based attacks. These firewalls are software-based, residing on the hosts they are protecting-each monitors and controls the incoming and outgoing network traffic for a single host. They can provide more granular protection than network firewalls to meet the needs of specific hosts.
Host-based firewalls are available as part of server operating systems such as Linux, Windows, Solaris, BSD, and Mac OS X Server, and they can also be installed as third-party add-ons. Configuring a host-based firewall to allow only necessary traffic to the server provides protection against malicious activity from all hosts, including those on the same subnet or on other internal subnets not separated by a network firewall. Limiting outgoing traffic from a server may also be helpful in preventing certain malware that infects a host from spreading to other hosts.11 Host-based firewalls usually perform logging, and can often be configured to perform address-based and application-based access controls Dynamic Packet Filtering - Makes informed decisions on the ACL's to apply. They are known as the Fourth generation of firewalls.
Kernel Proxy - Very specialized architecture that provides modular kernel-based, multi-layer evaluation and runs in the NT executive space. They are known as the Fifth generation of firewalls.
The following were incorrect answers:
All of the other types of firewalls listed are more complex than the Packet Filtering Firewall.
Reference(s) used for this question:
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 6th Edition, Telecommunications and Network Security, Page 630.
and
NIST Guidelines on Firewalls and Firewalls policies, Special Publication 800-4 Revision 1


NEW QUESTION # 399
Packet Filtering Firewalls can also enable access for:

  • A. only unauthorized application port or service numbers.
  • B. only authorized application port or service numbers.
  • C. only authorized application port or service integers.
  • D. only authorized application port or ex-service numbers.

Answer: B

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
Firewall rules can be used to enable access for traffic to specific ports or services. "Service numbers" is rather stilted English but you may encounter these types of wordings on the actual exam -- don't let them confuse you.
"Only unauthorized application port or service numbers" is incorrect. Unauthorized ports/services would be blocked in a properly installed firewall rather than permitting access.
"Only authorized application port or ex-service numbers" is incorrect. "Ex-service" numbers is a nonsense term meant to distract you.
"Only authorized application port or service integers." While service numbers are in fact integers, the more usual (and therefore better) answer is either service or "service number." References CBK, p. 464 AIO3, pp. 482 - 484


NEW QUESTION # 400
Which of the following does not apply to system-generated passwords?

  • A. Passwords are harder to guess for attackers.
  • B. Passwords are harder to remember for users.
  • C. If the password-generating algorithm gets to be known, the entire system is in jeopardy.
  • D. Passwords are more vulnerable to brute force and dictionary attacks.

Answer: D

Explanation:
Explanation/Reference:
Users tend to choose easier to remember passwords. System-generated passwords can provide stronger, harder to guess passwords. Since they are based on rules provided by the administrator, they can include combinations of uppercase/lowercase letters, numbers and special characters, making them less vulnerable to brute force and dictionary attacks. One danger is that they are also harder to remember for users, who will tend to write them down, making them more vulnerable to anyone having access to the user's desk. Another danger with system-generated passwords is that if the password-generating algorithm gets to be known, the entire system is in jeopardy.
Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, July 1992 (page
64).


NEW QUESTION # 401
......

SSCP Exam Dumps - Free Demo & 365 Day Updates: https://www.examslabs.com/ISC/ISCCertification/best-SSCP-exam-dumps.html

Free Sales Ending Soon - Use Real SSCP PDF Questions: https://drive.google.com/open?id=1DqxMzKrQGh8tnxnjl9R5Yq8OV-yFMIVZ

Related Articles

more
Go To SSCP Questions