Free SSCP Exam Braindumps (page: 69)

Page 69 of 269

Degaussing is used to clear data from all of the following medias except:

  1. Floppy Disks
  2. Read-Only Media
  3. Video Tapes
  4. Magnetic Hard Disks

Answer(s): B

Explanation:

Atoms and Data
Shon Harris says: "A device that performs degaussing generates a coercive magnetic force that reduces the magnetic flux density of the storage media to zero. This magnetic force is what properly erases data from media. Data are stored on magnetic media by the representation of the polarization of the atoms. Degaussing changes"
The latest ISC2 book says:
"Degaussing can also be a form of media destruction. High-power degaussers are so strong in some cases that they can literally bend and warp the platters in a hard drive. Shredding and burning are effective destruction methods for non-rigid magnetic media. Indeed, some shredders are capable of shredding some rigid media such as an optical disk. This may be an effective alternative for any optical media containing nonsensitive information due to the residue size remaining after feeding the disk into the machine. However, the residue size might be too large for media containing sensitive information. Alternatively, grinding and pulverizing are acceptable choices for rigid and solid-state media. Specialized devices are available for grinding the face of optical media that either sufficiently scratches the surface to render the media unreadable or actually grinds off the data layer of the disk. Several services also exist which will collect drives, destroy them on site if requested and provide certification of completion. It will be the responsibility of the security professional to help, select, and maintain the most appropriate solutions for media cleansing and disposal."
Degaussing is achieved by passing the magnetic media through a powerful magnet field to rearrange the metallic particles, completely removing any resemblance of the previously recorded signal (from the "all about degaussers link below). Therefore, degaussing will work on any electronic based media such as floppy disks, or hard disks - all of these are examples of electronic storage. However, "read-only media" includes items such as paper printouts and CD-ROM wich do not store data in an electronic form or is not magnetic storage. Passing them through a magnet field has no effect on them.
Not all clearing/ purging methods are applicable to all media-- for example, optical media is not susceptible to degaussing, and overwriting may not be effective against Flash devices. The degree to which information may be recoverable by a sufficiently motivated and capable adversary must not be underestimated or guessed at in ignorance. For the highest-value commercial data, and for all data regulated by government or military classification rules, read and follow the rules and standards.
I will admit that this is a bit of a trick question. Determining the difference between "read-only media" and "read-only memory" is difficult for the question taker. However, I believe it is representative of the type of question you might one day see on an exam.
The other answers are incorrect because:
Floppy Disks, Magnetic Tapes, and Magnetic Hard Disks are all examples of magnetic storage, and therefore are erased by degaussing.
A videotape is a recording of images and sounds on to magnetic tape as opposed to film stock used in filmmaking or random access digital mediA. Videotapes are also used for storing scientific or medical data, such as the data produced by an electrocardiogram. In most cases, a helical scan video head rotates against the moving tape to record the data in two dimensions, because video signals have a very high bandwidth, and static heads would require extremely high tape speeds. Videotape is used in both video tape recorders (VTRs) or, more commonly and more recently, videocassette recorder (VCR) and camcorders. A Tape use a linear method of storing information and since nearly all video recordings made nowadays are digital direct to disk recording (DDR), videotape is expected to gradually lose importance as non-linear/random-access methods of storing digital video data become more common.


Reference:

Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 25627- 25630). McGraw-Hill. Kindle Edition.
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Security Operations (Kindle Locations 580-588). . Kindle Edition.
All About Degaussers and Erasure of Magnetic Media:
http://www.degausser.co.uk/degauss/degabout.htm
http://www.degaussing.net/
http://www.cerberussystems.com/INFOSEC/stds/ncsctg25.htm



It is a violation of the "separation of duties" principle when which of the following individuals access the software on systems implementing security?

  1. security administrator
  2. security analyst
  3. systems auditor
  4. systems programmer

Answer(s): D

Explanation:

Reason: The security administrator, security analysis, and the system auditor need access to portions of the security systems to accomplish their jobs. The system programmer does not need access to the working (AKA: Production) security systems.
Programmers should not be allowed to have ongoing direct access to computers running production systems (systems used by the organization to operate its business). To maintain system integrity, any changes they make to production systems should be tracked by the organization's change management control system.
Because the security administrator's job is to perform security functions, the performance of non- security tasks must be strictly limited. This separation of duties reduces the likelihood of loss that results from users abusing their authority by taking actions outside of their assigned functional responsibilities.


Reference:

OFFICIAL (ISC)2® GUIDE TO THE CISSP® EXAM (2003), Hansche, S., Berti, J., Hare, H., Auerbach Publication, FL, Chapter 5 - Operations Security, section 5.3,"Security Technology and Tools," Personnel section (page 32).
KRUTZ, R. & VINES, R. The CISSP Prep Guide: Gold Edition (2003), Wiley Publishing Inc., Chapter 6: Operations Security, Separations of Duties (page 303).



When backing up an applications system's data, which of the following is a key question to be answered first?

  1. When to make backups
  2. Where to keep backups
  3. What records to backup
  4. How to store backups

Answer(s): C

Explanation:

It is critical that a determination be made of WHAT data is important and should be
retained and protected. Without determining the data to be backed up, the potential for error increases. A record or file could be vital and yet not included in a backup routine. Alternatively, temporary or insignificant files could be included in a backup routine unnecessarily.
The following answers were incorrect:
When to make backups Although it is important to consider schedules for backups, this is done after the decisions are made of what should be included in the backup routine.
Where to keep backups The location of storing backup copies of data (Such as tapes, on-line backups, etc) should be made after determining what should be included in the backup routine and the method to store the backup.
How to store backups The backup methodology should be considered after determining what data should be included in the backup routine.



A 'Pseudo flaw' is which of the following?

  1. An apparent loophole deliberately implanted in an operating system program as a trap for intruders.
  2. An omission when generating Psuedo-code.
  3. Used for testing for bounds violations in application programming.
  4. A normally generated page fault causing the system to halt.

Answer(s): A

Explanation:

A Pseudo flaw is something that looks like it is vulnerable to attack, but really acts as an alarm or triggers automatic actions when an intruder attempts to exploit the flaw.
The following answers are incorrect:
An omission when generating Psuedo-code. Is incorrect because it is a distractor. Used for testing for bounds violations in application programming. Is incorrect, this is a testing methodology.
A normally generated page fault causing the system to halt. This is incorrect because it is distractor.



Page 69 of 269



Post your Comments and Discuss ISC SSCP exam with other Community members:

Jack commented on October 03, 2024
are these still legit?
Anonymous
upvote

Anil commented on February 13, 2024
To everyone interested in this exam. I can tell you that questions are 90% accurate. Good enough to pass the exam with a good mark. But you need to study all these questions as you get randomized questions from this question bank. I pass my exam and that is what I could share as part of my study experience. Good luck to you all.
CANADA
upvote

S.H. commented on February 13, 2024
A happy returning customer. Passed one exam now preparing for my second. I hope this one is a accurate as the first exam. My score was 87% in first exam.
France
upvote

Marcus commented on February 04, 2024
Hello @Theguy, I actually used the full version of this exam (they provide the full version in PDF and it comes with an interactive test engine software which is actually pretty good). I managed to study for a month and then booked my exam. I managed to pass my exam. Make sure to practice withe test engine they provide and make sure you get more than 90% passing mark with their test engine. After that you will be ready to book your exam. Best of luck with you studies.
Anonymous
upvote

theguy commented on February 03, 2024
anyone actually used only this recently and can verify that the majority of these questions were on their exam
UNITED STATES
upvote

Niko76 commented on December 05, 2023
I hope it help me on exam
POLAND
upvote

christopher commented on March 14, 2023
The practice questions are Clear and concise, this study guide saved me and helped me pass my exam.
UNITED STATES
upvote

Bie commented on June 14, 2022
I pass today
THAILAND
upvote

Paratik-2000 commented on June 13, 2022
I encurage you to study and understand every single question in this exam dumps. Exam is very ticky but this dump helps a lot. I got to pass mine.
INDIA
upvote

Vicktor commented on October 19, 2021
These exam dumps saved me so much time. With a full-time job, studying those large books is not possible.
UNITED STATES
upvote

Delawar commented on October 20, 2020
Locked down at home due to COVID-19. Best use of my time to get some certifications. I just purchased and downloaded this braindumps PDF package. So far looks good.
CANADA
upvote

BanglaBoi commented on January 11, 2015
1074 Questions, should be fine for mock test, will report back once I take the actual exam.
UNITED KINGDOM
upvote