SSCP ISC2 Exam Questions and Free Practice Test

Question 43

- (Topic 4)
Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true?

A. Personnel turnover

B. Large plans can take a lot of work to maintain

C. Continous auditing makes a Disaster Recovery plan irrelevant

D. Infrastructure and environment changes

Correct Answer:C
Although a auditing is a part of corporate security, it in no way supercedes the requirments for a disaster recovery plan. All others can be blamed for a plan going out of date.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 9: Disaster Recovery and Business continuity (page 609).

Question 44

- (Topic 1)
What is Kerberos?

A. A three-headed dog from the egyptian mythology.

B. A trusted third-party authentication protocol.

C. A security model.

D. A remote authentication dial in user server.

Correct Answer:B
Is correct because that is exactly what Kerberos is. The following answers are incorrect:
A three-headed dog from Egyptian mythology. Is incorrect because we are dealing with Information Security and not the Egyptian mythology but the Greek Mythology.
A security model. Is incorrect because Kerberos is an authentication protocol and not just a security model.
A remote authentication dial in user server. Is incorrect because Kerberos is not a remote authentication dial in user server that would be called RADIUS.

Question 45

- (Topic 4)
A momentary low voltage, from 1 cycle to a few seconds, is a:

A. spike

B. blackout

C. sag

D. fault

Correct Answer:C
A momentary low voltage is a sag. A synonym would be a dip. Risks to electrical power supply:
POWER FAILURE
Blackout: complete loss of electrical power Fault: momentary power outage
POWER DEGRADATION
Brownout: an intentional reduction of voltage by the power company. Sag/dip: a short period of low voltage
POWER EXCESS
Surge: Prolonged rise in voltage Spike: Momentary High Voltage
In-rush current: the initial surge of current required by a load before it reaches normal operation.
?C Transient: line noise or disturbance is superimposed on the supply circuit and can cause fluctuations in electrical power
Refence(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 462). McGraw-
Hill. Kindle Edition.

Question 46

- (Topic 6)
Which of the following best defines source routing?

A. The packets hold the forwarding information so they don't need to let bridges and routers decide what is the best route or way to get to the destination.

B. The packets hold source information in a fashion that source address cannot be forged.

C. The packets are encapsulated to conceal source information.

D. The packets hold information about redundant paths in order to provide a higher reliability.

Correct Answer:A
With source routing, the packets hold the forwarding information so that they can find their way to the destination themselves without bridges and routers dictating their paths.
In computer networking, source routing allows a sender of a packet to specify the route the packet takes through the network.
With source routing the entire path to the destination is known to the sender and is included when sending data. Source routing differs from most other routing in that the source makes most or all of the routing decisions for each router along the way.
Source:
WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#2 Telecommunications and Network Security (page 5)
Wikipedia at http://en.wikipedia.org/wiki/Dynamic_Source_Routing

Question 47

- (Topic 2)
Which of the following statements pertaining to the security kernel is incorrect?

A. The security kernel is made up of mechanisms that fall under the TCB and implements and enforces the reference monitor concept.

B. The security kernel must provide isolation for the processes carrying out the reference monitor concept and they must be tamperproof.

C. The security kernel must be small enough to be able to be tested and verified in a complete and comprehensive manner.

D. The security kernel is an access control concept, not an actual physical component.

Correct Answer:D
The reference monitor, not the security kernel is an access control concept.
The security kernel is made up of software, and firmware components that fall within the TCB and implements and enforces the reference monitor concept. The security kernel mediates all access and functions between subjects and objects. The security kernel is the core of the TCB and is the most commonly used approach to building trusted computing systems.
There are three main requirements of the security kernel:
• It must provide isolation for the processes carrying out the reference monitor concept, and the processes must be tamperproof.
• It must be invoked for every access attempt and must be impossible to circumvent. Thus, the security kernel must be implemented in a complete and foolproof way.
• It must be small enough to be able to be tested and verified in a complete and comprehensive manner.
The following answers are incorrect:
The security kernel is made up of mechanisms that fall under the TCB and implements and enforces the reference monitor concept. Is incorrect because this is the definition of the security kernel.
The security kernel must provide isolation for the processes carrying out the reference monitor concept and they must be tamperproof. Is incorrect because this is one of the three requirements that make up the security kernel.
The security kernel must be small enough to be able to be tested and verified in a complete and comprehensive manner. Is incorrect because this is one of the three requirements that make up the security kernel.

Question 48

- (Topic 1)
What does the Clark-Wilson security model focus on?

A. Confidentiality

B. Integrity

C. Accountability

D. Availability

Correct Answer:B
The Clark-Wilson model addresses integrity. It incorporates mechanisms to enforce internal and external consistency, a separation of duty, and a mandatory integrity policy.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architectures and Models (page 205).

START SSCP EXAM