SSCP Online Practice Questions and Answers

Correct Answer: A

Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 342.

Correct Answer: C

Kerberos is a trusted, credential-based, third-party authentication protocol that uses symmetric (secret) key cryptography to provide robust authentication to clients accessing services on a network.

Because a client's password is used in the initiation of the Kerberos request for the service protocol, password guessing can be used to impersonate a client.

Here is a nice overview of HOW Kerberos is implement as described in RFC 4556:

1. Introduction The Kerberos V5 protocol [RFC4120] involves use of a trusted third party known as the Key Distribution Center (KDC) to negotiate shared session keys between clients and services and provide mutual authentication between them. The corner-stones of Kerberos V5 are the Ticket and the Authenticator. A Ticket encapsulates a symmetric key (the ticket session key) in an envelope (a public message) intended for a specific service. The contents of the Ticket are encrypted with a symmetric key shared between the service principal and the issuing KDC. The encrypted part of the Ticket contains the client principal name, among other items. An Authenticator is a record that can be shown to have been recently generated using the ticket session key in the associated Ticket. The ticket session key is known by the client who requested the ticket. The contents of the Authenticator are encrypted with the associated ticket session key. The encrypted part of an Authenticator contains a timestamp and the client principal name, among other items.

As shown in Figure 1, below, the Kerberos V5 protocol consists of the following message exchanges between the client and the KDC, and the

client and the application service:

The Authentication Service (AS) Exchange

The client obtains an "initial" ticket from the Kerberos

authentication server (AS), typically a Ticket Granting Ticket

(TGT). The AS-REQ message and the AS-REP message are the request

and the reply message, respectively, between the client and the

AS.

The Ticket Granting Service (TGS) Exchange

The client subsequently uses the TGT to authenticate and request a

service ticket for a particular service, from the Kerberos

ticket-granting server (TGS). The TGS-REQ message and the TGS-REP

message are the request and the reply message respectively between

the client and the TGS.

The Client/Server Authentication Protocol (AP) Exchange

The client then makes a request with an AP-REQ message, consisting

of a service ticket and an authenticator that certifies the

client's possession of the ticket session key. The server may

optionally reply with an AP-REP message. AP exchanges typically

negotiate session-specific symmetric keys.

Usually, the AS and TGS are integrated in a single device also known

as the KDC.

+--------------+

+--------->| KDC |

AS-REQ / +-------| |

/ / +--------------+

/ / ^ |

/ |AS-REP / |

| | / TGS-REQ + TGS-REP

| | / /

| | / /

| | / +---------+

| | / /

| | / /

| | / /

| v / v

++-------+------+ +-----------------+

| Client +------------>| Application |

| | AP-REQ | Server |

| |<------------| |

+---------------+ AP-REP +-----------------+

Figure 1: The Message Exchanges in the Kerberos V5 Protocol

In the AS exchange, the KDC reply contains the ticket session key,

among other items, that is encrypted using a key (the AS reply key)

shared between the client and the KDC. The AS reply key is typically derived from the client's password for

human users. Therefore, for

human users, the attack resistance strength of the Kerberos protocol

is no stronger than the strength of their passwords.

Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of

Computer Security, John Wiley and Sons, 2001, Chapter 2: Access control systems (page 40).

And

HARRIS, Shon, All-In-One CISSP Certification uide, McGraw-Hill/Osborne, 2002, chapter 4:

Access Control (pages 147-151).

and

http://www.ietf.org/rfc/rfc4556.txt

Correct Answer: B

The bottom-up approach to software testing begins with the testing of atomic units, such as programs and modules, and work upwards until a complete system testing has taken place. The advantages of using a bottom-up approach to software testing are the fact that there is no need for stubs or drivers and errors in critical modules are found earlier. The other choices refer to advantages of a top down approach which follows the opposite path. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 299).

Correct Answer: D

The Operations Security domain is concerned with triples - threats, vulnerabilities and assets.

Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 216.

Correct Answer: C

The keyword within the question is: preliminary

This means that you are starting your effort, you cannot audit if your infrastructure is not even in place.

Reference used for this question:

TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

Correct Answer: A

If an employee is suspected of causing an incident, the human resources department may be involved--for example, in assisting with disciplinary proceedings. Legal Department. The legal experts should review incident response plans, policies, and procedures to ensure their compliance with law and Federal guidance, including the right to privacy. In addition, the guidance of the general counsel or legal department should be sought if there is reason to believe that an incident may have legal ramifications, including evidence collection, prosecution of a suspect, or a lawsuit, or if there may be a need for a memorandum of understanding (MOU) or other binding agreements involving liability limitations for information sharing.

Public Affairs, Public Relations, and Media Relations. Depending on the nature and impact of an incident, a need may exist to inform the media and, by extension, the public.

The Incident response team members could include:

Management

Information Security

Legal / Human Resources

Public Relations Communications

Physical Security Network Security Network and System Administrators Network and System Security Administrators Internal Audit Events versus Incidents An event is any observable occurrence in a system or network. Events include a user connecting to a file

share, a server receiving a request for a web page, a user sending email, and a firewall blocking a connection attempt. Adverse events are events with a negative consequence, such as system crashes, packet floods, unauthorized use of system privileges, unauthorized access to sensitive data, and execution of malware that destroys data. This guide addresses only adverse events that are computer security-related, not those caused by natural disasters, power failures, etc.

A computer security incident is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.

Examples of incidents are:

An attacker commands a botnet to send high volumes of connection requests to a web server, causing it to

crash.

Users are tricked into opening a "quarterly report" sent via email that is actually malware; running the tool

has infected their computers and established connections with an external host.

An attacker obtains sensitive data and threatens that the details will be released publicly if the organization

does not pay a designated sum of money.

A user provides or exposes sensitive information to others through peer-to-peer file sharing services.

The following answers are incorrect:

Industrial Security. Is incorrect because it is not the best answer, the human resource department must be

involved with the collection of physical evidence if an employee is suspected.

public relations. Is incorrect because it is not the best answer. It would be an important element to

minimize public image damage but not the best choice for this question. External Audit Group. Is incorrect

because it is not the best answer, the human resource department must be involved with the collection of

physical evidence if an employee is suspected.

Reference(s) used for this question:

NIST Special Publication 800-61

Correct Answer: D

L2F (Layer 2 Forwarding) provides no authentication or encryption. It is a Protocol that supports the

creation of secure virtual private dial-up networks over the Internet.

At one point L2F was merged with PPTP to produce L2TP to be used on networks and not only on dial up

links.

IPSec is now considered the best VPN solution for IP environments.

Source: HARRIS, Shon, All-In-One CISSP Certification uide, McGraw-Hill/Osborne, 2002, Chapter

8: Cryptography (page 507).

Correct Answer: D

IEEE 802.3 specifies the standard for Ethernet and uses CSMA/CD, not token-passing.

Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 3: Telecommunications and Network Security (page 104).

Correct Answer: A

High-rate Digital Subscriber Line (HDSL) delivers 1.544 Mbps of bandwidth each way over two copper twisted pairs. SDSL also delivers 1.544 Mbps but over a single copper twisted pair. ADSL and VDSL offer a higher bandwidth downstream than upstream.

Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 3: Telecommunications and Network Security (page 115).

Correct Answer: D

AH provides integrity, authentication, and non-repudiation. AH does not provide encryption which means

that NO confidentiality is in place if only AH is being used. You must make use of the Encasulating Security

Payload if you wish to get confidentiality. IPSec uses two basic security protocols: Authentication Header

(AH) and Encapsulation Security Payload.

AH is the authenticating protocol and the ESP is the authenticating and encrypting protocol that uses

cryptographic mechanisms to provide source authentication, confidentiality and message integrity.

The modes of IPSEC, the protocols that have to be used are all negotiated using Security Association.

Security Associations (SAs) can be combined into bundles to provide authentication, confidentialility and

layered communication.

Source:

TIPTON, Harold F. and KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume

2, 2001, CRC Press, NY, page 164.

also see:

Shon Harris, CISSP All In One uide, 5th Edition, Page 758