SSCP Free Practice Test

- (Topic 3)
Which of the following would assist the most in Host Based intrusion detection?

1. A. audit trails.
2. B. access control lists.
3. C. security clearances
4. D. host-based authentication

Correct Answer: A
To assist in Intrusion Detection you would review audit logs for access violations.
The following answers are incorrect:
access control lists. This is incorrect because access control lists determine who has access to what but do not detect intrusions.
security clearances. This is incorrect because security clearances determine who has access to what but do not detect intrusions.
host-based authentication. This is incorrect because host-based authentication determine who have been authenticated to the system but do not dectect intrusions.

- (Topic 5)
Cryptography does NOT help in:

1. A. Detecting fraudulent insertion.
2. B. Detecting fraudulent deletion.
3. C. Detecting fraudulent modification.
4. D. Detecting fraudulent disclosure.

Correct Answer: D
Cryptography is a detective control in the fact that it allows the detection of fraudulent insertion, deletion or modification. It also is a preventive control is the fact that it prevents disclosure, but it usually does not offers any means of detecting disclosure.
Source: DUPUIS, Clement, CISSP Open Study Guide on domain 5, cryptography, April 1999.

- (Topic 5)
Which of the following is more suitable for a hardware implementation?

1. A. Stream ciphers
2. B. Block ciphers
3. C. Cipher block chaining
4. D. Electronic code book

Correct Answer: A
A stream cipher treats the message as a stream of bits or bytes and performs mathematical functions on them individually. The key is a random value input into the stream cipher, which it uses to ensure the randomness of the keystream data. They are more suitable for hardware implementations, because they encrypt and decrypt one bit at a
time. They are intensive because each bit must be manipulated, which works better at the silicon level. Block ciphers operate a the block level, dividing the message into blocks of bits. Cipher Block chaining (CBC) and Electronic Code Book (ECB) are operation modes of DES, a block encryption algorithm.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 2).

- (Topic 6)
Which of the following statements pertaining to packet filtering is incorrect?

1. A. It is based on ACLs.
2. B. It is not application dependant.
3. C. It operates at the network layer.
4. D. It keeps track of the state of a connection.

Correct Answer: D
Packet filtering is used in the first generation of firewalls and does not keep track of the state of a connection. Stateful packet filtering does.
Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#2 Telecommunications and Network Security (page 6)

- (Topic 1)
Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data?

1. A. Limiting the local access of operations personnel
2. B. Job rotation of operations personnel
3. C. Management monitoring of audit logs
4. D. Enforcing regular password changes

Correct Answer: A
The questions specifically said: "within a different function" which eliminate Job Rotation as a choice.
Management monitoring of audit logs is a detective control and it would not prevent collusion.
Changing passwords regularly would not prevent such attack.
This question validates if you understand the concept of separation of duties and least privilege. By having operators that have only the minimum access level they need and only what they need to do their duties within a company, the operations personnel would be force to use collusion to defeat those security mechanism.
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.