Free SSCP Exam Braindumps

- (Topic 6)
Application Layer Firewalls operate at the:

1. A. OSI protocol Layer seven, the Application Layer.
2. B. OSI protocol Layer six, the Presentation Layer.
3. C. OSI protocol Layer five, the Session Layer.
4. D. OSI protocol Layer four, the Transport Layer.

Correct Answer: A
Since the application layer firewall makes decisions based on application- layer information in the packet, it operates at the application layer of the OSI stack.
"OSI protocol layer 6, the presentation layer" is incorrect. The application layer firewall must have access to the application layer information in the packet and therefore operates at the application layer.
"OSI protocol layer 5, the session layer" is incorrect. The application layer firewall must have access to the application layer information in the packet and therefore operates at the application layer.
"OSI protocol layer 4, the transport layer" is incorrect. The application layer firewall must have access to the application layer information in the packet and therefore operates at the application layer.
References: CBK, p. 467
AIO3, pp.488 - 490

- (Topic 1)
Which access control model was proposed for enforcing access control in government and military applications?

1. A. Bell-LaPadula model
2. B. Biba model
3. C. Sutherland model
4. D. Brewer-Nash model

Correct Answer: A
The Bell-LaPadula model, mostly concerned with confidentiality, was proposed for enforcing access control in government and military applications. It supports mandatory access control by determining the access rights from the security levels associated with subjects and objects. It also supports discretionary access control by checking access rights from an access matrix. The Biba model, introduced in 1977, the Sutherland model, published in 1986, and the Brewer-Nash model, published in 1989, are concerned with integrity.
Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology (page 11).

- (Topic 6)
The communications products and services, which ensure that the various components of a network (such as devices, protocols, and access methods) work together refers to:

1. A. Netware Architecture.
2. B. Network Architecture.
3. C. WAN Architecture.
4. D. Multiprotocol Architecture.

Correct Answer: B
A Network Architecture refers to the communications products and services, which ensure that the various components of a network (such as devices, protocols, and access methods) work together.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 101.

- (Topic 1)
What would be the name of a Logical or Virtual Table dynamically generated to restrict the information a user can access in a database?

1. A. Database Management system
2. B. Database views
3. C. Database security
4. D. Database shadowing

Correct Answer: B
The Answer Database views; Database views are mechanisms that restrict access to the information that a user can access in a database.Source: KRUTZ, Ronald L.
& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 35.
Wikipedia has a detailed explantion as well:
In database theory, a view is a virtual or logical table composed of the result set of a query. Unlike ordinary tables (base tables) in a relational database, a view is not part of the physical schema: it is a dynamic, virtual table computed or collated from data in the database. Changing the data in a table alters the data shown in the view.
Views can provide advantages over tables; They can subset the data contained in a table
They can join and simplify multiple tables into a single virtual table
Views can act as aggregated tables, where aggregated data (sum, average etc.) are calculated and presented as part of the data
Views can hide the complexity of data, for example a view could appear as Sales2000 or Sales2001, transparently partitioning the actual underlying table
Views do not incur any extra storage overhead
Depending on the SQL engine used, views can provide extra security.
Limit the exposure to which a table or tables are exposed to outer world
Just like functions (in programming) provide abstraction, views can be used to create abstraction. Also, just like functions, views can be nested, thus one view can aggregate data from other views. Without the use of views it would be much harder to normalise databases above second normal form. Views can make it easier to create lossless join decomposition.

- (Topic 5)
Which of the following is the most secure form of triple-DES encryption?

1. A. DES-EDE3
2. B. DES-EDE1
3. C. DES-EEE4
4. D. DES-EDE2

Correct Answer: A
Triple DES with three distinct keys is the most secure form of triple-DES encryption. It can either be DES-EEE3 (encrypt-encrypt-encrypt) or DES-EDE3 (encrypt- decrypt-encrypt). DES-EDE1 is not defined and would mean using a single key to encrypt, decrypt and encrypt again, equivalent to single DES. DES-EEE4 is not defined and DES- EDE2 uses only 2 keys (encrypt with first key, decrypt with second key, encrypt with first key again).
Source: DUPUIS, Cl?ment, CISSP Open Study Guide on domain 5, cryptography, April 1999.