CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. SSCP

Free SSCP Exam Braindumps (page: 3)

Page 2 of 269
PDF with 1074 Questions

Which of the following is true about Kerberos?

  1. It utilizes public key cryptography.
  2. It encrypts data after a ticket is granted, but passwords are exchanged in plain text.
  3. It depends upon symmetric ciphers.
  4. It is a second party authentication system.

Answer(s): C

Explanation:

Kerberos depends on secret keys (symmetric ciphers). Kerberos is a third party authentication protocol. It was designed and developed in the mid 1980's by MIT. It is considered open source but is copyrighted and owned by MIT. It relies on the user's secret keys. The password is used to encrypt and decrypt the keys.
The following answers are incorrect:
It utilizes public key cryptography. Is incorrect because Kerberos depends on secret keys (symmetric ciphers).
It encrypts data after a ticket is granted, but passwords are exchanged in plain text. Is incorrect because the passwords are not exchanged but used for encryption and decryption of the keys.
It is a second party authentication system. Is incorrect because Kerberos is a third party authentication system, you authenticate to the third party (Kerberos) and not the system you are accessing.


Reference:

MIT http://web.mit.edu/kerberos/
Wikipedi http://en.wikipedia.org/wiki/Kerberos_%28protocol%29
OIG CBK Access Control (pages 181 - 184)
AIOv3 Access Control (pages 151 - 155)



Which of the following is needed for System Accountability?

  1. Audit mechanisms.
  2. Documented design as laid out in the Common Criteria.
  3. Authorization.
  4. Formal verification of system design.

Answer(s): A

Explanation:

Is a means of being able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed.
Accountability is the ability to identify users and to be able to track user actions.
The following answers are incorrect:
Documented design as laid out in the Common CriteriA. Is incorrect because the Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability.
Authorization. Is incorrect because Authorization is granting access to subjects, just because you have authorization does not hold the subject accountable for their actions.
Formal verification of system design. Is incorrect because all you have done is to verify the system design and have not taken any steps toward system accountability.


Reference:

OIG CBK Glossary (page 778)



What is Kerberos?

  1. A three-headed dog from the egyptian mythology.
  2. A trusted third-party authentication protocol.
  3. A security model.
  4. A remote authentication dial in user server.

Answer(s): B

Explanation:

Is correct because that is exactly what Kerberos is.
The following answers are incorrect:
A three-headed dog from Egyptian mythology. Is incorrect because we are dealing with Information Security and not the Egyptian mythology but the Greek Mythology.
A security model. Is incorrect because Kerberos is an authentication protocol and not just a security model.
A remote authentication dial in user server. Is incorrect because Kerberos is not a remote authentication dial in user server that would be called RADIUS.



The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something:

  1. you need.
  2. non-trivial
  3. you are.
  4. you can get.

Answer(s): C

Explanation:

This is more commonly known as biometrics and is one of the most accurate ways to authenticate an individual.
The rest of the answers are incorrect because they not one of the three recognized forms for Authentication.






Post your Comments and Discuss ISC SSCP exam with other Community members:

SSCP Discussions & Posts