SSCP ISC2 Exam Questions and Free Practice Test

Question 121

- (Topic 6)
What is called an attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets?

A. SYN Flood attack

B. Smurf attack

C. Ping of Death attack

D. Denial of Service (DOS) attack

Correct Answer:B
Although it may cause a denial of service to the victim's system, this type of attack is a Smurf attack. A SYN Flood attack uses up all of a system's resources by setting up a number of bogus communication sockets on the victim's system. A Ping of Death attack is done by sending IP packets that exceed the maximum legal length (65535 octets). Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 11: Application and System Development (page 789).

Question 122

- (Topic 6)
A DMZ is also known as a

A. screened subnet

B. three legged firewall

C. a place to attract hackers

D. bastion host

Correct Answer:A
This is another name for the demilitarized zone (DMZ) of a network.
"Three legged firewall" is incorrect. While a DMZ can be implemented on one leg of such a device, this is not the best answer.
"A place to attract hackers" is incorrect. The DMZ is a way to provide limited public access to an organization's internal resources (DNS, EMAIL, public web, etc) not as an attractant for hackers.
"Bastion host" is incorrect. A bastion host serves as a gateway between trusted and untrusted network.
References: CBK, p. 434
AIO3, pp. 495 - 496

Question 123

- (Topic 1)
How would nonrepudiation be best classified as?

A. A preventive control

B. A logical control

C. A corrective control

D. A compensating control

Correct Answer:A
Systems accountability depends on the ability to ensure that senders cannot deny sending information and that receivers cannot deny receiving it. Because the mechanisms implemented in nonrepudiation prevent the ability to successfully repudiate an action, it can be considered as a preventive control.
Source: STONEBURNER, Gary, NIST Special Publication 800-33: Underlying Technical Models for Information Technology Security, National Institute of Standards and Technology, December 2001, page 7.

Question 124

- (Topic 6)
SMTP can best be described as:

A. a host-to-host email protocol.

B. an email retrieval protocol.

C. a web-based e-mail reading protocol.

D. a standard defining the format of e-mail messages.

Correct Answer:A
Simple Mail Transfer Protocol (SMTP) is a host-to-host email protocol. An SMTP server accepts email messages from other systems and stores them for the addressees. Stored email can be read in various ways. Users with interactive accounts on the email server machine can read the email using local email applications. Users on other systems can download their email via email clients using POP or IMAP email retrieval protocols. Sometimes mail can also be read through a web-based interface (using HTTP or HTTPS). MIME is a standard defining the format of e-mail messages, as stated in RFC2045.
Source: GUTTMAN, Barbara & BAGWILL, Robert, NIST Special Publication 800-xx, Internet Security Policy: A Technical Guide, Draft Version, May 25, 2000 (pages 91-92).

Question 125

- (Topic 5)
The Diffie-Hellman algorithm is used for:

A. Encryption

B. Digital signature

C. Key agreement

D. Non-repudiation

Correct Answer:C
The Diffie-Hellman algorithm is used for Key agreement (key distribution) and cannot be used to encrypt and decrypt messages.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 4).
Note: key agreement, is different from key exchange, the functionality used by the other asymmetric algorithms.
References:
AIO, third edition Cryptography (Page 632) AIO, fourth edition Cryptography (Page 709)

Question 126

- (Topic 5)
The DES algorithm is an example of what type of cryptography?

A. Secret Key

B. Two-key

C. Asymmetric Key

D. Public Key

Correct Answer:A
DES is also known as a Symmetric Key or Secret Key algorithm.
DES is a Symmetric Key algorithm, meaning the same key is used for encryption and decryption.
For the exam remember that:
DES key Sequence is 8 Bytes or 64 bits (8 x 8 = 64 bits)
DES has an Effective key length of only 56 Bits. 8 of the Bits are used for parity purpose only.
DES has a total key length of 64 Bits. The following answers are incorrect:
Two-key This is incorrect because DES uses the same key for encryption and decryption.
Asymmetric Key This is incorrect because DES is a Symmetric Key algorithm using the same key for encryption and decryption and an Asymmetric Key algorithm uses both a Public Key and a Private Key.
Public Key. This is incorrect because Public Key or algorithm Asymmetric Key does not use the same key is used for encryption and decryption.
References used for this question: http://en.wikipedia.org/wiki/Data_Encryption_Standard

START SSCP EXAM