CertsOut ISC-SSCP

Text Material Preview

Systems Security
Certified Practitioner
Version: Demo
[ Total Questions: 10]
Web: www.certsout.com
Email: support@certsout.com
ISC
SSCP
https://www.certsout.com
https://www.certsout.com/SSCP-test.html
IMPORTANT NOTICE
Feedback
We have developed quality product and state-of-art service to ensure our customers interest. If you have any
suggestions, please feel free to contact us at feedback@certsout.com
Support
If you have any questions about our product, please provide the following items:
exam code
screenshot of the question
login id/email
please contact us at and our technical experts will provide support within 24 hours.support@certsout.com
Copyright
The product of each order has its own encryption code, so you should use it independently. Any unauthorized
changes will inflict legal punishment. We reserve the right of final explanation for this statement.
ISC - SSCPCerts Exam
1 of 14Pass with Valid Exam Questions Pool
Exam Topic Breakdown
Exam Topic Number of Questions
Topic 4 : Risk, Response and Recovery 2
Topic 7 : Malicious Code 2
Topic 1 : Access Control 2
Topic 2 : Security Operation Adimnistration 2
Topic 6 : Network and Telecommunications 2
Topic 5 : Cryptography 0
Topic 3 : Analysis and Monitoring 0
TOTAL 10
ISC - SSCPCerts Exam
2 of 14Pass with Valid Exam Questions Pool
A. 
B. 
C. 
D. 
Topic 4, Risk, Response and Recovery
Question #:1 - (Exam Topic 4)
Which of the following best describes what would be expected at a "hot site"?
Computers, climate control, cables and peripherals
Computers and peripherals
Computers and dedicated climate control systems.
Dedicated climate control systems
Answer: A
Explanation
A Hot Site contains everything needed to become operational in the shortest amount of time.
The following answers are incorrect:
Computers and peripherals. Is incorrect because no mention is made of cables. You would not be fully
operational without those.
Computers and dedicated climate control systems. Is incorrect because no mention is made of peripherals. You
would not be fully operational without those.
Dedicated climate control systems. Is incorrect because no mentionis made of computers, cables and
peripherals. You would not be fully operational without those.
According to the OIG, a hot site is defined as a fully configured site with complete customer required
hardware and software provided by the service provider. A hot site in the context of the CBK is always a
RENTAL place. If you have your own site fully equipped that you make use of in case of disaster that would
be called a redundant site or an alternate site.
Wikipedia: "A hot site is a duplicate of the original site of the organization, with full computer systems as well
as near-complete backups of user data."
References:
OIG CBK, Business Continuity and Disaster Recovery Planning (pages 367 - 368)
AIO, 3rd Edition, Business Continuity Planning (pages 709 - 714)
AIO, 4th Edition, Business Continuity Planning , p 790.
ISC - SSCPCerts Exam
3 of 14Pass with Valid Exam Questions Pool
A. 
B. 
C. 
D. 
Wikipedia
- http://en.wikipedia.org/wiki/Hot_site#Hot_Sites
Question #:2 - (Exam Topic 4)
Within the legal domain what rule is concerned with the legality of how the evidence was gathered ?
Exclusionary rule
Best evidence rule
Hearsay rule
Investigation rule
Answer: A
Explanation
The exclusionary rule mentions that evidence must be gathered legally or it can't be used.
The principle based on federal Constitutional Law that evidence illegally seized by law enforcement officers in
violation of a suspect's right to be free from unreasonable searches and seizures cannot be used against the
suspect in a criminal prosecution.
The exclusionary rule is designed to exclude evidence obtained in violation of a criminal defendant's Fourth
Amendment rights. The Fourth Amendment protects against unreasonable searches and seizures by law
enforcement personnel. If the search of a criminal suspect is unreasonable, the evidence obtained in the search
will be excluded from trial.
The exclusionary rule is a court-made rule. This means that it was created not in statutes passed by legislative
bodies but rather by the U.S. Supreme Court. The exclusionary rule applies in federal courts by virtue of the
Fourth Amendment. The Court has ruled that it applies in state courts although the due process clause of the
Fourteenth Amendment.(The Bill of Rights—the first ten amendments— applies to actions by the federal
government. The Fourteenth Amendment, the Court has held, makes most of the protections in the Bill of
Rights applicable to actions by the states.)
The exclusionary rule has been in existence since the early 1900s. Before the rule was fashioned, any evidence
was admissible in a criminal trial if the judge found the evidence to be relevant. The manner in which the
evidence had been seized was not an issue. This began to change in 1914, when the U.S. Supreme Court
devised a way to enforce the Fourth Amendment. In Weeks v. United States, 232 U.S. 383, 34 S. Ct. 341, 58
L. Ed. 652 (1914), a federal agent had conducted a warrantless search for evidence of gambling at the home of
Fremont Weeks. The evidence seized in the search was used at trial, and Weeks was convicted. On appeal, the
Court held that the Fourth Amendment barred the use of evidence secured through a warrantless search.
Weeks's conviction was reversed, and thus was born the exclusionary rule.
The best evidence rule concerns limiting potential for alteration. The best evidence rule is a common law rule
of evidence which can be traced back at least as far as the 18th century. In Omychund v Barker (1745) 1 Atk,
21, 49; 26 ER 15, 33, Lord Harwicke stated that no evidence was admissible unless it was "the best that the
ISC - SSCPCerts Exam
4 of 14Pass with Valid Exam Questions Pool
nature of the case will allow". The general rule is that secondary evidence, such as a copy or facsimile, will be
not admissible if an original document exists, and is not unavailable due to destruction or other circumstances
indicating unavailability.
The rationale for the best evidence rule can be understood from the context in which it arose: in the eighteenth
century a copy was usually made by hand by a clerk (or even a litigant). The best evidence rule was predicated
on the assumption that, if the original was not produced, there was a significant chance of error or fraud in
relying on such a copy.
The hearsay rule concerns computer-generated evidence, which is considered second-hand evidence.
Hearsay is information gathered by one person from another concerning some event, condition, or thing of
which the first person had no direct experience. When submitted as evidence, such statements are called
hearsay evidence. As a legal term, "hearsay" can also have the narrower meaning of the use of such
information as evidence to prove the truth of what is asserted. Such use of "hearsay evidence" in court is
generally not allowed. This prohibition is called the hearsay rule.
For example, a witness says "Susan told me Tom was in town". Since the witness did not see Tom in town, the
statement would be hearsay evidence to the fact that Tom was in town, and not admissible. However, it would
be admissible as evidence that Susan said Tom was in town, and on the issue of her knowledge of whether he
was in town.
Hearsay evidence has many exception rules. For the purpose of the exam you must be familiar with the
business records exception rule to the Hearsay Evidence. The business records created during the ordinary
course of business are considered reliable and can usually be brought in under this exception if the proper
foundation is laid when the records are introduced into evidence. Depending on which jurisdiction the case is
in, either the records custodian or someone with knowledge of the records must lay a foundation for the
records. Logs that are collected as part of a document business process being carried at regularinterval would
fall under this exception. They could be presented in court and not be considered Hearsay.
Investigation rule is a detractor.
Source: ROTHKE, Ben, CISSP CBK Review presentation on domain 9.
and
The FREE Online Law Dictionary at: http://legal-dictionary.thefreedictionary.com/Exclusionary+Rule
and
Wikipedia has a nice article on this subject at: http://en.wikipedia.org/wiki/Exclusionary_rule
and
http://en.wikipedia.org/wiki/Hearsay_in_United_States_law#Hearsay_exceptions
http://legal-dictionary.thefreedictionary.com/Exclusionary+Rule
http://en.wikipedia.org/wiki/Exclusionary_rule
http://en.wikipedia.org/wiki/Hearsay_in_United_States_law#Hearsay_exceptions
ISC - SSCPCerts Exam
5 of 14Pass with Valid Exam Questions Pool
A. 
B. 
C. 
D. 
Topic 7, Malicious Code
Question #:3 - (Exam Topic 7)
In computing what is the name of a non-self-replicating type of malware program containing malicious code
that appears to have some useful purpose but also contains code that has a malicious or harmful purpose
imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically
causing loss or theft of data, and possible system harm.
virus
worm
Trojan horse.
trapdoor
Answer: C
Explanation
A trojan horse is any code that appears to have some useful purpose but also contains code that has a malicious
or harmful purpose imbedded in it. A Trojan often also includes a trapdoor as a means to gain access to a
computer system bypassing security controls.
Wikipedia defines it as:
A Trojan horse, or Trojan, in computing is a non-self-replicating type of malware program containing
malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically
causing loss or theft of data, and possible system harm. The term is derived from the story of the wooden horse
used to trick defenders of Troy into taking concealed warriors into their city in ancient Greece, because
computer Trojans often employ a form of social engineering, presenting themselves as routine, useful, or
interesting in order to persuade victims to install them on their computers.
The following answers are incorrect:
virus. Is incorrect because a Virus is a malicious program and is does not appear to be harmless, it's sole
purpose is malicious intent often doing damage to a system. A computer virus is a type of malware that, when
executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files,
or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be
"infected".
worm. Is incorrect because a Worm is similiar to a Virus but does not require user intervention to execute.
Rather than doing damage to the system, worms tend to self-propagate and devour the resources of a system.
A computer worm is a standalone malware computer program that replicates itself in order to spread to other
computers. Often, it uses a computer network to spread itself, relying on security failures on the target
computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms
almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses
almost always corrupt or modify files on a targeted computer.
ISC - SSCPCerts Exam
6 of 14Pass with Valid Exam Questions Pool
A. 
B. 
C. 
D. 
trapdoor. Is incorrect because a trapdoor is a means to bypass security by hiding an entry point into a system.
Trojan Horses often have a trapdoor imbedded in them.
References:
http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29
and
http://en.wikipedia.org/wiki/Computer_virus
and
http://en.wikipedia.org/wiki/Computer_worm
and
http://en.wikipedia.org/wiki/Backdoor_%28computing%29
Question #:4 - (Exam Topic 7)
What best describes a scenario when an employee has been shaving off pennies from multiple accounts and
depositing the funds into his own bank account?
Data fiddling
Data diddling
Salami techniques
Trojan horses
Answer: C
Explanation
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page
644.
http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29
http://en.wikipedia.org/wiki/Computer_virus
http://en.wikipedia.org/wiki/Computer_worm
http://en.wikipedia.org/wiki/Backdoor_%28computing%29
ISC - SSCPCerts Exam
7 of 14Pass with Valid Exam Questions Pool
A. 
B. 
C. 
D. 
A. 
B. 
C. 
D. 
Topic 1, Access Control
Question #:5 - (Exam Topic 1)
Passwords can be required to change monthly, quarterly, or at other intervals:
depending on the criticality of the information needing protection
depending on the criticality of the information needing protection and the password's frequency of use
depending on the password's frequency of use
not depending on the criticality of the information needing protection but depending on the password's
frequency of use
Answer: B
Explanation
Passwords can be compromised and must be protected. In the ideal case, a password should only be used once.
The changing of passwords can also fall between these two extremes. Passwords can be required to change
monthly, quarterly, or at other intervals, depending on the criticality of the information needing protection and
the password's frequency of use. Obviously, the more times a password is used, the more chance there is of it
being compromised.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Computer Security, 2001, John Wiley & Sons, Page 36 & 37.
Question #:6 - (Exam Topic 1)
Which of the following statements pertaining to Kerberos is false?
The Key Distribution Center represents a single point of failure.
Kerberos manages access permissions.
Kerberos uses a database to keep a copy of all users' public keys.
Kerberos uses symmetric key cryptography.
Answer: C
Explanation
Kerberos is a trusted, credential-based, third-party authentication protocol that uses symmetric (secret) key
cryptography to provide robust authentication to clients accessing services on a network.
One weakness of Kerberos is its Key Distribution Center (KDC), which represents a single point of failure.
ISC - SSCPCerts Exam
8 of 14Pass with Valid Exam Questions Pool
The KDC contains a database that holds a copy of all of the symmetric/secret keys for the principals.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page40).
ISC - SSCPCerts Exam
9 of 14Pass with Valid Exam Questions Pool
A. 
B. 
C. 
D. 
Topic 2, Security Operation Adimnistration
Question #:7 - (Exam Topic 2)
When it comes to magnetic media sanitization, what difference can be made between clearing and purging
information?
Clearing completely erases the media whereas purging only removes file headers, allowing the recovery
of files.
Clearing renders information unrecoverable by a keyboard attack and purging renders information
unrecoverable against laboratory attack.
They both involve rewriting the media.
Clearing renders information unrecoverable against a laboratory attack and purging renders information
unrecoverable to a keyboard attack.
Answer: B
Explanation
The removal of information from a storage medium is called sanitization. Different kinds of sanitization
provide different levels of protection. A distinction can be made between clearing information (rendering it
unrecoverable by a keyboard attack) and purging (rendering it unrecoverable against laboratory attack).
There are three general methods of purging media: overwriting, degaussing, and destruction.
There should be continuous assurance that sensitive information is protected and not allowed to be placed in a
circumstance wherein a possible compromise can occur. There are two primary levels of threatthat the
protector of information must guard against: keyboard attack (information scavenging through system
software capabilities) and laboratory attack (information scavenging through laboratory means). Procedures
should be implemented to address these threats before the Automated Information System (AIS) is procured,
and the procedures should be continued throughout the life cycle of the AIS.
Reference(s) use for this question:
SWANSON, Marianne & GUTTMAN, Barbara, National Institute of Standards and Technology (NIST),
NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information
Technology Systems, September 1996 (page 26).
and
A guide to understanding Data Remanence in Automated Information Systems
Question #:8 - (Exam Topic 2)
ISC - SSCPCerts Exam
10 of 14Pass with Valid Exam Questions Pool
A. 
B. 
C. 
D. 
Within the context of the CBK, which of the following provides a MINIMUM level of security
ACCEPTABLE for an environment ?
A baseline
A standard
A procedure
A guideline
Answer: A
Explanation
Baselines provide the minimum level of security necessary throughout the organization.
Standards specify how hardware and software products should be used throughout the organization.
Procedures are detailed step-by-step instruction on how to achieve certain tasks.
Guidelines are recommendation actions and operational guides to personnel when a specific standard does not
apply.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter
3: Security Management Practices (page 94).
ISC - SSCPCerts Exam
11 of 14Pass with Valid Exam Questions Pool
A. 
B. 
C. 
D. 
A. 
B. 
C. 
D. 
Topic 6, Network and Telecommunications
Question #:9 - (Exam Topic 6)
Which of the following was designed to support multiple network types over the same serial link?
Ethernet
SLIP
PPP
PPTP
Answer: C
Explanation
The Point-to-Point Protocol (PPP) was designed to support multiple network types over the same serial link,
just as Ethernet supports multiple network types over the same LAN. PPP replaces the earlier Serial Line
Internet Protocol (SLIP) that only supports IP over a serial link. PPTP is a tunneling protocol.
Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 3: TCP/IP from
a Security Viewpoint.
Question #:10 - (Exam Topic 6)
The communications products and services, which ensure that the various components of a network (such as
devices, protocols, and access methods) work together refers to:
Netware Architecture.
Network Architecture.
WAN Architecture.
Multiprotocol Architecture.
Answer: B
Explanation
A Network Architecture refers to the communications products and services, which ensure that the various
components of a network (such as devices, protocols, and access methods) work together.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
ISC - SSCPCerts Exam
12 of 14Pass with Valid Exam Questions Pool
Computer Security, 2001, John Wiley & Sons, Page 101.
ISC - SSCPCerts Exam
13 of 14Pass with Valid Exam Questions Pool
Topic 5, Cryptography
ISC - SSCPCerts Exam
14 of 14Pass with Valid Exam Questions Pool
Topic 3, Analysis and Monitoring
About certsout.com
certsout.com was founded in 2007. We provide latest & high quality IT / Business Certification Training Exam
Questions, Study Guides, Practice Tests.
We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. Especially
Cisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.
View list of all certification exams: All vendors
 
 
 
We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses listed
below.
Sales: sales@certsout.com
Feedback: feedback@certsout.com
Support: support@certsout.com
Any problems about IT certification or our products, You can write us back and we will get back to you within 24
hours.
https://www.certsout.com
https://www.certsout.com/vendors.html
https://www.certsout.com/Apple-Practice-Test.html
https://www.certsout.com/Cisco-Practice-Test.html
https://www.certsout.com/Citrix-Practice-Test.html
https://www.certsout.com/CompTIA-Practice-Test.html
https://www.certsout.com/EMC-Practice-Test.html
https://www.certsout.com/ISC-Practice-Test.html
https://www.certsout.com/IBM-Practice-Test.html
https://www.certsout.com/Juniper-Practice-Test.html
https://www.certsout.com/Microsoft-Practice-Test.html
https://www.certsout.com/Oracle-Practice-Test.html
https://www.certsout.com/Symantec-Practice-Test.html
https://www.certsout.com/VMware-Practice-Test.html