• Home
  • Articles
  • [Q402-Q418] SSCP Dumps are Available for Instant Access [2024]

[Q402-Q418] SSCP Dumps are Available for Instant Access [2024]

Share

SSCP Dumps are Available for Instant Access [2024]

Practice with these SSCP dumps Certification Sample Questions


The SSCP certification exam is ideal for those who want to pursue a career in information security or enhance their existing knowledge and skills. It is also suitable for IT professionals who want to expand their knowledge and expertise in security operations, risk management, and access controls. System Security Certified Practitioner (SSCP) certification provides a solid foundation in information security and validates the candidate's ability to secure critical information assets.

 

NEW QUESTION # 402
Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data?

  • A. Management monitoring of audit logs
  • B. Job rotation of operations personnel
  • C. Enforcing regular password changes
  • D. Limiting the local access of operations personnel

Answer: D

Explanation:
The questions specifically said: "within a different function" which eliminate Job Rotation as a choice.
Management monitoring of audit logs is a detective control and it would not prevent collusion.
Changing passwords regularly would not prevent such attack.
This question validates if you understand the concept of separation of duties and least privilege.
By having operators that have only the minimum access level they need and only what they need to do their duties within a company, the operations personnel would be force to use collusion to defeat those security mechanism.


NEW QUESTION # 403
____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential, Top Secret, etc..

  • A. DAC - Discretionary Access Control
  • B. MAC - Mandatory Access Control
  • C. SAC - Strategic Access Control
  • D. LAC - Limited Access Control

Answer: B


NEW QUESTION # 404
Which access model is most appropriate for companies with a high employee turnover?

  • A. Lattice-based access control
  • B. Discretionary access control
  • C. Mandatory access control
  • D. Role-based access control

Answer: D

Explanation:
The underlying problem for a company with a lot of turnover is assuring that new employees are assigned the correct access permissions and that those permissions are removed when they leave the company.
Selecting the best answer requires one to think about the access control options in the context of a company with a lot of flux in the employee population. RBAC simplifies the task of assigning permissions because the permissions are assigned to roles which do not change based on who belongs to them. As employees join the company, it is simply a matter of assigning them to the appropriate roles and their permissions derive from their assigned role. They will implicitely inherit the permissions of the role or roles they have been assigned to. When they leave the company or change jobs, their role assignment is revoked/changed appropriately.
Mandatory access control is incorrect. While controlling access based on the clearence level of employees and the sensitivity of obects is a better choice than some of the other incorrect answers, it is not the best choice when RBAC is an option and you are looking for the best solution for a high number of employees constantly leaving or joining the company.
Lattice-based access control is incorrect. The lattice is really a mathematical concept that is used in formally modeling information flow (Bell-Lapadula, Biba, etc). In the context of the question, an abstract model of information flow is not an appropriate choice. CBK, pp. 324
325.
Discretionary access control is incorrect. When an employee joins or leaves the company,
the object owner must grant or revoke access for that employee on all the objects they
own. Problems would also arise when the owner of an object leaves the company. The
complexity of assuring that the permissions are added and removed correctly makes this
the least desirable solution in this situation.
References
Alll in One, third edition page 165
RBAC is discussed on pp. 189 through 191 of the ISC(2) guide.


NEW QUESTION # 405
In the context of network enumeration by an outside attacker and possible Distributed Denial of Service (DDoS) attacks, which of the following firewall rules is not appropriate to protect an organization's internal network?

  • A. Allow echo reply inbound
  • B. Allow echo request outbound
  • C. Allow echo reply outbound
  • D. Drop echo request inbound

Answer: C

Explanation:
Echo replies outbound should be dropped, not allowed. There is no reason for any internet users to send ICMP ECHO Request to your interal hosts from the internet. If they wish to find out if a service is available, they can use a browser to connect to your web server or simply send an email if they wish to test your mail service.
Echo replies outbound could be used as part of the SMURF amplification attack where someone will send ICMP echo requests to gateways broadcast addresses in order to amplify the request by X number of users sitting behind the gateway.
By allowing inbound echo requests and outbound echo replies, it makes it easier for attackers to learn about the internal network as well by performing a simply ping sweep. ICMP can also be used to find out which host has been up and running the longest which would indicates which patches are missing on the host if a critical patch required a reboot.
ICMP can also be use for DDoS attacks, so you should strictly limit what type of ICMP traffic would be allowed to flow through your firewall.
On top of all this, tools such as LOKI could be use as a client-server application to transfer files back and forward between the internat and some of your internal hosts. LOKI is a client/server program published in the online publication Phrack . This program is a working proof-of-concept to demonstrate that data can be transmitted somewhat secretly across a
network by hiding it in traffic that normally does not contain payloads. The example code
can tunnel the equivalent of a Unix RCMD/RSH session in either ICMP echo request (ping)
packets or UDP traffic to the DNS port. This is used as a back door into a Unix system after
root access has been compromised. Presence of LOKI on a system is evidence that the
system has been compromised in the past.
The outbound echo request and inbound echo reply allow internal users to verify
connectivity with external hosts.
The following answers are incorrect:
Allow echo request outbound The outbound echo request and inbound echo reply allow
internal users to verify connectivity with external hosts.
Drop echo request inbound There is no need for anyone on the internet to attempt pinging
your internal hosts.
Allow echo reply inbound The outbound echo request and inbound echo reply allow internal
users to verify connectivity with external hosts.
Reference(s) used for this question:
http://www.phrack.org/issues.html?issue=49&id=6
STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 10:
The Perfect Firewall.


NEW QUESTION # 406
CORRECT TEXT
Attackers have been known to search through company trash bins in order to collect potentially useful information. This method of attack is known as _________________.

Answer:

Explanation:
diving


NEW QUESTION # 407
How many bits of a MAC address uniquely identify a vendor, as provided by the IEEE?

  • A. 16 bits
  • B. 12 bits
  • C. 6 bits
  • D. 24 bits

Answer: D

Explanation:
The MAC address is 48 bits long, 24 of which identify the vendor, as provided by the IEEE.
The other 24 bits are provided by the vendor.
A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet.
Logically, MAC addresses are used in the media access control protocol sublayer of the OSI reference model.
MAC addresses are most often assigned by the manufacturer of a network interface card (NIC) and are stored in its hardware, such as the card's read-only memory or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number and may be referred to as the burned-in address. It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. This is can be contrasted to a programmed address, where the host device issues commands to the NIC to use an arbitrary address. An example is many SOHO routers, where the ISP grants access to only one MAC address (used previously to inserting the router) so the router must use that MAC address on its Internet-facing NIC. Therefore the router administrator configures a MAC address to override the burned-in one.
A network node may have multiple NICs and each must have one unique MAC address per NIC.
See diagram below from Wikipedia showing the format of a MAC address. :
MAC Address format


NEW QUESTION # 408
Which of the following is an advantage that UDP has over TCP?

  • A. UDP makes a better effort to deliver packets.
  • B. UDP is faster than TCP.
  • C. UDP is more reliable than TCP.
  • D. UDP is connection-oriented whereas TCP is not.

Answer: B

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
UDP is a scaled-down version of TCP. It is used like TCP, but only offers a "best effort" delivery. It is connectionless, does not offer error correction, does not sequence the packet segments, and less reliable than TCP but because of its lower overhead, it provides a faster transmission than TCP.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page
86).


NEW QUESTION # 409
The difference between fraud and embezzlement is ________________-.

  • A. Embezzlement is about publicity; fraud is about personal gain
  • B. There is nodifference, fraud and embezzlement are the same
  • C. Fraud = money or goods; embezzlement = money only
  • D. Fraud = misdemeanor; embezzlement = felony
  • E. Fraud = removing hardware / software; embezzlement = removing data only

Answer: C


NEW QUESTION # 410
CORRECT TEXT
______________ is a major component of an overall risk management program.

Answer:

Explanation:
assessment


NEW QUESTION # 411
Sandra has used Ethereal, a packet sniffer, to listen in on network transmissions. She has captured several passwords. What type of attack has been performed on her network?

  • A. A session hijacking
  • B. An illicit server attack
  • C. An active attack
  • D. A man-the-middle attack
  • E. A privilege escalation attack

Answer: D

Explanation:
The type of attack described above is a man-in-the-middle attack.


NEW QUESTION # 412
Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission?

  • A. Secure Hash Standard (SHS)
  • B. Message Authentication Code (MAC)
  • C. Cyclic Redundancy Check (CRC)
  • D. Secure Electronic Transaction (SET)

Answer: B

Explanation:
Section: Cryptography
Explanation/Reference:
In order to protect against fraud in electronic fund transfers (EFT), the Message Authentication Code (MAC), ANSI X9.9, was developed. The MAC is a check value, which is derived from the contents of the message itself, that is sensitive to the bit changes in a message. It is similar to a Cyclic Redundancy Check (CRC).
The aim of message authentication in computer and communication systems is to verify that he message comes from its claimed originator and that it has not been altered in transmission. It is particularly needed for EFT Electronic Funds Transfer). The protection mechanism is generation of a Message Authentication Code (MAC), attached to the message, which can be recalculated by the receiver and will reveal any alteration in transit. One standard method is described in (ANSI, X9.9). Message authentication mechanisms an also be used to achieve non-repudiation of messages.
The Secure Electronic Transaction (SET) was developed by a consortium including MasterCard and VISA as a means of preventing fraud from occurring during electronic payment.
The Secure Hash Standard (SHS), NIST FIPS 180, available at http://www.itl.nist.gov/fipspubs/fip180-1.htm, specifies the Secure Hash Algorithm (SHA-1).
Source:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 170) also see:
http://luizfirmino.blogspot.com/2011/04/message-authentication-code-mac.html and
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.22.2312&rep=rep1&type=pdf


NEW QUESTION # 413
Which of the following refers to the data left on the media after the media has been erased?

  • A. recovery
  • B. semi-hidden
  • C. sticky bits
  • D. remanence

Answer: D

Explanation:
Actually the term "remanence" comes from electromagnetism, the study of the electromagnetics. Originally referred to (and still does in that field of study) the magnetic flux that remains in a magnetic circuit after an applied magnetomotive force has been removed. Absolutely no way a candidate will see anywhere near that much detail on any similar CISSP question, but having read this, a candidate won't be likely to forget it either.
It is becoming increasingly commonplace for people to buy used computer equipment, such as a hard drive, or router, and find information on the device left there by the previous owner; information they thought had been deleted. This is a classic example of data remanence: the remains of partial or even the entire data set of digital information. Normally, this refers to the data that remain on media after they are written over or degaussed. Data remanence is most common in storage systems but can also occur in memory.
Specialized hardware devices known as degaussers can be used to erase data saved to magnetic media. The measure of the amount of energy needed to reduce the magnetic field on the media to zero is known as coercivity.
It is important to make sure that the coercivity of the degausser is of sufficient strength to meet object reuse requirements when erasing data. If a degausser is used with insufficient coercivity, then a remanence of the data will exist. Remanence is the measure of the existing magnetic field on the media; it is the residue that remains after an object is degaussed or written over.
Data is still recoverable even when the remanence is small. While data remanence exists, there is no assurance of safe object reuse.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 4207-4210). Auerbach Publications. Kindle Edition. and Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 19694-19699). Auerbach Publications. Kindle Edition.


NEW QUESTION # 414
Which of the following can prevent hijacking of a web session?

  • A. RSA
  • B. SSL
  • C. SET
  • D. PPP

Answer: B

Explanation:
The Secure Socket Layer (SSL) protocol is used between a web server and client and provides entire session encryption, thus preventing from session hijacking. RSA is asymmetric encryption algorithm that can be used in setting up a SSL session. SET is the Secure Electronic Transaction protocol that was introduced by Visa and Mastercard to allow for more credit card transaction possibilities. PPP is a point-to-point protocol.


NEW QUESTION # 415
A boot sector virus goes to work when what event takes place?

  • A. March 16th
  • B. File is deleted
  • C. File is saved
  • D. Reboot or system startup

Answer: D


NEW QUESTION # 416
Which of the following would be LESS likely to prevent an employee from reporting an incident?

  • A. The process of reporting incidents is centralized.
  • B. They are unaware of the company's security policies and procedures.
  • C. They are afraid of being pulled into something they don't want to be involved with.
  • D. They are afraid of being accused of something they didn't do.

Answer: A

Explanation:
The reporting process should be centralized else employees won't bother.
The other answers are incorrect because :
They are afraid of being pulled into something they don't want to be involved with is incorrect as most of the employees fear of this and this would prevent them to report an incident.
They are afraid of being accused of something they didn't do is also incorrect as this also prevents them to report an incident.
They are unaware of the company's security policies and procedures is also incorrect as mentioned above.


NEW QUESTION # 417
Which of the following determines that the product developed meets the projects goals?

  • A. accuracy
  • B. validation
  • C. concurrence
  • D. verification

Answer: B

Explanation:
Software Development Verification vs. Validation:
Verification determines if the product accurately represents and meets the design specifications given to the developers. A product can be developed that does not match the original specifications. This step ensures that the specifications are properly met and closely followed by the development team.
Validation determines if the product provides the necessary solution intended real-world problem.
It validates whether or not the final product is what the user expected in the first place and whether or not it solve the problem it intended to solve. In large projects, it is easy to lose sight of overall goal. This exercise ensures that the main goal of the project is met.
From DITSCAP:
6.3.2. Phase 2, Verification. The Verification phase shall include activities to verify compliance of the system with previously agreed security requirements. For each life-cycle development activity, DoD Directive 5000.1 (reference (i)), there is a corresponding set of security activities, enclosure
3, that shall verify compliance with the security requirements and evaluate vulnerabilities.
6.3.3. Phase 3, Validation. The Validation phase shall include activities to evaluate the fully integrated system to validate system operation in a specified computing environment with an acceptable level of residual risk. Validation shall culminate in an approval to operate.
NOTE:
DIACAP has replace DITSCAP but the definition above are still valid and applicable for the purpose of the exam.


NEW QUESTION # 418
......

Get Instant Access REAL SSCP DUMP Pass Your Exam Easily: https://examdumps.passcollection.com/SSCP-valid-vce-dumps.html

Related Articles

more
ISC SSCP Certification Practice Exam

Our website will provide you with latest test questions and the most reliable pass guide to make sure you pass exam smoothly, you just need to remember the key knowledge of exam prep.

Latest Exam Tests

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 PassCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy