Which of the following tools is NOT likely to be used by a hacker?
Correct Answer: C
It is a data integrity assurance software aimed at detecting and reporting accidental or malicious changes to data. The following answers are incorrect : Nessus is incorrect as it is a vulnerability scanner used by hackers in discovering vulnerabilities in a system. Saint is also incorrect as it is also a network vulnerability scanner likely to be used by hackers. Nmap is also incorrect as it is a port scanner for network exploration and likely to be used by hackers. Reference : Tripwire : http://www.tripwire.com Nessus : http://www.nessus.org Saint : http://www.saintcorporation.com/saint Nmap : http://insecure.org/nmap
SSCP Exam Question 7
Which of the following division is defined in the TCSEC (Orange Book) as minimal protection?
Correct Answer: A
Section: Access Control Explanation/Reference: The criteria are divided into four divisions: D, C, B, and A ordered in a hierarchical manner with the highest division (A) being reserved for systems providing the most comprehensive security. Each division represents a major improvement in the overall confidence one can place in the system for the protection of sensitive information. Within divisions C and B there are a number of subdivisions known as classes. The classes are also ordered in a hierarchical manner with systems representative of division C and lower classes of division B being characterized by the set of computer security mechanisms that they possess. Assurance of correct and complete design and implementation for these systems is gained mostly through testing of the security- relevant portions of the system. The security-relevant portions of a system are referred to throughout this document as the Trusted Computing Base (TCB). Systems representative of higher classes in division B and division A derive their security attributes more from their design and implementation structure. Increased assurance that the required features are operative, correct, and tamperproof under all circumstances is gained through progressively more rigorous analysis during the design process. TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: Division D - minimal security Division C - discretionary protection Division B - mandatory protection Division A - verified protection Reference: page 358 AIO V.5 Shon Harris also Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 197. Also: THE source for all TCSEC "level" questions: http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt
SSCP Exam Question 8
In addition to the accuracy of the biometric systems, there are other factors that must also be considered:
Correct Answer: C
In addition to the accuracy of the biometric systems, there are other factors that must also be considered. These factors include the enrollment time, the throughput rate, and acceptability. Enrollment time is the time it takes to initially "register" with a system by providing samples of the biometric characteristic to be evaluated. An acceptable enrollment time is around two minutes. For example, in fingerprint systems, the actual fingerprint is stored and requires approximately 250kb per finger for a high quality image. This level of information is required for one-to-many searches in forensics applications on very large databases. In finger-scan technology, a full fingerprint is not stored-the features extracted from this fingerprint are stored using a small template that requires approximately 500 to 1000 bytes of storage. The original fingerprint cannot be reconstructed from this template. Updates of the enrollment information may be required because some biometric characteristics, such as voice and signature, may change with time. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37 & 38.
SSCP Exam Question 9
Which of the following is NOT a VPN communications protocol standard?
Correct Answer: B
CHAP is an authentication mechanism for point-to-point protocol connections that encrypt the user's password. It is a protocol that uses a three-way handshake. The server sends the client a challenge, which includes a random value (a nonce) to thwart replay attacks. The client responds with a MD5 hash of the nonce and the password. The authentication is successful if the client's response is the one that the server expected. The VPN communication protocol standards listed above are PPTP, L2TP and IPSec. PPTP and L2TP operate at the data link layer (layer 2) of the OSI model and enable only a single point-to-point connection per session. The following are incorrect answers: PPTP uses native PPP authentication and encryption services. Point-to-Point Tunneling Protocol (PPTP) is a VPN protocol that runs over other protocols. PPTP relies on generic routing encapsulation (GRE) to build the tunnel between the endpoints. After the user authenticates, typically with Microsoft Challenge Handshake Authentication Protocol version 2 (MSCHAPv2), a Point-to-Point Protocol (PPP) session creates a tunnel using GRE. L2TP is a combination of PPTP and the earlier Layer 2 Forwarding protocol (L2F). Layer 2 Tunneling Protocol (L2TP) is a hybrid of Cisco's Layer 2 Forwarding (L2F) and Microsoft's PPTP. It allows callers over a serial line using PPP to connect over the Internet to a remote network. A dial-up user connects to his ISP's L2TP access concentrator (LAC) with a PPP connection. The LAC encapsulates the PPP packets into L2TP and forwards it to the remote network's layer 2 network server (LNS). At this point, the LNS authenticates the dial-up user. If authentication is successful, the dial-up user will have access to the remote network. IPSec operates at the network layer (layer 3) and enables multiple simultaneous tunnels. IP Security (IPSec) is a suite of protocols for communicating securely with IP by providing mechanisms for authenticating and encryption. Implementation of IPSec is mandatory in IPv6, and many organizations are using it over IPv4. Further, IPSec can be implemented in two modes, one that is appropriate for end-to-end protection and one that safeguards traffic between networks. Reference used for this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 7067-7071). Auerbach Publications. Kindle Edition. and Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 6987-6990). Auerbach Publications. Kindle Edition.
SSCP Exam Question 10
Who developed one of the first mathematical models of a multilevel-security computer system?
Correct Answer: C
In 1973 Bell and LaPadula created the first mathematical model of a multilevel security system. The following answers are incorrect: Diffie and Hellman. This is incorrect because Diffie and Hellman was involved with cryptography. Clark and Wilson. This is incorrect because Bell and LaPadula was the first model. The Clark-Wilson model came later, 1987. Gasser and Lipner. This is incorrect, it is a distractor. Bell and LaPadula was the first model.
Newest SSCP Exam PDF Dumps shared by Actual4test.com for Helping Passing SSCP Exam! Actual4test.com now offer the updated SSCP exam dumps, the Actual4test.com SSCP exam questions have been updated and answers have been corrected get the latest Actual4test.com SSCP pdf dumps with Exam Engine here:
