[Free] New Updated (October) ISC SSCP Real Exam 531-540

Ensurepass

 

QUESTION 531

Which of the following tape formats can be used to backup data systems in addition to its original intended audio uses?

 

A.

Digital Video Tape (DVT).

B.

Digital Analog Tape (DAT).

C.

Digital Voice Tape (DVT).

D.

Digital Audio Tape (DAT).

 

Correct Answer: D

Explanation:

Digital Audio Tape (DAT) can be used to backup data systems in addition to its original intended audio uses.

Source: KRUTZ, Ronald L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 70.

 

 

QUESTION 532

Out of the steps listed below, which one is not one of the steps conducted during the Business Impact Analysis (BIA)?

 

A.

Alternate site selection

B.

Create data-gathering techniques

C.

Identify the company’s critical business functions

D.

Select individuals to interview for data gathering

 

Correct Answer: A

Explanation:

Selecting and Alternate Site would not be done within the initial BIA. It would be done at a later stage of the BCP and DRP recovery effort. All of the other choices were steps that would be conducted during the BIA. See below the list of steps that would be done during the BIA.

 

A BIA (business impact analysis ) is considered a functional analysis, in which a team collects data through interviews and documentary sources; documents business functions, activities, and transactions ; develops a hierarchy of business functions; and finally applies a classification scheme to indicate each individual function’s criticality level.

 

BIA Steps

1. Select individuals to interview for data gathering.

2. Create data-gathering techniques (surveys, questionnaires, qualitative and quantitative approaches).

3. Identify the company’s critical business functions.

4. Identify the resources these functions depend upon.

5. Calculate how long these functions can survive without these resources.

6. Identify vulnerabilities and threats to these functions.

7. Calculate the risk for each different business function.

8. Document findings and report them to management.

 

Reference(s) used for this question:

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 905-909). McGraw-Hill. Kindle Edition.

 

 

QUESTION 533

Risk mitigation and risk reduction controls for providing information security are classified within three main categories, which of the following are being used?

 

A.

preventive, corrective, and administrative

B.

detective, corrective, and physical

C.

Physical, technical, and administrative

D.

Administrative, operational, and logical

 

Correct Answer: C

Explanation:

Security is generally defined as the freedom from danger or as the condition of safety. Computer security, specifically, is the protection of data in a system against unauthorized disclosure, modification, or destruction and protection of the computer system itself against unauthorized use, modification, or denial of service. Because certain computer security controls inhibit productivity, security is typically a compromise toward which security practitioners, system users, and system operations and administrative personnel work to achieve a satisfactory balance between security and productivity.

 

Controls for providing information security can be physical, technical, or administrative. These three categories of controls can be further classified as either preventive or detective. Preventive controls attempt to avoid the occurrence of unwanted events, whereas detective controls attempt to identify unwanted events after they have occurred. Preventive controls inhibit the free use of computing resources and therefore can be applied only to the degree that the users are willing to accept. Effective security awareness programs can help increase users’ level of tolerance for preventive controls by helping them understand how such controls enable them to trust thei
r computing systems. Common detective controls include audit trails, intrusion detection methods, and checksums.

 

Three other types of controls supplement preventive and detective controls. They are usually described as deterrent, corrective, and recovery.

 

Deterrent controls are intended to discourage individuals from intentionally violating information security policies or procedures. These usually take the form of constraints that make it difficult or undesirable to perform unauthorized activities or threats of consequences that influence a potential intruder to not violate security (e.g., threats ranging from embarrassment to severe punishment).

Corrective controls either remedy the circumstances that allowed the unauthorized activity or return conditions to what they were before the violation. Execution of corrective controls could result in changes to existing physical, technical, and administrative controls. Recovery controls restore lost computing resources or capabilities and help the organization recover monetary losses caused by a security violation.

 

Deterrent, corrective, and recovery controls are considered to be special cases within the major categories of physical, technical, and administrative controls; they do not clearly belong in either preventive or detective categories. For example, it could be argued that deterrence is a form of prevention because it can cause an intruder to turn away; however, deterrence also involves detecting violations, which may be what the intruder fears most. Corrective controls, on the other hand, are not preventive or detective, but they are clearly linked with technical controls when antiviral software eradicates a virus or with administrative controls when backup procedures enable restoring a damaged data base. Finally, recovery controls are neither preventive nor detective but are included in administrative controls as disaster recovery or contingency plans.

 

Reference(s) used for this question:

Handbook of Information Security Management, Hal Tipton

 

 

QUESTION 534

Which of the following is the most critical item from a disaster recovery point of view?

 

A.

Data

B.

Hardware/Software

C.

Communication Links

D.

Software Applications

 

Correct Answer: A

Explanation:

The most important point is ALWAYS the data. Everything else can be replaced or repaired.

 

Data MUST be backed up, backups must be regularly tested, because once it is truly lost, it is lost forever.

 

The goal of disaster recovery is to minimize the effects of a disaster or disruption. It means taking the necessary steps to ensure that the resources, personnel, and business processes are able to resume operation in a timely manner . This is different from continuity planning, which provides methods and procedures for dealing with longer-term outages and disasters.

 

The goal of a disaster recovery plan is to handle the disaster and its ramifications right after the disaster hits; the disaster recovery plan is usually very information technology (IT)?focused. A disaster recovery plan (DRP) is carried out when everything is still in emergency mode, and everyone is scrambling to get all critical systems back online.

 

Reference(s) used for this question:

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 887). McGraw- Hill. Kindle Edition.

And Veritas eLearning CD – Introducing Disaster Recovery Planning, Chapter 1.

 

 

QUESTION 535

Which of the following is NOT a common backup method?

 

A.

Full backup method

B.

Daily backup method

C.

Incremental backup method

D.

Differential backup method

 

Correct Answer: B

Explanation:

A daily backup is not a backup method, but defines periodicity at which backups are made. There can be daily full, incremental or differential backups.

Source: KRUTZ, Ronald L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 69).

 

 

QUESTION 536

The IP header contains a protocol field. If this field contains the value of 51, what type of data is contained within the ip datagram?

 

A.

Transmission Control Protocol (TCP)

B.

Authentication Header (AH)

C.

User datagram protocol (UDP)

D.

Internet Control Message Protocol (ICMP)

 

Correct Answer: B

Explanation:

TCP has the value of 6

UDP has the value of 17

ICMP has the value of 1

 

Reference:

SANS http://www.sans.org/resources/tcpip.pdf?ref=3871

 

 

QUESTION 537

Which of the following backup sites is the most effective for disaster recovery?

 

A.

Time brokers

B.

Hot sites

C.

Cold sites

D.

Reciprocal Agreement

 

Correct Answer: B

Explanation:

A hot site has the equipment, software and communications capabilities to facilitate a recovery within a few minutes or hours following the notification of a disaster to the organization’s primary site. With the exception of providing your own hot site, commercial hot sites provide the greatest protection. Most will allow you up to six weeks to restore your sites if you declare a disaster. They also permit an annual amount of time to test the Disaster Plan.

 

The following answers are incorrect:

 

Cold sites. Cold sites are empty computer rooms consisting only of environmental systems, such as air conditioning and raised floors, etc. They do not meet the requirements of most regulators and boards of directors that the disaster plan be tested at least annually.

 

Reciprocal Agreement. Reciprocal agreements are not contracts and cannot be enforced. You cannot force someone you have such an agreement with to provide processing to you.

 

Government regulators do not accept reciprocal agreements as valid disaster recovery backup sites.

 

Time Brokers. Time Brokers promise to deliver processing time on other systems. They charge a fee, but cannot guaranty that processing will always be available, especially in areas that experienced multiple disasters.

 

The following reference(s) were/was used to create this question:

 

ISC2 OIG, 2007 p368

Shon Harris AIO v3. p.710

 

 

QUESTION 538

What is the PRIMARY reason to maintain the chain of custody on evidence that has been collected?

 

A.

To ensure that no evidence is lost.

B.

To ensure that all possible evidence is gathered.

C.

To ensure that it will be admissible in court

D.

To ensure that incidents were handled with due care and due diligence.

 

Correct Answer: C

Explanation:

This is the PRIMARY reason for the chain of custody of evidence. Evidence must be controlled every step of the way. If it is not, the evidence can be tampered with and ruled inadmissable. The Chain of Custody will include a detailed record of:

 

Who obtained the evidence

What was the evidence

Where and when the evidence was obtained

Who secured the evidence

Who had control or possession of the evidence

 

The following answers are incorrect because :

 

To ensure that no evidence is lost is incorrect as it is not the PRIMARY reason.

To ensure that all possible evidence is gathered is also incorrect as it is not the PRIMARY reason.

To ensure that incidents were handled with due care and due diligence is also incorrect as it is also not the PRIMARY reason.

 

The chain of custody is a history that shows how evidence was collected, analyzed, transported, and preserved in order to establish that it is sufficiently trustworthy to be presented as evidence in court. Because electronic evidence can be easily modified, a clearly defined chain of custody demonstrates that the evidence is trustworthy which would make it admissible in court.

 

Reference:

Shon Harris AIO v3 , Chapter-10: Law, Investigation, and Ethics , Page: 727

 

 

QUESTION 539

Which backup method copies only files that have changed since the last full backup, but does not clear the archive bit?

 

A.

Differential backup method.

B.

Full backup method.

C.

Incremental backup method.

D.

Tape backup method.

 

Correct Answer: A

Explanation:

One of the key item to understand regarding backup is the archive bit. The archive bit is used to determine what files have been backuped already. The archive bit is set if a file is modified or a new file is created, this indicates to the backup program that it has to be saved on the next backup. When a full backup is performed the archive bi
t will be cleared indicating that the files were backup. This allows backup programs to do an incremental or differential backup that only backs up the changes to the filesystem since the last time the bit was cleared

Full Backup (or Reference Backup)

A Full backup will backup all the files and folders on the drive every time you run the full backup. The archive bit is cleared on all files indicating they were all backuped.

 

Advantages:

All files from the selected drives and folders are backed up to one backup set.

In the event you need to restore files, they are easily restored from the single backup set.

 

Disadvantages:

A full backup is more time consuming than other backup options. Full backups require more disk, tape, or network drive space.

Incremental Backup

An incremental backup provides a backup of files that have changed or are new since the last incremental backup.

 

For the first incremental backup, all files in the file set are backed up (just as in a full backup). If you use the same file set to perform a incremental backup later, only the files that have changed are backed up. If you use the same file set for a third backup, only the files that have changed since the second backup are backed up, and so on.

 

Incremental backup will clear the archive bit.

Advantages:

Backup time is faster than full backups.

Incremental backups require less disk, tape, or network drive space. You can keep several versions of the same files on different backup sets.

Disadvantages:

In order to restore all the files, you must have all of the incremental backups available. It may take longer to restore a specific file since you must search more than one backup set to find the latest version of a file.

Differential Backup

 

A differential backup provides a backup of files that have changed since a full backup was performed. A differential backup typically saves only the files that are different or new since the last full backup. Together, a full backup and a differential backup include all the files on your computer, changed and unchanged.

 

Differential backup do not clear the archive bits.

 

Advantages:

Differential backups require even less disk, tape, or network drive space than incremental backups.

Backup time is faster than full or incremental backups.

Disadvantages:

Restoring all your files may take considerably longer since you may have to restore both the last differential and full backup.

Restoring an individual file may take longer since you have to locate the file on either the differential or full backup.

 

For more info see:

http://support.microsoft.com/kb/136621 Source: KRUTZ, Ronald  L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 69.

 

 

QUESTION 540

Which of the following items is NOT a benefit of cold sites?

 

A.

No resource contention with other organisation

B.

Quick Recovery

C.

A secondary location is available to reconstruct the environment

D.

Low Cost

 

Correct Answer: B

Explanation:

A cold site is a permanent location that provide you with your own space that you can move into in case of a disaster or catastrophe. It is one of the cheapest solution available as a rental place but it is also the one that would take the most time to recover. A cold site usually takes one to two weeks for recoverey.

 

Although major disruptions with long-term effects may be rare, they should be accounted for in the contingency plan. The plan should include a trategy to recover and perform system operations at an alternate facility for an extended period. In general, three types of alternate sites are available:

 

Dedicated site owned or operated by the organization. Also called redundant or alternate sites;

Reciprocal agreement or memorandum of agreement with an internal or external entity; and

Commercially leased facility.

 

Regardless of the type of alternate site chosen, the facility must be able to support system operations as defined in the contingency plan. The three alternate site types commonly categorized in terms of their operational readiness are cold sites, warm sites, or hot sites. Other variations or combinations of these can be found, but generally all variations retain similar core features found in one of these three site types.

 

Progressing from basic to advanced, the sites are described below:

 

Cold Sites are typically facilities with adequate space and infrastructure (electric power, telecommunications connections, and environmental controls) to support information system recovery activities.

 

Warm Sites are partially equipped office spaces that contain some or all of the system hardware, software, telecommunications, and power sources.

 

Hot Sites are facilities appropriately sized to support system requirements and configured with the necessary system hardware, supporting infrastructure, and support personnel.

 

As discussed above, these three alternate site types are the most common. There are also variations, and hybrid mixtures of features from any one of the three. Each organization should evaluate its core requirements in order to establish the most effective solution.

 

Two examples of variations to the site types are:

 

Mobile Sites are self-contained, transportable shells custom-fitted with specific telecommunications and system equipment necessary to meet system requirements.

 

Mirrored Sites are fully redundant facilities with automated real-time information mirroring. Mirrored sites are identical to the primary site in all technical respects.

 

There are obvious cost and ready-time differences among the options. In these examples, the mirrored site is the most expensive choice, but it ensures virtually 100 percent availability. Cold sites are the least expensive to maintain, although they may require substantial time to acquire and install necessary equipment. Partially equipped sites, such as warm sites, fall in the middle of the spectrum. In many cases, mobile sites may be delivered to the desired location within 24 hours, but the time necessary for equipment installation and setup can increase this response time. The selection of fixed-site locations should account for the time and mode of transportation necessary to move personnel and/or equipment there. In addition, the fixed site should be in a geographic area that is unlikely to be negatively affected by the same hazard as the organization’s primary site.

 

The following reference(s) were used for this question:

http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov11- 2010.pdf

Free VCE & PDF File for ISC SSCP Real Exam

Instant Access to Free VCE Files: ISC | ISC | SAP …
Instant Access to Free PDF Files: ISC | ISC | SAP …

This entry was posted in Uncategorized and tagged , , , , , , . Bookmark the permalink.