[Free] New Updated (October) ISC SSCP Real Exam 191-200

Ensurepass

 

QUESTION 191

What can be defined as a list of subjects along with their access rights that are authorized to access a specific object?

 

A.

A capability table

B.

An access control list

C.

An access control matrix

D.

A role-based matrix

 

Correct Answer: B

Explanation:

“It [ACL] specifies a list of users [subjects] who are allowed access to each object” CBK, p. 188

 

A capability table is incorrect. “Capability tables are used to track, manage and apply controls based on the object and rights, or capabilities of a subject. For example, a table identifies the object, specifies access rights allowed for a subject, and permits access based on the user’s posession of a capability (or ticket) for the object.” CBK, pp. 191-192. The distinction that makes this an incorrect choice is that access is based on posession of a capability by the subject.

 

To put it another way, as noted in AIO3 on p. 169, “A capabiltiy table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL.”

 

An access control matrix is incorrect. The access control matrix is a way of describing the rules for an access control strategy. The matrix lists the users, groups and roles down the left side and the resources and functions across the top. The cells of the matrix can either indicate that access is allowed or indicate the type of access. CBK pp 317 – 318.

 

AIO3, p. 169 describes it as a table if subjects and objects specifying the access rights a certain subject possesses pertaining to specific objects.

 

In either case, the matrix is a way of analyzing the access control needed by a population of subjects to a population of objects. This access control can be applied using rules, ACL’s, capability tables, etc.

 

A role-based matrix is incorrect. Again, a matrix of roles vs objects could be used as a tool for thinking about the access control to be applied to a set of objects. The results of the analysis could then be implemented using RBAC.

 

References:

CBK, Domain 2: Access Control.

AIO3, Chapter 4: Access Control

 

 

QUESTION 192

Which of the following is needed for System Accountability?


 

A.

Audit mechanisms.

B.

Documented design as laid out in the Common Criteria.

C.

Authorization.

D.

Formal verification of system design.

 

Correct Answer: A

Explanation:

Is a means of being able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed.

 

Accountability is the ability to identify users and to be able to track user actions.

 

The following answers are incorrect:

 

Documented design as laid out in the Common Criteria. Is incorrect because the Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability.

 

Authorization. Is incorrect because Authorization is granting access to subjects, just because you have authorization does not hold the subject accountable for their actions.

 

Formal verification of system design. Is incorrect because all you have done is to verify the system design and have not taken any steps toward system accountability.

 

References:

OIG CBK Glossary (page 778)

 

 

QUESTION 193

In which of the following security models is the subject’s clearance compared to the object’s classification such that specific rules can be applied to control how the subject-to-object interactions take place?

 

A.

Bell-LaPadula model

B.

Biba model

C.

Access Matrix model

D.

Take-Grant model

 

Correct Answer: A

Explanation:

The Bell-LAPadula model is also called a multilevel security system because users with different clearances use the system and the system processes data with different classifications. Developed by the US Military in the 1970s.

 

A security model maps the abstract goals of the policy to information system terms by specifying explicit data structures and techniques necessary to enforce the security policy. A security model is usually represented in mathematics and analytical ideas, which are mapped to system specifications and then developed by programmers through programming code. So we have a policy that encompasses security goals, such as “each subject must be authenticated and authorized before accessing an object.” The security model takes this requirement and provides the necessary mathematical formulas, relationships, and logic structure to be followed to accomplish this goal.

 

A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels. The level at which information is classified determines the handling procedures that should be used. The Bell-LaPadula model is a state machine model that enforces the confidentiality aspects of access control. A matrix and security levels are used to determine if subjects can access different objects. The subject’s clearance is compared to the object’s classification and then specific rules are applied to control how subject-to-object subject-to-object interactions can take place.

 

Reference(s) used for this question:

Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 369). McGraw- Hill. Kindle Edition.

 

 

QUESTION
194

Which of the following control pairing places emphasis on “soft” mechanisms that support the access control objectives?

 

A.

Preventive/Technical Pairing

B.

Preventive/Administrative Pairing

C.

Preventive/Physical Pairing

D.

Detective/Administrative Pairing

 

Correct Answer: B

Explanation:

Soft Control is another way of referring to Administrative control.

 

Technical and Physical controls are NOT soft control, so any choice listing them was not the best answer.

 

Preventative/Technical is incorrect because although access control can be technical control, it is commonly not referred to as a “soft” control

 

Preventative/Administrative is correct because access controls are preventative in nature. it is always best to prevent a negative event, however there are times where controls might fail and you cannot prevent everything. Administrative controls are roles, responsibilities, policies, etc which are usually paper based. In the administrative category you would find audit, monitoring, and security awareness as well.

 

Preventative/Physical pairing is incorrect because Access controls with an emphasis on “soft” mechanisms conflict with the basic concept of physical controls, physical controls are usually tangible objects such as fences, gates, door locks, sensors, etc…

 

Detective/Administrative Pairing is incorrect because access control is a preventative control used to control access, not to detect violations to access.

 

Source: KRUTZ, Ronald L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.

 

 

QUESTION 195

When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED?

 

A.

Type I error

B.

Type II error

C.

Type III error

D.

Crossover error

 

Correct Answer: B

Explanation:

When the biometric system accepts impostors who should have been rejected , it is called a Type II error or False Acceptance Rate or False Accept Rate.

 

Biometrics verifies an individual’s identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of verifying identification.

 

Biometrics is a very sophisticated technology; thus, it is much more expensive and complex than the other types of identity verification processes. A biometric system can make authentication decisions based on an individual’s behavior, as in signature dynamics, but these can change over time and possibly be forged.

 

Biometric systems that base authentication decisions on physical attributes (iris, retina, fingerprint) provide more accuracy, because physical attributes typically don’t change much, absent some disfiguring injury, and are harder to impersonate.

 

When a biometric system rejects an authorized individual, it is called a Type I error (False Rejection Rate (FRR) or False Reject Rate (FRR)).

 

When the system accepts impostors who should be rejected, it is called a Type II error (False Acceptance Rate (FAR) or False Accept Rate (FAR)). Type II errors are the most dangerous and thus the most important to avoid.

 

The goal is to obtain low numbers for each type of error, but When comparing different biometric systems, many different variables are used, but one of the most important metrics is the crossover error rate (CER).

 

The accuracy of any biometric method is measured in terms of Failed Acceptance Rate (FAR) and Failed Rejection Rate (FRR). Both are expressed as percentages. The FAR is the rate at which attempts by unauthorized users are incorrectly accepted as valid. The FRR is just the opposite. It measures the rate at which authorized users are denied access.

 

The relationship between FRR (Type I) and FAR (Type II) is depicted in the graphic below . As one rate increases, the other decreases. The Cross-over Error Rate (CER) is sometimes considered a good indicator of the overall accuracy of a biometric system. This is the point at which the FRR and the FAR have the same value. Solutions with a lower CER are typically more accurate.

 

See graphic below from Biometria showing this relationship. The Cross-over Error Rate (CER) is also called the Equal Error Rate (EER), the two are synonymous.

 

clip_image001

 

Cross Over Error Rate

 

The other answers are incorrect:

 

Type I error is also called as False Rejection Rate where a valid user is rejected by the system.

Type III error : there is no such error type in biometric system.

 

Crossover error rate stated in percentage , represents the point at which false rejection equals the false acceptance rate.< /span>

 

Reference(s) used for this question:

 

http://www.biometria.sk/en/principles-of-biometrics.html

Shon Harris, CISSP All In One (AIO), 6th Edition , Chapter 3, Access Control, Page 188-

Tech Republic, Reduce Multi_Factor Authentication Cost

 

 

QUESTION 196

How should a doorway of a manned facility with automatic locks be configured?

 

A.

It should be configured to be fail-secure.

B.

It should be configured to be fail-safe.

C.

It should have a door delay cipher lock.

D.

It should not allow piggybacking.

 

Correct Answer: B

Explanation:

Access controls are meant to protect facilities and computers as well as people.

 

In some situations, the objectives of physical access controls and the protection of people’s lives may come into conflict. In theses situations, a person’s life always takes precedence.

 

Many physical security controls make entry into and out of a facility hard, if not impossible. However, special consideration needs to be taken when this could affect lives. In an information processing facility, different types of locks can be used and piggybacking should be prevented, but the issue here with automatic locks is that they can either be configured as fail-safe or fail-secure.

 

Since there should only be one access door to an information processing facility, the automatic lock to the only door to a man-operated room must be configured to allow people out in case of emergency, hence to be fail-safe (sometimes called fail-open), meaning that upon fire alarm activation or electric power failure, the locking device unlocks. This is because the solenoid that maintains power to the lock to keep it in a locked state fails and thus opens or unlocks the electronic lock.

 

Fail Secure works just the other way. The lock device is in a locked or secure state with no power applied. Upon authorized entry, a solinoid unlocks the lock temporarily. Thus in a Fail Secure lock, loss of power of fire alarm activation causes the lock to remain in a secure mode.

 

Reference(s) used for this question:

 

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 451). McGraw- Hill. Kindle Edition.

And Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 20249-20251). Auerbach Publications. Kindle Edition.

 

 

QUESTION 197

Which access control model provides upper and lower bounds of access capabilities for a subject?

 

A.

Role-based access control

B.

Lattice-based access control

C.

Biba access control

D.

Content-dependent access control

 

Correct Answer: B

Explanation:

In the lattice model, users are assigned security clearences and the data is classified. Access decisions are made based on the clearence of the user and the classification of the object. Lattice-based access control is an essential ingredient of formal security models such as B
ell-LaPadula, Biba, Chinese Wall, etc.

 

The bounds concept comes from the formal definition of a lattice as a “partially ordered set for which every pair of elements has a greatest lower bound and a least upper bound.” To see the application, consider a file classified as “SECRET” and a user Joe with a security clearence of “TOP SECRET.” Under Bell-LaPadula, Joe’s “least upper bound” access to the file is “READ” and his least lower bound is “NO WRITE” (star property).

 

Role-based access control is incorrect. Under RBAC, the access is controlled by the permissions assigned to a role and the specific role assigned to the user.

 

Biba access control is incorrect. The Biba integrity model is based on a lattice structure but the context of the question disqualiifes it as the best answer.

 

Content-dependent access control is incorrect. In content dependent access control, the actual content of the information determines access as enforced by the arbiter.

 

References:

CBK, pp. 324-325.

AIO3, pp. 291-293. See aprticularly Figure 5-19 on p. 293 for an illustration of bounds in action.

 

 

QUESTION 198

Which of the following access control models is based on sensitivity labels?

 

A.

Discretionary access control

B.

Mandatory access control

C.

Rule-based access control

D.

Role-based access control

 

Correct Answer: B

Explanation:

Access decisions are made based on the clearance of the subject and the sensitivity label of the object.

 

Example: Eve has a “Secret” security clearance and is able to access the “Mugwump Missile Design Profile” because its sensitivity label is “Secret.” She is denied access to the “Presidential Toilet Tissue Formula” because its sensitivity label is “Top Secret.”

 

The other answers are not correct because:

 

Discretionary Access Control is incorrect because in DAC access to data is determined by the data owner. For example, Joe owns the “Secret Chili Recipe” and grants read access to Charles.

 

Role Based Access Control is incorrect because in RBAC access decsions are made based on the role held by the user. For example, Jane has the role “Auditor” and that role includes read permission on the “System Audit Log
.”

 

Rule Based Access Control is incorrect because it is a form of MAC. A good example would be a Firewall where rules are defined and apply to anyone connecting through the firewall.

 

References:

All in One third edition, page 164.

Official ISC2 Guide page 187.

 

 

QUESTION 199

Which authentication technique best protects against hijacking?

 

A.

Static authentication

B.

Continuous authentication

C.

Robust authentication

D.

< /td>

Strong authentication

 

Correct Answer: B

Explanation:

A continuous authentication provides protection against impostors who can see, alter, and insert information passed between the claimant and verifier even after the claimant/verifier authentication is complete. This is the best protection against hijacking. Static authentication is the type of authentication provided by traditional password schemes and the strength of the authentication is highly dependent on the difficulty of guessing passwords. The robust authentication mechanism relies on dynamic authentication data that changes with each authenticated session between a claimant and a verifier, and it does not protect against hijacking. Strong authentication refers to a two-factor authentication (like something a user knows and something a user is).

Source: TIPTON, Harold F.& KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 3: Secured Connections to External Networks (page 51).

 

 

QUESTION 200

For maximum security design, what type of fence is most effective and cost-effective method (Foot are being used as measurement unit below)?

 

A.

3′ to 4′ high

B.

6′ to 7′ high

C.

8′ high and above with strands of barbed wire

D.

Double fencing

 

Correct Answer: D

Explanation:

The most commonly used fence is the chain linked fence and it is the most affordable. The standard is a six-foot high fence with two-inch mesh square openings. The material should consist of nine-gauge vinyl or galvanized metal. Nine-gauge is a typical fence material installed in residential areas.

 

Additionally, it is recommended to place barbed wire strands angled out from the top of the fence at a 45?angle and away from the protected area with three strands running across the top. This will provide for a seven-foot fence. There are several variations of the use of “top guards” using V-shaped barbed wire or the use of concertina wire as an enhancement, which has been a replacement for more traditional three strand barbed wire “top guards.”

 

The fence should be fastened to ridged metal posts set in concrete every six feet with additional bracing at the corners and gate openings. The bottom of the fence should be stabilized against intruders crawling under by attaching posts along the bottom to keep the fence from being pushed or pulled up from the bottom. If the soil is sandy, the bottom edge of the fence should be installed below ground level.

 

For maximum security design, the use of double fencing with rolls of concertina wire positioned between the two fences is the most effective deterrent and cost-efficient method. In this design, an intruder is required to use an extensive array of ladders and equipment to breach the fences.

 

Most fencing is largely a psychological deterrent and a boundary marker rather than a barrier, because in most cases such fences can be rather easily penetrated unless added security measures are taken to enhance the security of the fence. Sensors attached to the fence to provide electronic monitoring of cutting or scaling the fence can be used.

 

Reference(s) used for this question:

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 24416-24431). Auerbach Publications. Kindle Edition.

Free VCE & PDF File for ISC SSCP Real Exam

Instant Access to Free VCE Files: ISC | ISC | SAP …
Instant Access to Free PDF Files: ISC | ISC | SAP …

This entry was posted in SSCP Real Exam (October) and tagged , , , , , , . Bookmark the permalink.