Free SSCP Exam Braindumps

- (Topic 2)
Buffer overflow and boundary condition errors are subsets of which of the following?

1. A. Race condition errors.
2. B. Access validation errors.
3. C. Exceptional condition handling errors.
4. D. Input validation errors.

Correct Answer: D
In an input validation error, the input received by a system is not properly checked, resulting in a vulnerability that can be exploited by sending a certain input sequence. There are two important types of input validation errors: buffer overflows (input received is longer than expected input length) and boundary condition error (where an input
received causes the system to exceed an assumed boundary). A race condition occurs when there is a delay between the time when a system checks to see if an operation is allowed by the security model and the time when the system actually performs the operation. In an access validation error, the system is vulnerable because the access control mechanism is faulty. In an exceptional condition handling error, the system somehow becomes vulnerable due to an exceptional condition that has arisen.
Source: DUPUIS, Clement, Access Control Systems and Methodology CISSP Open Study Guide, version 1.0, march 2002 (page 105).

- (Topic 4)
Which of the following will a Business Impact Analysis NOT identify?

1. A. Areas that would suffer the greatest financial or operational loss in the event of a disaster.
2. B. Systems critical to the survival of the enterprise.
3. C. The names of individuals to be contacted during a disaster.
4. D. The outage time that can be tolerated by the enterprise as a result of a disaster.

Correct Answer: C
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

- (Topic 2)
Which of the following rules is least likely to support the concept of least privilege?

1. A. The number of administrative accounts should be kept to a minimum.
2. B. Administrators should use regular accounts when performing routine operations like reading mail.
3. C. Permissions on tools that are likely to be used by hackers should be as restrictive as possible.
4. D. Only data to and from critical systems and applications should be allowed through the firewall.

Correct Answer: D
Only data to and from critical systems and applications should be allowed through the firewall is a detractor. Critical systems or applications do not necessarily need to have traffic go through a firewall. Even if they did, only the minimum required services should be allowed. Systems that are not deemed critical may also need to have traffic go through the firewall.
Least privilege is a basic tenet of computer security that means users should be given only those rights required to do their jobs or tasks. Least privilege is ensuring that you have the minimum privileges necessary to do a task. An admin NOT using his admin account to check email is a clear example of this.
Reference(s) used for this question:
National Security Agency, Systems and Network Attack Center (SNAC), The 60 Minute Network Security Guide, February 2002, page 9.

- (Topic 1)
Which of the following Kerberos components holds all users' and services' cryptographic keys?

1. A. The Key Distribution Service
2. B. The Authentication Service
3. C. The Key Distribution Center
4. D. The Key Granting Service

Correct Answer: C
The Key Distribution Center (KDC) holds all users' and services' cryptographic keys. It provides authentication services, as well as key distribution functionality. The Authentication Service is the part of the KDC that authenticates a principal. The Key Distribution Service and Key Granting Service are distracters and are not defined Kerberos components.
Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#1 Access Control System & Methodology (page 3)

- (Topic 4)
In order to be able to successfully prosecute an intruder:

1. A. A point of contact should be designated to be responsible for communicating with law enforcement and other external agencies.
2. B. A proper chain of custody of evidence has to be preserved.
3. C. Collection of evidence has to be done following predefined procedures.
4. D. Whenever possible, analyze a replica of the compromised resource, not the original, thereby avoiding inadvertently tamping with evidence.

Correct Answer: B
If you intend on prosecuting an intruder, evidence has to be collected in a lawful manner and, most importantly, protected through a secure chain-of-custody procedure that tracks who has been involved in handling the evidence and where it has been stored. All other choices are all important points, but not the best answer, since no prosecution is possible without a proper, provable chain of custody of evidence. Source: ALLEN, Julia H., The CERT Guide to System and Network Security Practices, Addison-Wesley, 2001, Chapter 7: Responding to Intrusions (pages 282-285).