Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the TLS Record Protocol and the::
Correct Answer: D
Section: Network and Telecommunications
SSCP Exam Question 467
Which of the following statements pertaining to IPSec is incorrect?
Correct Answer: B
Section: Network and Telecommunications Explanation/Reference: IPSec provides confidentiality and integrity to information transferred over IP networks through network (not transport) layer encryption and authentication. All other statements are correct. Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 6, Extranet Access Control Issues (page 110).
SSCP Exam Question 468
In the context of network enumeration by an outside attacker and possible Distributed Denial of Service (DDoS) attacks, which of the following firewall rules is not appropriate to protect an organization's internal network?
Correct Answer: A
Echo replies outbound should be dropped, not allowed. There is no reason for any internet users to send ICMP ECHO Request to your interal hosts from the internet. If they wish to find out if a service is available, they can use a browser to connect to your web server or simply send an email if they wish to test your mail service. Echo replies outbound could be used as part of the SMURF amplification attack where someone will send ICMP echo requests to gateways broadcast addresses in order to amplify the request by X number of users sitting behind the gateway. By allowing inbound echo requests and outbound echo replies, it makes it easier for attackers to learn about the internal network as well by performing a simply ping sweep. ICMP can also be used to find out which host has been up and running the longest which would indicates which patches are missing on the host if a critical patch required a reboot. ICMP can also be use for DDoS attacks, so you should strictly limit what type of ICMP traffic would be allowed to flow through your firewall. On top of all this, tools such as LOKI could be use as a client-server application to transfer files back and forward between the internat and some of your internal hosts. LOKI is a client/server program published in the online publication Phrack . This program is a working proof-of-concept to demonstrate that data can be transmitted somewhat secretly across a network by hiding it in traffic that normally does not contain payloads. The example code can tunnel the equivalent of a Unix RCMD/RSH session in either ICMP echo request (ping) packets or UDP traffic to the DNS port. This is used as a back door into a Unix system after root access has been compromised. Presence of LOKI on a system is evidence that the system has been compromised in the past. The outbound echo request and inbound echo reply allow internal users to verify connectivity with external hosts. The following answers are incorrect: Allow echo request outbound The outbound echo request and inbound echo reply allow internal users to verify connectivity with external hosts. Drop echo request inbound There is no need for anyone on the internet to attempt pinging your internal hosts. Allow echo reply inbound The outbound echo request and inbound echo reply allow internal users to verify connectivity with external hosts. Reference(s) used for this question: http://www.phrack.org/issues.html?issue=49&id=6 STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 10: The Perfect Firewall.
SSCP Exam Question 469
Which of the following is true of two-factor authentication?
Correct Answer: D
Explanation/Reference: It relies on two independent proofs of identity. Two-factor authentication refers to using two independent proofs of identity, such as something the user has (e.g. a token card) and something the user knows (a password). Two-factor authentication may be used with single sign-on. The following answers are incorrect: It requires two measurements of hand geometry. Measuring hand geometry twice does not yield two independent proofs. It uses the RSA public-key signature based on integers with large prime factors. RSA encryption uses integers with exactly two prime factors, but the term "two-factor authentication" is not used in that context. It does not use single sign-on technology. This is a detractor. The following reference(s) were/was used to create this question: Shon Harris AIO v.3 p.129 ISC2 OIG, 2007 p. 126
SSCP Exam Question 470
Which common backup method is the fastest on a daily basis?
Correct Answer: B
Explanation/Reference: The incremental backup method only copies files that have been recently changed or added. Only files with their archive bit set are backed up. This method is fast and uses less tape space but has some inherent vulnerabilities, one being that all incremental backups need to be available and restored from the date of the last full backup to the desired date should a restore be needed. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 69).
