Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISC
  3. SSCP

ISC SSCP System Security Certified Practitioner (SSCP) SSCP Exam Questions in PDF

Free ISC SSCP Dumps Questions (page: 31)

SSCP PDF — 1081 Questions

Which of the following access control models requires security clearance for subjects?

  1. Identity-based access control
  2. Role-based access control
  3. Discretionary access control
  4. Mandatory access control

Answer(s): D

Explanation:

With mandatory access control (MAC), the authorization of a subject's access to an object is dependant upon labels, which indicate the subject's clearance. Identity-based access control is a type of discretionary access control. A role-based access control is a type of non- discretionary access control.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 33).



Which of the following access control models requires defining classification for objects?

  1. Role-based access control
  2. Discretionary access control
  3. Identity-based access control
  4. Mandatory access control

Answer(s): D

Explanation:

With mandatory access control (MAC), the authorization of a subject's access to an object is dependant upon labels, which indicate the subject's clearance, and classification of objects.
The Following answers were incorrect:
Identity-based Access Control is a type of Discretionary Access Control (DAC), they are synonymous.
Role Based Access Control (RBAC) and Rule Based Access Control (RuBAC or RBAC) are types of Non Discretionary Access Control (NDAC).
Tip:
When you have two answers that are synonymous they are not the right choice for sure.
There is only one access control model that makes use of Label, Clearances, and Categories, it is Mandatory Access Control, none of the other one makes use of those items.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 33).



In the context of access control, locks, gates, guards are examples of which of the following?

  1. Administrative controls
  2. Technical controls
  3. Physical controls
  4. Logical controls

Answer(s): C

Explanation:

Administrative, technical and physical controls are categories of access control mechanisms.
Logical and Technical controls are synonymous. So both of them could be eliminated as possible choices.
Physical Controls: These are controls to protect the organization's people and physical environment, such as locks, gates, and guards. Physical controls may be called "operational controls" in some contexts.
Physical security covers a broad spectrum of controls to protect the physical assets (primarily the people) in an organization. Physical Controls are sometimes referred to as "operational" controls in some risk management frameworks. These controls range from doors, locks, and windows to environment controls, construction standards, and guards. Typically, physical security is based on the notion of establishing security zones or concentric areas within a facility that require increased security as you get closer to the valuable assets inside the facility. Security zones are the physical representation of the defense-in-depth principle discussed earlier in this chapter. Typically, security zones are associated with rooms, offices, floors, or smaller elements, such as a cabinet or storage locker. The design of the physical security controls within the facility must take into account the protection of the asset as well as the individuals working in that area.


Reference:

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1301-1303). Auerbach Publications. Kindle Edition.
and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1312-1318). Auerbach Publications. Kindle Edition.



Which of the following statements pertaining to using Kerberos without any extension is false?

  1. A client can be impersonated by password-guessing.
  2. Kerberos is mostly a third-party authentication protocol.
  3. Kerberos uses public key cryptography.
  4. Kerberos provides robust authentication.

Answer(s): C

Explanation:

Kerberos is a trusted, credential-based, third-party authentication protocol that uses symmetric (secret) key cryptography to provide robust authentication to clients accessing services on a network.
Because a client's password is used in the initiation of the Kerberos request for the service protocol, password guessing can be used to impersonate a client.
Here is a nice overview of HOW Kerberos is implement as described in RFC 4556:
1. Introduction
The Kerberos V5 protocol [RFC4120] involves use of a trusted third party known as the Key Distribution Center (KDC) to negotiate shared session keys between clients and services and provide mutual authentication between them.
The corner-stones of Kerberos V5 are the Ticket and the Authenticator. A Ticket encapsulates a symmetric key (the ticket session key) in an envelope (a public message) intended for a specific service. The contents of the Ticket are encrypted with a symmetric key shared between the service principal and the issuing KDC. The encrypted part of the Ticket contains the client principal name, among other items. An Authenticator is a record that can be shown to have been recently generated using the ticket session key in the associated Ticket. The ticket session key is known by the client
who requested the ticket. The contents of the Authenticator are encrypted with the associated ticket session key. The encrypted part of an Authenticator contains a timestamp and the client principal name, among other items.
As shown in Figure 1, below, the Kerberos V5 protocol consists of the following message exchanges between the client and the KDC, and the client and the application service:
The Authentication Service (AS) Exchange
The client obtains an "initial" ticket from the Kerberos authentication server (AS), typically a Ticket Granting Ticket (TGT). The AS-REQ message and the AS-REP message are the request and the reply message, respectively, between the client and the AS.
The Ticket Granting Service (TGS) Exchange
The client subsequently uses the TGT to authenticate and request a service ticket for a particular service, from the Kerberos ticket-granting server (TGS). The TGS-REQ message and the TGS-REP message are the request and the reply message respectively between the client and the TGS.
The Client/Server Authentication Protocol (AP) Exchange
The client then makes a request with an AP-REQ message, consisting of a service ticket and an authenticator that certifies the client's possession of the ticket session key. The server may optionally reply with an AP-REP message. AP exchanges typically negotiate session-specific symmetric keys.
Usually, the AS and TGS are integrated in a single device also known as the KDC.
+--------------+
+--------->| KDC |
AS-REQ / +-------| |
/ / +--------------+
/ / ^ |
/ |AS-REP / |
| | / TGS-REQ + TGS-REP
| | / /
| | / /
| | / +---------+
| | / /
| | / /
| | / /
| v / v
++-------+------+ +-----------------+
| Client +------------>| Application |
| | AP-REQ | Server |
| |<------------| |
+---------------+ AP-REP +-----------------+
Figure 1: The Message Exchanges in the Kerberos V5 Protocol
In the AS exchange, the KDC reply contains the ticket session key, among other items, that is encrypted using a key (the AS reply key) shared between the client and the KDC. The AS reply key is typically derived from the client's password for human users. Therefore, for human users, the attack resistance strength of the Kerberos protocol is no stronger than the strength of their passwords.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 40).
And
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter
4: Access Control (pages 147-151).
and
http://www.ietf.org/rfc/rfc4556.txt



Which of the following statements pertaining to Kerberos is false?

  1. The Key Distribution Center represents a single point of failure.
  2. Kerberos manages access permissions.
  3. Kerberos uses a database to keep a copy of all users' public keys.
  4. Kerberos uses symmetric key cryptography.

Answer(s): C

Explanation:

Kerberos is a trusted, credential-based, third-party authentication protocol that uses symmetric (secret) key cryptography to provide robust authentication to clients accessing services on a network.
One weakness of Kerberos is its Key Distribution Center (KDC), which represents a single point of failure.
The KDC contains a database that holds a copy of all of the symmetric/secret keys for the principals.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page40).



Viewing page 31 of 216

Share your comments for ISC SSCP exam with other users:

B
bot
7/26/2023 6:45:00 PM

more comments here

UNITED STATES
K
Kaleemullah
12/31/2023 1:35:00 AM

great support to appear for exams

Anonymous
B
Bsmaind
8/20/2023 9:26:00 AM

useful dumps

Anonymous
B
Blessious Phiri
8/13/2023 8:37:00 AM

making progress

Anonymous
N
Nabla
9/17/2023 10:20:00 AM

q31 answer should be d i think

FRANCE
V
vladputin
7/20/2023 5:00:00 AM

is this real?

UNITED STATES
N
Nick W
9/29/2023 7:32:00 AM

q10: c and f are also true. q11: this is outdated. you no longer need ownership on a pipe to operate it

Anonymous
N
Naveed
8/28/2023 2:48:00 AM

good questions with simple explanation

UNITED STATES
C
cert
9/24/2023 4:53:00 PM

admin guide (windows) respond to malicious causality chains. when the cortex xdr agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the ip address to close all existing communication and block new connections from this ip address to the endpoint. when cortex xdrblocks an ip address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. you can view the list of all blocked ip addresses per endpoint from the action center, as well as unblock them to re-enable communication as appropriate. this module is supported with cortex xdr agent 7.3.0 and later. select the action mode to take when the cortex xdr agent detects remote malicious causality chains: enabled (default)—terminate connection and block ip address of the remote connection. disabled—do not block remote ip addresses. to allow specific and known s

Anonymous
Y
Yves
8/29/2023 8:46:00 PM

very inciting

Anonymous
M
Miguel
10/16/2023 11:18:00 AM

question 5, it seems a instead of d, because: - care plan = case - patient = person account - product = product2;

SPAIN
B
Byset
9/25/2023 12:49:00 AM

it look like real one

Anonymous
D
Debabrata Das
8/28/2023 8:42:00 AM

i am taking oracle fcc certification test next two days, pls share question dumps

Anonymous
N
nITA KALE
8/22/2023 1:57:00 AM

i need dumps

Anonymous
C
CV
9/9/2023 1:54:00 PM

its time to comptia sec+

GREECE
S
SkepticReader
8/1/2023 8:51:00 AM

question 35 has an answer for a different question. i believe the answer is "a" because it shut off the firewall. "0" in registry data means that its false (aka off).

UNITED STATES
N
Nabin
10/16/2023 4:58:00 AM

helpful content

MALAYSIA
B
Blessious Phiri
8/15/2023 3:19:00 PM

oracle 19c is complex db

Anonymous
S
Sreenivas
10/24/2023 12:59:00 AM

helpful for practice

Anonymous
L
Liz
9/11/2022 11:27:00 PM

support team is fast and deeply knowledgeable. i appreciate that a lot.

UNITED STATES
N
Namrata
7/15/2023 2:22:00 AM

helpful questions

Anonymous
L
lipsa
11/8/2023 12:54:00 PM

thanks for question

Anonymous
E
Eli
6/18/2023 11:27:00 PM

the software is provided for free so this is a big change. all other sites are charging for that. also that fucking examtopic site that says free is not free at all. you are hit with a pay-wall.

EUROPEAN UNION
O
open2exam
10/29/2023 1:14:00 PM

i need exam questions nca 6.5 any help please ?

Anonymous
G
Gerald
9/11/2023 12:22:00 PM

just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam

UNITED STATES
R
ryo
9/10/2023 2:27:00 PM

very helpful

MEXICO
J
Jamshed
6/20/2023 4:32:00 AM

i need this exam

PAKISTAN
R
Roberto Capra
6/14/2023 12:04:00 PM

nice questions... are these questions the same of the exam?

Anonymous
S
Synt
5/23/2023 9:33:00 PM

need to view

UNITED STATES
V
Vey
5/27/2023 12:06:00 AM

highly appreciate for your sharing.

CAMBODIA
T
Tshepang
8/18/2023 4:41:00 AM

kindly share this dump. thank you

Anonymous
J
Jay
9/26/2023 8:00:00 AM

link plz for download

UNITED STATES
L
Leo
10/30/2023 1:11:00 PM

data quality oecd

Anonymous
B
Blessious Phiri
8/13/2023 9:35:00 AM

rman is one good recovery technology

Anonymous
AI Tutor 👋 I’m here to help!