[Free] New Updated (October) ISC SSCP Real Exam 11-20

Ensurepass

 

 

QUESTION 11

The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following?

 

A.

clipping level

B.

acceptance level

C.

forgiveness level

D.

logging level

 

Correct Answer: A

Explanation:

The correct answer is “clipping level”. This is the point at which a system decides to take some sort
of action when an action repeats a preset number of times. That action may be to log the activity, lock a user account, temporarily close a port, etc.

Example:

The most classic example of a clipping level is failed login attempts. If you have a system configured to lock a user’s account after three failed login attemts, that is the “clipping level”.

 

The other answers are not correct because:

 

Acceptance level, forgiveness level, and logging level are nonsensical terms that do not exist (to my knowledge) within network security.

 

Reference:

Official ISC2 Guide – The term “clipping level” is not in the glossary or index of that book. I cannot find it in the text either. However, I’m quite certain that it would be considered part of the CBK, despite its exclusion from the Official Guide.

 

All in One Third Edition page: 136 – 137

 

 

QUESTION 12

Which one of the following factors is NOT one on which Authentication is based?

 

A.

Type 1. Something you know, such as a PIN or password

B.

Type 2. Something you have, such as an ATM card or smart card

C.

Type 3. Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan

D.

Type 4. Something you are, such as a system administrator or security administrator

 

Correct Answer: D

Explanation:

Authentication is based on the following three factor types:

 

Type 1. Something you know, such as a PIN or password Type 2. Something you have, such as an ATM card or smart card Type 3. Something you are (Unique physical characteristic), such as a fingerprint or retina scan

 

Source: KRUTZ, Ronald L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36. Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 132-133).

 

 

QUESTION 13

Which access control model was proposed for enforcing access control in government and military applications?

 

A.

Bell-LaPadula model

B.

Biba model

C.

Sutherland model

D.

Brewer-Nash model

 

Correct Answer: A

Explanation:

The Bell-LaPadula model, mostly concerned with confidentiality, was proposed for enforcing access control in government and military applications. It supports mandatory access control by determining the access rights from the security levels associated with subjects and objects. It also supports discretionary access control by checking access rights from an access matrix. The Biba model, introduced in 1977, the Sutherland model, published in 1986, and the Brewer-Nash model, published in 1989, are concerned with integrity.

Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology (page 11).

 

 

QUESTION 14

Single Sign-on (SSO) is characterized by which of the following advantages?

 

A.

Convenience

B.

Convenience and centralized administration

C.

Convenience and centralized data administration

D.

Convenience and centralized network administration

 

Correct Answer: B

Explanation:

Convenience -Using single sign-on users have to type their passwords only once when they first log in to access all the network resources; and Centralized Administration as some single sign-on systems are built around a unified server administration system. This allows a single administrator to add and delete accounts across the entire network from one user interface.

 

The following answers are incorrect:

 

Convenience – alone this is not the correct answer.

 

Centralized Data or Network Administration – these are thrown in to mislead the student. Neither are a benefit to SSO, as these specifically should not be allowed with just an SSO.

 

References:

TIPTON, Harold F.& KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, page 35.

TIPTON, Harold F.& HENRY, Kevin, Official (ISC)2 Guide to the CISSP CBK, 2007, page 180.

 

 

QUESTION 15

Which of the following choices describe a Challenge-response tokens generation?

 

A.

A workstation or system that generates a random challenge string that the user enters into the token when prompted along with the proper PIN.

B.

A workstation or system that generates a random login id that the user enters when prompted along with the proper PIN.

C.

A special hardware device that is used to generate ramdom text in a cryptography system.

D.

The authentication mechanism in the workstation or system does not determine if the owner should be authenticated.

 

Correct Answer: A

Explanation:

Challenge-response tokens are:

 

clip_image002A workstation or system generates a random challenge string and the owner enters the string into the token along with the proper PIN.

clip_image002[1]The token generates a response that is then entered into the workstation or system.

clip_image002[2]The authentication mechanism in the workstation or system then determines if the owner should be authenticated.

 

Source: KRUTZ, Ronald L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 136-137).

 

 

QUESTION 16

What is a common problem when using vibration detection devices for perimeter control?

 

A.

They are vulnerable to non-adversarial disturbances.

B.

They can be defeated by electronic means.

C.

Signal amplitude is affected by weather conditions.

D.

They must be buried below the frost line.

 

Correct Answer: A

Explanation:

Vibration sensors are similar and are also implemented to detect forced entry. Financial institutions may choose to implement these types of sensors on exterior walls, where bank robbers may attempt to drive a vehicle through. They are also commonly used around the ceiling and flooring of vaults to detect someone trying to make an unauthorized bank withdrawal.

 

Such sensors are proned to false positive. If there is a large truck with heavy equipment driving by it may trigger the sensor. The same with a storm with thunder and lighting, it may trigger the alarm even thou there are no adversarial threat or disturbance.

 

The following are incorrect answers:

 

All of the other choices are incorrect.

 

Reference used for this question:

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (pp. 495-496). McGraw-Hill . Kindle Edition.

 

 

QUESTION 17

What is the difference between Access Control Lists (ACLs) and Capability Tables?

 

A.

Access control lists are related/attached to a subject whereas capability tables are related/attached to an object.

B.

Access control lists are related/attached to an object whereas capability tables are related/attached to a subject.

C.

Capability tables are used for objects whereas access control lists are used for users.

D.

They are basically the same.

 

Correct Answer: B

Explanation:

Capability tables are used to track, manage and apply controls based on the object and rights, or capabilities of a subject. For example, a table identifies the object, specifies access rights allowed for a subject, and permits access based on the user’s posession of a capability (or ticket) for the object. It is a row within the matrix.

 

To put it another way, A capabiltiy table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL.

 

CLEMENT NOTE:

 

If we wish to express this very simply:

 

Capabilities are attached to a subject and it describe what access the subject has to each of the objects on the row that matches with the subject within the matrix. It is a row within the matrix.

ACL’s are attached to objects, it describe who has access to the object and what type of access they have. It is a column within the matrix.

 

The following are incorrect answers:

 

“Access control lists are subject-based whereas capability tables are object-based” is incorrect.

“Capability tables are used for objects whereas access control lists are used for users” is incorrect.

“They are basically the same” is incorrect.

 

References used for this question:

 

CBK, pp. 191 – 192

AIO3 p. 169

 

 

QUESTION 18

What is considered the most important type of error to avoid for a biometric access control system?

 

A.

Type I Error

B.

Type II Error

C.

Combined Error Rate

D.

Crossover Error Rate

 

Correct Answer: B

Explanation:

When a biometric system is used for access control, the most important error is the false accept or false acceptance rate, or Type II error, where the system would accept an impostor.

 

A Type I error is known as the false reject or false rejection rate and is not as important in the security context as a type II error rate. A type one is when a valid company employee is rejected by the system and he cannot get access even thou it is a valid user.

 

The Crossover Error Rate (CER) is the point at which the false rejection rate equals the false acceptance rate if your would create a graph of Type I and Type II errors. The lower the CER the better the device would be.

 

The Combined Error Rate is a distracter and does not exist.

Source: TIPTON, Harold F.& KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 1, Biometric Identification (page 10).

 

 

QUESTION 19

In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on physical attributes of a person. This raised the necessity of answering 2 questions :

 

A.

what was the sex of a person and his age

B.

what part of body to be used and how to accomplish identification that is viable

C.

what was the age of a person and his income level

D.

what was the tone of the voice of a person and his habits

 

Correct Answer: B

Explanation:

Today implementation of fast, accurate reliable and user-acceptable biometric identification systems is already taking place. Unique physical attributes or behavior of a person are used for that purpose.

 

From: TIPTON, Harold F.& KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, Page 7.

 

 

QUESTION 20

Which of the following can be defined as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences?

 

A.

Extensible Authentication Protocol

B.

Challenge Handshake Authentication Protocol

C.

Remote Authentication Dial-In User Service

D.

Multilevel Authentication Protocol.

 

Correct Answer: A

Explanation:

RFC 2828 (Internet Security Glossary) defines the Extensible Authentication Protocol as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences. It is intended for use primarily by a host or router that connects to a PPP network server via switched circuits or dial-up lines. The Remote Authentication Dial-In User Service (RADIUS) is defined as an Internet protocol for carrying dial-in user’s authentication information and configuration information between a shared, centralized authentication server and a network access server that needs to authenticate the users of its network access ports. The other option is a distracter.

Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

Free VCE & PDF File for
ISC SSCP Real Exam


Instant Access to Free VCE Files: ISC | ISC | SAP …
Instant Access to Free PDF Files: ISC | ISC | SAP …

This entry was posted in SSCP Real Exam (October) and tagged , , , , , , . Bookmark the permalink.