[Free] New Updated (October) ISC SSCP Real Exam 21-30

Ensurepass

 

QUESTION 21

Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user’s identity which permit access to system services?

 

A.

Single Sign-On

B.

Dynamic Sign-On

C.

Smart cards

D.

Kerberos

 

Correct Answer: A

Explanation:

SSO can be implemented by using scripts that replay the users multiple log- ins against authentication servers to verify a user’s identity and to permit access to system services.

 

Single Sign on was the best answer in this case because it would include Kerberos.

 

When you have two good answers within the 4 choices presented you must select the BEST one. The high level choice is always the best. When one choice would include the other one that would be the best as well.

 

Reference(s) used for this question:

KRUTZ, Ronald L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 40.

 

 

QUESTION 22

Which of the following biometric characteristics cannot be used to uniquely authenticate an individual’s identity?

 

A.

Retina scans

B.

Iris scans

C.

Palm scans

D.

Skin scans

 

Correct Answer: D

Explanation:

The following are typical biometric characteristics that are used to uniquely authenticate an individual’s identity:

 

Fingerprints

Retina scans

Iris scans

Facial scans

Palm scans

Hand geometry

Voice

Handwritten signature dynamics

 

Source: KRUTZ, Ronald L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 39. And: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 127-131).

 

 

QUESTION 23

Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is not being used) ?

 

A.

A subject is not allowed to read up.

B.

The property restriction can be escaped by temporarily downgrading a high level subject.

C.

A subject is not allowed to read down.

D.

It is restricted to confidentiality.

 

Correct Answer: C

Explanation:

It is not a property of Bell LaPadula model.

 

The other answers are incorrect because:

 

A subject is not allowed to read up is a property of the ‘simple security rule’ of Bell LaPadula model.

The property restriction can be escaped by temporarily downgrading a high level subject can be escaped by temporarily downgrading a high level subject or by identifying a set of trusted objects which are permitted to violate the property as long as it is not in the middle of an operation.

 

It is restricted to confidentiality as it is a state machine model that enforces the confidentiality aspects of access control.

 

Reference:

Shon Harris AIO v3 , Chapter-5 : Security Models and Architecture , Page:279-282

 

 

QUESTION 24

Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?

 

A.

Using a TACACS+ server.

B.

Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall.

C.

Setting modem ring count to at least 5.

D.

Only attaching modems to non-networked hosts.

 

Correct Answer: B

Explanation:

Containing the dial-up problem is conceptually easy: by installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall, any access to internal resources through the RAS can be filtered as would any other connection coming from the Internet.

 

The use of a TACACS+ Server by itself cannot eliminate hacking.

 

Setting a modem ring count to 5 may help in defeating war-dialing hackers who look for modem by dialing long series of numbers.

 

Attaching modems only to non-networked hosts is not practical and would not prevent these hosts from being hacked.

 

Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 2: Hackers.

 

 

QUESTION 25

Which type of attack involves impersonating a user or a system?

 

A.

Smurfing attack

B.

Spoofing attack

C.

Spamming attack

D.

Sniffing attack

 

Correct Answer: B

Explanation:

A spoofing attack is when an attempt is made to gain access to a computer system by posing as an authorized user or system. Spamming refers to sending out or posting junk advertising and unsolicited mail. A smurf attack is a type of denial-of-service attack using PING and a spoofed address. Sniffing refers to observing packets passing on a network.

Source: KRUTZ, Ronald L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 77).

 

 

QUESTION 26

Which of the following statements pertaining to Kerberos is false?

 

A.

The Key Distribution Center represents a single point of failure.

B.

Kerberos manages access permissions.

C.

Kerberos uses a database to keep a copy of all users’ public keys.

D.

Kerberos uses symmetric key cryptography.

 

Correct Answer: C

Explanation:

Kerberos is a trusted, credential-based, third-party authentication protocol that uses symmetric (secret) key cryptography to provide robust authentication to clients accessing services on a network.

 

One weakness of Kerberos is its Key Distribution Center (KDC), which represents a single point of failure.

The KDC contains a database that holds a copy of all of the symmetric/secret keys for the principals.

 

Reference(s) used for this
question:

KRUTZ, Ronald L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page40).

 

 

QUESTION 27

Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used for Authentication. When one of these item listed above in conjunction with a second factor to validate authentication, it provides robust authentication of the individual by practicing which of the following?

 

A.

Multi-party authentication

B.

Two-factor authentication

C.

Mandatory authentication

D.

Discretionary authentication

 

Correct Answer: B

Explanation:

Once an identity is established it must be authenticated. There exist numerous technologies and implementation of authentication methods however they almost all fall under three major areas.

 

There are three fundamental types of authentication:

 

Authentication by knowledge–something a person knows Authentication by possession–something a person has Authentication by characteristic–something a person is Logical controls related to these types are called “factors.”

 

Something you know can be a password or PIN, something you have can be a token fob or smart card, and something you are is usually some form of biometrics.

 

Single-factor authentication is the employment of one of these factors, two-factor authentication is using two of the three factors, and three-factor authentication is the combination of all three factors.

 

The general term for the use of more than one factor during authentication is multifactor authentication or strong authentication.

 

Reference(s) used for this question:

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 2367-2379). Auerbach Publications. Kindle Edition.

 

 

QUESTION 28

The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following?

 

A.

clipping level

B.

acceptance level

C.

forgiveness level

D.

logging level

 

Correct Answer: A

Explanation:

The correct answer is “clipping level”. This is the point at which a system decides to take some sort of action when an action repeats a preset number of times. That action may be to log the activity, lock a user account, temporarily close a port, etc.

 

Example: The most classic example of a clipping level is failed login attempts. If you have a system configured to lock a user’s account after three failed login attemts, that is the “clipping level”.

 

The other answers are not correct because:

 

Acceptance level, forgiveness level, and logging level are nonsensical terms that do not exist (to my knowledge) within network security.

 

Reference:

Official ISC2 Guide – The term “clipping level” is not in the glossary or index of that book. I cannot find it in the text either. However, I’m quite certain that it would be considered part of the CBK, despite its exclusion from the Official Guide.

 

All in One Third Edition page: 136 – 137

 

 

QUESTION 29

Controls to keep password sniffing attacks from compromising computer systems include which of the following?

 

A.

static and recurring passwords.

B.

encryption and recurring passwords.

C.

one-time passwords and encryption.

D.

static and one-time passwords.

 

Correct Answer: C

Explanation:

To minimize the chance of passwords being captured one-time passwords would prevent a password sniffing attack because once used it is no longer valid. Encryption will also minimize these types of attacks.

 

The following answers are correct:

 

static and recurring passwords. This is incorrect because if there is no encryption then someone password sniffing would be able to capture the password much easier if it never changed.

 

encryption and recurring passwords. This is incorrect because while encryption helps, recurring passwords do nothing to minimize the risk of passwords being captured.

 

static and one-time passwords. This is incorrect because while one-time passwords will prevent these types of attacks, static passwords do nothing to minimize the risk of passwords being captured.

 

 

QUESTION 30

In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on:

 

A.

The societies role in the organization

B.

The individual’s role in the organization

C.

The group-dynamics as they relate to the individual’s role in the organization

D.

The group-dynamics as they relate to the master-slave role in the organization

 

Correct Answer: B

Explanation:

In Non-Discretionary Access Control, when Role Based Access Control is being used, a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on the individual’s role in the organization.

 

Reference(S) used for this question:

KRUTZ, Ronald L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.

Free VCE & PDF File for ISC SSCP Real Exam

Instant Access to Free VCE Files: ISC | ISC | SAP …
Instant Access to Free PDF Files: ISC | ISC | SAP …

This entry was posted in Uncategorized and tagged , , , , , , . Bookmark the permalink.