Free SSCP Exam Braindumps (page: 60)

Page 60 of 269

An attack initiated by an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization is known as a(n):

  1. active attack
  2. outside attack
  3. inside attack
  4. passive attack

Answer(s): C

Explanation:

An inside attack is an attack initiated by an entity inside the security perimeter, an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization whereas an outside attack is initiated from outside the perimeter, by an unauthorized or illegitimate user of the system. An active attack attempts to alter system resources to affect their operation and a passive attack attempts to learn or make use of the information from the system but does not affect system resources.


Reference:

SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.



Which of the following can be defined as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences?

  1. Extensible Authentication Protocol
  2. Challenge Handshake Authentication Protocol
  3. Remote Authentication Dial-In User Service
  4. Multilevel Authentication Protocol.

Answer(s): A

Explanation:

RFC 2828 (Internet Security Glossary) defines the Extensible Authentication Protocol as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences. It is intended for use primarily by a host or router that connects to a PPP network server via switched circuits or
dial-up lines. The Remote Authentication Dial-In User Service (RADIUS) is defined as an Internet protocol for carrying dial-in user's authentication information and configuration information between a shared, centralized authentication server and a network access server that needs to authenticate the users of its network access ports. The other option is a distracter.


Reference:

SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.



What is a common problem when using vibration detection devices for perimeter control?

  1. They are vulnerable to non-adversarial disturbances.
  2. They can be defeated by electronic means.
  3. Signal amplitude is affected by weather conditions.
  4. They must be buried below the frost line.

Answer(s): A

Explanation:

Vibration sensors are similar and are also implemented to detect forced entry. Financial institutions may choose to implement these types of sensors on exterior walls, where bank robbers may attempt to drive a vehicle through. They are also commonly used around the ceiling and flooring of vaults to detect someone trying to make an unauthorized bank withdrawal.
Such sensors are proned to false positive. If there is a large truck with heavy equipment driving by it may trigger the sensor. The same with a storm with thunder and lighting, it may trigger the alarm even thou there are no adversarial threat or disturbance.
The following are incorrect answers:
All of the other choices are incorrect.


Reference:

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (pp. 495-496). McGraw-Hill . Kindle Edition.



Which of the following security controls might force an operator into collusion with personnel
assigned organizationally within a different function in order to gain access to unauthorized data?

  1. Limiting the local access of operations personnel
  2. Job rotation of operations personnel
  3. Management monitoring of audit logs
  4. Enforcing regular password changes

Answer(s): A

Explanation:

The questions specifically said: "within a different function" which eliminate Job Rotation as a choice.
Management monitoring of audit logs is a detective control and it would not prevent collusion.
Changing passwords regularly would not prevent such attack.
This question validates if you understand the concept of separation of duties and least privilege. By having operators that have only the minimum access level they need and only what they need to do their duties within a company, the operations personnel would be force to use collusion to defeat those security mechanism.


Reference:

TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.



Page 60 of 269



Post your Comments and Discuss ISC SSCP exam with other Community members:

Jack commented on October 03, 2024
are these still legit?
Anonymous
upvote

Anil commented on February 13, 2024
To everyone interested in this exam. I can tell you that questions are 90% accurate. Good enough to pass the exam with a good mark. But you need to study all these questions as you get randomized questions from this question bank. I pass my exam and that is what I could share as part of my study experience. Good luck to you all.
CANADA
upvote

S.H. commented on February 13, 2024
A happy returning customer. Passed one exam now preparing for my second. I hope this one is a accurate as the first exam. My score was 87% in first exam.
France
upvote

Marcus commented on February 04, 2024
Hello @Theguy, I actually used the full version of this exam (they provide the full version in PDF and it comes with an interactive test engine software which is actually pretty good). I managed to study for a month and then booked my exam. I managed to pass my exam. Make sure to practice withe test engine they provide and make sure you get more than 90% passing mark with their test engine. After that you will be ready to book your exam. Best of luck with you studies.
Anonymous
upvote

theguy commented on February 03, 2024
anyone actually used only this recently and can verify that the majority of these questions were on their exam
UNITED STATES
upvote

Niko76 commented on December 05, 2023
I hope it help me on exam
POLAND
upvote

christopher commented on March 14, 2023
The practice questions are Clear and concise, this study guide saved me and helped me pass my exam.
UNITED STATES
upvote

Bie commented on June 14, 2022
I pass today
THAILAND
upvote

Paratik-2000 commented on June 13, 2022
I encurage you to study and understand every single question in this exam dumps. Exam is very ticky but this dump helps a lot. I got to pass mine.
INDIA
upvote

Vicktor commented on October 19, 2021
These exam dumps saved me so much time. With a full-time job, studying those large books is not possible.
UNITED STATES
upvote

Delawar commented on October 20, 2020
Locked down at home due to COVID-19. Best use of my time to get some certifications. I just purchased and downloaded this braindumps PDF package. So far looks good.
CANADA
upvote

BanglaBoi commented on January 11, 2015
1074 Questions, should be fine for mock test, will report back once I take the actual exam.
UNITED KINGDOM
upvote