Question # 1
Why would a memory dump be admissible as evidence in court? | | A. Because it is used to demonstrate the truth of the contents.
| | B. Because it is used to identify the state of the system.
| | C. Because the state of the memory cannot be used as evidence.
| | D. Because of the exclusionary rule. |
B. Because it is used to identify the state of the system.
A memory dump can be admitted as evidence if it acts merely as a statement
of fact. A system dump is not considered hearsay because it is used to identify the state of
the system, not the truth of the contents. The exclusionary rule mentions that evidence
must be gathered legally or it can't be used. This choice is a distracter.
Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 10: Law,
Investigation, and Ethics (page 187).
Question # 2
In the Bell-LaPadula model, the Star-property is also called: | | A. The simple security property
| | B. The confidentiality property | | C. The confinement property | | D. The tranquility property |
B. The confidentiality property
The Bell-LaPadula model focuses on data confidentiality and access to
classified information, in contrast to the Biba Integrity Model which describes rules for the
protection of data integrity.
In this formal model, the entities in an information system are divided into subjects and
objects.
The notion of a "secure state" is defined, and it is proven that each state transition
preserves security by moving from secure state to secure state, thereby proving that the
system satisfies the security objectives of the model.
The Bell-LaPadula model is built on the concept of a state machine with a set of allowable
states in a system. The transition from one state to another state is defined by transition
functions.A system state is defined to be "secure" if the only permitted access modes of subjects to
objects are in accordance with a security policy.
To determine whether a specific access mode is allowed, the clearance of a subject is
compared to the classification of the object (more precisely, to the combination of
classification and set of compartments, making up the security level) to determine if the
subject is authorized for the specific access mode. The clearance/classification scheme is expressed in terms of a lattice. The model defines
two mandatory access control (MAC) rules and one discretionary access control (DAC) rule
with three security properties:
The Simple Security Property - a subject at a given security level may not read an object at
a higher security level (no read-up).
The property (read "star"-property) - a subject at a given security level must not write to any
object at a lower security level (no write-down). The property is also known as the
Confinement property.
The Discretionary Security Property - use an access control matrix to specify the
discretionary access control.
The transfer of information from a high-sensitivity document to a lower-sensitivity document
may happen in the Bell-LaPadula model via the concept of trusted subjects. Trusted
Subjects are not restricted by the property. Untrusted subjects are.
Trusted Subjects must be shown to be trustworthy with regard to the security policy. This
security model is directed toward access control and is characterized by the phrase: "no
read up, no write down." Compare the Biba model, the Clark-Wilson model and the
Chinese Wall. With Bell-LaPadula, users can create content only at or above their own security level (i.e.
secret researchers can create secret or top-secret files but may not create public files; no
write-down). Conversely, users can view content only at or below their own security level
(i.e. secret researchers can view public or secret files, but may not view top-secret files; no
read-up).
Strong Property The Strong Property is an alternative to the Property in which subjects may write to objects
with only a matching security level. Thus, the write-up operation permitted in the usual
Property is not present, only a write-to-same level operation. The Strong Property is usually
discussed in the context of multilevel database management systems and is motivated by
integrity concerns.
Tranquility principle
The tranquility principle of the Bell-LaPadula model states that the classification of a
subject or object does not change while it is being referenced. There are two forms to the
tranquility principle: the "principle of strong tranquility" states that security levels do not change during the normal operation of the system and the "principle of weak tranquility"
states that security levels do not change in a way that violates the rules of a given security
policy.
Another interpretation of the tranquility principles is that they both apply only to the period
of time during which an operation involving an object or subject is occurring. That is, the
strong tranquility principle means that an object's security level/label will not change during
an operation (such as read or write); the weak tranquility principle means that an object's
security level/label may change in a way that does not violate the security policy during an
operation.
Reference(s) used for this question:
http://en.wikipedia.org/wiki/Biba_Model
http://en.wikipedia.org/wiki/Mandatory_access_control
http://en.wikipedia.org/wiki/Discretionary_access_control
http://en.wikipedia.org/wiki/Clark-Wilson_model
http://en.wikipedia.org/wiki/Brewer_and_Nash_model
Question # 3
Which of the following is an issue with signature-based intrusion detection systems? | | A. Only previously identified attack signatures are detected.
| | B. Signature databases must be augmented with inferential elements.
| | C. It runs only on the windows operating system
| | D. Hackers can circumvent signature evaluations. |
A. Only previously identified attack signatures are detected.
An issue with signature-based ID is that only attack signatures that are
stored in their database are detected.
New attacks without a signature would not be reported. They do require constant updates
in order to maintain their effectiveness.
Reference used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, 2001, John Wiley & Sons, Page 49.
Question # 4
Which is NOT a suitable method for distributing certificate revocation information? | | A. CA revocation mailing list
| | B. Delta CRL
| | C. OCSP (online certificate status protocol)
| | D. Distribution point CRL |
A. CA revocation mailing list
The following are incorrect answers because they are all suitable methods.
A Delta CRL is a CRL that only provides information about certificates whose statuses
have changed since the issuance of a specific, previously issued CRL.
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the
revocation status of an X.509 digital certificate.
A Distribution point CRL or CRL Distribution Point, a location specified in the CRL
Distribution Point (CRL DP) X.509, version 3, certificate extension when the certificate is
issued.
References: RFC 2459: Internet X.509 Public Key Infrastru
http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/sliding_window.pdf
http://www.ipswitch.eu/online_certificate_status_protocol_en.html
Computer Security Handbook By Seymour Bosworth, Arthur E. Hutt, Michel E. Kabay
http://books.google.com/books?id=rCx5OfSFUPkC&printsec=frontcover&dq=Computer+Se
curity+Handbook#PRA6-PA4,M1
Question # 5
Controls to keep password sniffing attacks from compromising computer systems include
which of the following? | | A. static and recurring passwords.
. | | B. encryption and recurring passwords. | | C. one-time passwords and encryption. | | D. static and one-time passwords |
C. one-time passwords and encryption.
To minimize the chance of passwords being captured one-time passwords
would prevent a password sniffing attack because once used it is no longer valid.
Encryption will also minimize these types of attacks.
The following answers are correct:
static and recurring passwords. This is incorrect because if there is no encryption then
someone password sniffing would be able to capture the password much easier if it never
changed.
encryption and recurring passwords. This is incorrect because while encryption helps,
recurring passwords do nothing to minimize the risk of passwords being captured.
static and one-time passwords. This is incorrect because while one-time passwords will
prevent these types of attacks, static passwords do nothing to minimize the risk of
passwords being captured.
Question # 6
What is malware that can spread itself over open network connections? | | A. Worm
| | B. Rootkit
| | C. Adware
| | D. Logic Bomb |
Computer worms are also known as Network Mobile Code, or a virus-like bit
of code that can replicate itself over a network, infecting adjacent computers.
A computer worm is a standalone malware computer program that replicates itself in order
to spread to other computers. Often, it uses a computer network to spread itself, relying on
security failures on the target computer to access it. Unlike a computer virus, it does not
need to attach itself to an existing program. Worms almost always cause at least some
harm to the network, even if only by consuming bandwidth, whereas viruses almost always
corrupt or modify files on a targeted computer.
A notable example is the SQL Slammer computer worm that spread globally in ten minutes
on January 25, 2003. I myself came to work that day as a software tester and found all my
SQL servers infected and actively trying to infect other computers on the test network.
A patch had been released a year prior by Microsoft and if systems were not patched and
exposed to a 376 byte UDP packet from an infected host then system would become
compromised.
Ordinarily, infected computers are not to be trusted and must be rebuilt from scratch but the
vulnerability could be mitigated by replacing a single vulnerable dll called sqlsort.dll.
Replacing that with the patched version completely disabled the worm which really illustrates to us the importance of actively patching our systems against such network
mobile code.
The following answers are incorrect:
- Rootkit: Sorry, this isn't correct because a rootkit isn't ordinarily classified as network
mobile code like a worm is. This isn't to say that a rootkit couldn't be included in a worm,
just that a rootkit isn't usually classified like a worm. A rootkit is a stealthy type of software,
typically malicious, designed to hide the existence of certain processes or programs from
normal methods of detection and enable continued privileged access to a computer. The
term rootkit is a concatenation of "root" (the traditional name of the privileged account on
Unix operating systems) and the word "kit" (which refers to the software components that
implement the tool). The term "rootkit" has negative connotations through its association
with malware.
- Adware: Incorrect answer. Sorry but adware isn't usually classified as a worm. Adware, or
advertising-supported software, is any software package which automatically renders
advertisements in order to generate revenue for its author. The advertisements may be in
the user interface of the software or on a screen presented to the user during the
installation process. The functions may be designed to analyze which Internet sites the
user visits and to present advertising pertinent to the types of goods or services featured
there. The term is sometimes used to refer to software that displays unwanted
advertisements.
- Logic Bomb: Logic bombs like adware or rootkits could be spread by worms if they exploit
the right service and gain root or admin access on a computer.
The following reference(s) was used to create this question:
The CCCure CompTIA Holistic Security+ Tutorial and CBT
and
http://en.wikipedia.org/wiki/Rootkit
and
http://en.wikipedia.org/wiki/Computer_worm
and
http://en.wikipedia.org/wiki/Adware
Question # 7
Which backup type run at regular intervals would take the least time to complete? | | A. Full Backup
| | B. Differential Backup
| | C. Incremental Backup
| | D. Disk Mirroring |
Incremental backups only backup changed data (changes archive bit to not
backup again if not changed).
Although the incremental backup is fastest to backup, it is usually more time consuming for
the restore process In some cases, the window available for backup may not be long enough to backup all the
data on the system during each backup. In that case, differential or incremental backups
may be more appropriate.
In an incremental backup, only the files that changed since the last backup will be backed
up.
In a differential backup, only the files that changed since the last full backup will be backed
up.
In general, differentials require more space than incremental backups while incremental
backups are faster to perform. On the other hand, restoring data from incremental backups
requires more time than differential backups. To restore from incremental backups, the last
full backup and all of the incremental backups performed are combined. In contrast,
restoring from a differential backup requires only the last full backup and the latest
differential.
The following are incorrect answers:
Differential backups backup all data since the last full backup (does not reset archive bit)
Full backups backup all selected data, regardless of archive bit, and resets the archive bit.
Disk mirroring is not considered as a backup type.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 20385-20390). Auerbach Publications. Kindle
Edition.
and
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002,
chapter 9: Disaster Recovery and Business continuity (page 618).
ISC SSCP Exam Dumps
5 out of 5
Pass Your System Security Certified Practitioner (SSCP) Exam in First Attempt With SSCP Exam Dumps. Real SSCP Exam Questions As in Actual Exam!
— 1074 Questions With Valid Answers
— Updation Date : 17-Feb-2025
— Free SSCP Updates for 90 Days
— 98% System Security Certified Practitioner (SSCP) Exam Passing Rate
PDF Only Price 99.99$
19.99$
Buy PDF
Speciality
Additional Information
Testimonials
Related Exams
- Number 1 ISC SSCP study material online
- Regular SSCP dumps updates for free.
- System Security Certified Practitioner (SSCP) Practice exam questions with their answers and explaination.
- Our commitment to your success continues through your exam with 24/7 support.
- Free SSCP exam dumps updates for 90 days
- 97% more cost effective than traditional training
- System Security Certified Practitioner (SSCP) Practice test to boost your knowledge
- 100% correct SSCP questions answers compiled by senior IT professionals
ISC SSCP Braindumps
Realbraindumps.com is providing SSCP SSCP braindumps which are accurate and of high-quality verified by the team of experts. The ISC SSCP dumps are comprised of System Security Certified Practitioner (SSCP) questions answers available in printable PDF files and online practice test formats. Our best recommended and an economical package is SSCP PDF file + test engine discount package along with 3 months free updates of SSCP exam questions. We have compiled SSCP exam dumps question answers pdf file for you so that you can easily prepare for your exam. Our ISC braindumps will help you in exam. Obtaining valuable professional ISC SSCP certifications with SSCP exam questions answers will always be beneficial to IT professionals by enhancing their knowledge and boosting their career.
Yes, really its not as tougher as before. Websites like Realbraindumps.com are playing a significant role to make this possible in this competitive world to pass exams with help of SSCP SSCP dumps questions. We are here to encourage your ambition and helping you in all possible ways. Our excellent and incomparable ISC System Security Certified Practitioner (SSCP) exam questions answers study material will help you to get through your certification SSCP exam braindumps in the first attempt.
Pass Exam With ISC SSCP Dumps. We at Realbraindumps are committed to provide you System Security Certified Practitioner (SSCP) braindumps questions answers online. We recommend you to prepare from our study material and boost your knowledge. You can also get discount on our ISC SSCP dumps. Just talk with our support representatives and ask for special discount on SSCP exam braindumps. We have latest SSCP exam dumps having all ISC System Security Certified Practitioner (SSCP) dumps questions written to the highest standards of technical accuracy and can be instantly downloaded and accessed by the candidates when once purchased. Practicing Online SSCP SSCP braindumps will help you to get wholly prepared and familiar with the real exam condition. Free SSCP exam braindumps demos are available for your satisfaction before purchase order.
Send us mail if you want to check ISC SSCP System Security Certified Practitioner (SSCP) DEMO before your purchase and our support team will send you in email.
If you don't find your dumps here then you can request what you need and we shall provide it to you.
Bulk Packages
$60
- Get 3 Exams PDF
- Get $33 Discount
- Mention Exam Codes in Payment Description.
Buy 3 Exams PDF
$90
- Get 5 Exams PDF
- Get $65 Discount
- Mention Exam Codes in Payment Description.
Buy 5 Exams PDF
$110
- Get 5 Exams PDF + Test Engine
- Get $105 Discount
- Mention Exam Codes in Payment Description.
Buy 5 Exams PDF + Engine
 Jessica Doe
SSCP
We are providing ISC SSCP Braindumps with practice exam question answers. These will help you to prepare your System Security Certified Practitioner (SSCP) exam. Buy SSCP SSCP dumps and boost your knowledge.
|
