Question # 1
A X.509 public key certificate with the key usage attribute "non repudiation" can be used for
which of the following? | | A. encrypting messages
| | B. signing messages
| | C. verifying signed messages
| | D. decrypt encrypted messages |
C. verifying signed messages
References: RFC 2459 : Internet X.509 Public Key Infrastructure Certificate
and CRL Profile; GUTMANN, P., X.509 style guide.
Question # 2
What enables a workstation to boot without requiring a hard or floppy disk drive? | | A. Bootstrap Protocol (BootP).
| | B. Reverse Address Resolution Protocol (RARP).
| | C. Address Resolution Protocol (ARP).
| | D. Classless Inter-Domain Routing (CIDR). |
A. Bootstrap Protocol (BootP).
Bootstrap Protocol (BootP) is an Internet Layer protocol that enables a
workstation to boot without requiring a hard or floppy disk drive. Reverse Address
Resolution Protocol (RARP) is a TCP/IP protocol that permits a physical address, such as
an Ethernet address, to be translated into an IP address. Address Resolution Protocol
(ARP) is a TCP/IP protocol that permits an IP address to be translated into a physical
address. Classless Inter-Domain Routing (CIDR) is a new IP addressing scheme.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 88.
Question # 3
Making sure that the data has not been changed unintentionally, due to an accident or
malice is: | | A. Integrity.
| | B. Confidentiality. | | C. Availability.
| | D. Auditability. |
Integrity refers to the protection of information from unauthorized modification
or deletion.
Confidentiality is incorrect. Confidentiality refers to the protection of information from
unauthorized disclosure.
Availability is incorrect. Availability refers to the assurance that information and services will
be available to authorized users in accordance with the service level objective.
Auditability is incorrect. Auditability refers to the ability to trace an action to the identity that
performed it and identify the date and time at which it occurred.
References:
CBK,pp. 5 - 6
AIO3, pp. 56 - 57
Question # 4
Which type of algorithm is considered to have the highest strength per bit of key length of
any of the asymmetric algorithms? | | A. Rivest, Shamir, Adleman (RSA)
| | B. El Gamal
| | C. Elliptic Curve Cryptography (ECC)
| | D. Advanced Encryption Standard (AES) |
C. Elliptic Curve Cryptography (ECC)
The other answers are not correct because:
"Rivest, Shamir, Adleman (RSA)" is incorrect because RSA is a "traditional" asymmetric
algorithm. While it is reasonably strong, it is not considered to be as strong as ECC based
systems.
"El Gamal" is incorrect because it is also a "traditional" asymmetric algorithm and not
considered as strong as ECC based systems.
"Advanced Encryption Standard (AES)" is incorrect because the question asks specifically
about asymmetric algorithms and AES is a symmetric algorithm.
References:
Official ISC2 Guide page: 258
All in One Third Edition page: 638
The RSA Crypto FAQ: http://www.rsa.com/rsalabs/node.asp?id=2241
Question # 5
Which of the following is most affected by denial-of-service (DOS) attacks? | | A. Confidentiality
| | B. Integrity | | C. Accountability | | D. Availability |
Denial of service attacks obviously affect availability of targeted systems.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3:
Telecommunications and Network Security (page 61).
Question # 6
Cryptography does not concern itself with which of the following choices? | | A. Availability
| | B. Integrity
| | C. Confidentiality
| | D. Validation |
The cryptography domain addresses the principles, means, and methods of
disguising information to ensure its integrity, confidentiality, and authenticity. Unlike the
other domains, cryptography does not completely support the standard of availability.
Availability
Cryptography supports all three of the core principles of information security. Many access
control systems use cryptography to limit access to systems through the use of passwords.
Many token-based authentication systems use cryptographic-based hash algorithms to
compute one-time passwords. Denying unauthorized access prevents an attacker from
entering and damaging the system or network, thereby denying access to authorized users
if they damage or currupt the data.
Confidentiality
Cryptography provides confidentiality through altering or hiding a message so that ideally it
cannot be understood by anyone except the intended recipient. Integrity
Cryptographic tools provide integrity checks that allow a recipient to verify that a message
has not been altered. Cryptographic tools cannot prevent a message from being altered,
but they are effective to detect either intentional or accidental modification of the message.
Additional Features of Cryptographic Systems In addition to the three core principles of
information security listed above, cryptographic tools provide several more benefits.
Nonrepudiation
In a trusted environment, the authentication of the origin can be provided through the
simple control of the keys. The receiver has a level of assurance that the message was
encrypted by the sender, and the sender has trust that the message was not altered once it
was received. However, in a more stringent, less trustworthy environment, it may be
necessary to provide assurance via a third party of who sent a message and that the
message was indeed delivered to the right recipient. This is accomplished through the use
of digital signatures and public key encryption. The use of these tools provides a level of
nonrepudiation of origin that can be verified by a third party.
Once a message has been received, what is to prevent the recipient from changing the
message and contesting that the altered message was the one sent by the sender? The
nonrepudiation of delivery prevents a recipient from changing the message and falsely
claiming that the message is in its original state. This is also accomplished through the use
of public key cryptography and digital signatures and is verifiable by a trusted third party.
Authentication
Authentication is the ability to determine if someone or something is what it declares to be.
This is primarily done through the control of the keys, because only those with access to
the key are able to encrypt a message. This is not as strong as the nonrepudiation of
origin, which will be reviewed shortly Cryptographic functions use several methods to
ensure that a message has not been changed or altered. These include hash functions,
digital signatures, and message authentication codes (MACs). The main concept is that the
recipient is able to detect any change that has been made to a message, whether
accidentally or intentionally.
Access Control
Through the use of cryptographic tools, many forms of access control are supported—from
log-ins via passwords and passphrases to the prevention of access to confidential files or
messages. In all cases, access would only be possible for those individuals that had
access to the correct cryptographic keys.
NOTE FROM CLEMENT As you have seen this question was very recently updated with the latest content of the
Official ISC2 Guide (OIG) to the CISSP CBK, Version 3.
Myself, I agree with most of you that cryptography does not help on the availability side and
it is even the contrary sometimes if you loose the key for example. In such case you would
loose access to the data and negatively impact availability. But the ISC2 is not about what I
think or what you think, they have their own view of the world where they claim and state
clearly that cryptography does address availability even thou it does not fully address it.
They look at crypto as the ever emcompassing tool it has become today. Where it can be
use for authentication purpose for example where it would help to avoid corruption of the
data through illegal access by an unauthorized user.
The question is worded this way in purpose, it is VERY specific to the CISSP exam context
where ISC2 preaches that cryptography address availability even thou they state it does
not fully address it. This is something new in the last edition of their book and something
you must be aware of.
Best regards
Clement
The following terms are from the Software Development Security domain:
Validation: The assurance that a product, service, or system meets the needs of the
customer and other identified stakeholders. It often involves acceptance and suitability with
external customers. Contrast with verification below."
Verification: The evaluation of whether or not a product, service, or system complies with a
regulation, requirement, specification, or imposed condition. It is often an internal process.
Contrast with validation."
The terms above are from the Software Development Security Domain.
Reference(s) used for this question:
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :
Cryptography (Kindle Locations 227-244). . Kindle Edition.
and
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :
Cryptography (Kindle Locations 206-227). . Kindle Edition.and
http://en.wikipedia.org/wiki/Verification_and_validation
Question # 7
Packet Filtering Firewalls can also enable access for: | | A. only authorized application port or service numbers.
| | B. only unauthorized application port or service numbers.
| | C. only authorized application port or ex-service numbers.
| | D. only authorized application port or service integers. |
A. only authorized application port or service numbers.
Firewall rules can be used to enable access for traffic to specific ports or
services. "Service numbers" is rather stilted English but you may encounter these types of
wordings on the actual exam - don't let them confuse you.
"Only unauthorized application port or service numbers" is incorrect. Unauthorized
ports/services would be blocked in a properly installed firewall rather than permitting
access.
"Only authorized application port or ex-service numbers" is incorrect. "Ex-service" numbers
is a nonsense term meant to distract you.
"Only authorized application port or service integers." While service numbers are in fact
integers, the more usual (and therefore better) answer is either service or "service
number."
References
CBK, p. 464
AIO3, pp. 482 – 484
ISC SSCP Exam Dumps
5 out of 5
Pass Your System Security Certified Practitioner (SSCP) Exam in First Attempt With SSCP Exam Dumps. Real SSCP Exam Questions As in Actual Exam!
— 1074 Questions With Valid Answers
— Updation Date : 28-Mar-2025
— Free SSCP Updates for 90 Days
— 98% System Security Certified Practitioner (SSCP) Exam Passing Rate
PDF Only Price 49.99$
19.99$
Buy PDF
Speciality
Additional Information
Testimonials
Related Exams
- Number 1 ISC SSCP study material online
- Regular SSCP dumps updates for free.
- System Security Certified Practitioner (SSCP) Practice exam questions with their answers and explaination.
- Our commitment to your success continues through your exam with 24/7 support.
- Free SSCP exam dumps updates for 90 days
- 97% more cost effective than traditional training
- System Security Certified Practitioner (SSCP) Practice test to boost your knowledge
- 100% correct SSCP questions answers compiled by senior IT professionals
ISC SSCP Braindumps
Realbraindumps.com is providing SSCP SSCP braindumps which are accurate and of high-quality verified by the team of experts. The ISC SSCP dumps are comprised of System Security Certified Practitioner (SSCP) questions answers available in printable PDF files and online practice test formats. Our best recommended and an economical package is SSCP PDF file + test engine discount package along with 3 months free updates of SSCP exam questions. We have compiled SSCP exam dumps question answers pdf file for you so that you can easily prepare for your exam. Our ISC braindumps will help you in exam. Obtaining valuable professional ISC SSCP certifications with SSCP exam questions answers will always be beneficial to IT professionals by enhancing their knowledge and boosting their career.
Yes, really its not as tougher as before. Websites like Realbraindumps.com are playing a significant role to make this possible in this competitive world to pass exams with help of SSCP SSCP dumps questions. We are here to encourage your ambition and helping you in all possible ways. Our excellent and incomparable ISC System Security Certified Practitioner (SSCP) exam questions answers study material will help you to get through your certification SSCP exam braindumps in the first attempt.
Pass Exam With ISC SSCP Dumps. We at Realbraindumps are committed to provide you System Security Certified Practitioner (SSCP) braindumps questions answers online. We recommend you to prepare from our study material and boost your knowledge. You can also get discount on our ISC SSCP dumps. Just talk with our support representatives and ask for special discount on SSCP exam braindumps. We have latest SSCP exam dumps having all ISC System Security Certified Practitioner (SSCP) dumps questions written to the highest standards of technical accuracy and can be instantly downloaded and accessed by the candidates when once purchased. Practicing Online SSCP SSCP braindumps will help you to get wholly prepared and familiar with the real exam condition. Free SSCP exam braindumps demos are available for your satisfaction before purchase order.
Send us mail if you want to check ISC SSCP System Security Certified Practitioner (SSCP) DEMO before your purchase and our support team will send you in email.
If you don't find your dumps here then you can request what you need and we shall provide it to you.
Bulk Packages
$50
- Get 3 Exams PDF
- Get $33 Discount
- Mention Exam Codes in Payment Description.
Buy 3 Exams PDF
$70
- Get 5 Exams PDF
- Get $65 Discount
- Mention Exam Codes in Payment Description.
Buy 5 Exams PDF
$100
- Get 5 Exams PDF + Test Engine
- Get $105 Discount
- Mention Exam Codes in Payment Description.
Buy 5 Exams PDF + Engine
 Jessica Doe
SSCP
We are providing ISC SSCP Braindumps with practice exam question answers. These will help you to prepare your System Security Certified Practitioner (SSCP) exam. Buy SSCP SSCP dumps and boost your knowledge.
|
