あなたを合格させる試験には100%確認済みSSCP試験問題 [Q431-Q448]

Share

あなたを合格させる試験には100%確認済みSSCP試験問題

SSCP問題集PDFでSSCPリアル試験問題解答

質問 # 431
Computer-generated evidence is considered:

  • A. Direct evidence
  • B. Second hand evidence
  • C. Best evidence
  • D. Demonstrative evidence

正解:B

解説:
Explanation/Reference:
Computer-generated evidence normally falls under the category of hearsay evidence, or second-hand evidence, because it cannot be proven accurate and reliable. Under the U.S. Federal Rules of Evidence, hearsay evidence is generally not admissible in court. Best evidence is original or primary evidence rather than a copy or duplicate of the evidence. It does not apply to computer-generated evidence. Direct evidence is oral testimony by witness. Demonstrative evidence are used to aid the jury (models, illustrations, charts).
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 9: Law, Investigation, and Ethics (page 310).
And: ROTHKE, Ben, CISSP CBK Review presentation on domain 9.


質問 # 432
What is the Maximum Tolerable Downtime (MTD)?

  • A. It is maximum delay businesses can tolerate and still remain viable
  • B. Minimum elapsed time required to complete recovery of application data
  • C. Maximum elapsed time required to move back to primary site after a major disruption
  • D. Maximum elapsed time required to complete recovery of application data

正解:A

解説:
Section: Risk, Response and Recovery
Explanation/Reference:
The Maximum Tolerable Downtime (MTD) is the maximum length of time a BUSINESS FUNCTION can endure without being restored, beyond which the BUSINESS is no longer viable NIST SAYS:
The ISCP Coordinator should analyze the supported mission/business processes and with the process owners, leadership and business managers determine the acceptable downtime if a given process or specific system data were disrupted or otherwise unavailable. Downtime can be identified in several ways.
Maximum Tolerable Downtime (MTD). The MTD represents the total amount of time the system owner/ authorizing official is willing to accept for a mission/business process outage or disruption and includes all impact considerations. Determining MTD is important because it could leave contingency planners with imprecise direction on selection of an appropriate recovery method, and the depth of detail which will be required when developing recovery procedures, including their scope and content.
Other BCP and DRP terms you must be familiar with are:
Recovery Time Objective (RTO). RTO defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/ business processes, and the MTD. Determining the information system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD. When it is not feasible to immediately meet the RTO and the MTD is inflexible, a Plan of Action and Milestone should be initiated to document the situation and plan for its mitigation.
Recovery Point Objective (RPO). The RPO represents the point in time, prior to a disruption or system outage, to which mission/business process data can be recovered (given the most recent backup copy of the data) after an outage. Unlike RTO, RPO is not considered as part of MTD. Rather, it is a factor of how much data loss the mission/business process can tolerate during the recovery process. Because the RTO must ensure that the MTD is not exceeded, the RTO must normally be shorter than the MTD. For example, a system outage may prevent a particular process from being completed, and because it takes time to reprocess the data, that additional processing time must be added to the RTO to stay within the time limit established by the MTD.
References used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Page 276.
and
http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov11-2010.pdf


質問 # 433
Which of the following binds a subject name to a public key value?

  • A. A public-key certificate
  • B. A private key certificate
  • C. A public key infrastructure
  • D. A secret key infrastructure

正解:A

解説:
Remember the term Public-Key Certificate is synonymous with Digital
Certificate or Identity certificate.
The certificate itself provides the binding but it is the certificate authority who will go
through the Certificate Practice Statements (CPS) actually validating the bindings and
vouch for the identity of the owner of the key within the certificate.
As explained in Wikipedia:
In cryptography, a public key certificate (also known as a digital certificate or identity
certificate) is an electronic document which uses a digital signature to bind together a
public key with an identity - information such as the name of a person or an organization,
their address, and so forth. The certificate can be used to verify that a public key belongs to
an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate
authority (CA). In a web of trust scheme such as PGP or GPG, the signature is of either the
user (a self-signed certificate) or other users ("endorsements") by getting people to sign
each other keys. In either case, the signatures on a certificate are attestations by the
certificate signer that the identity information and the public key belong together.
RFC 2828 defines the certification authority (CA) as:
An entity that issues digital certificates (especially X.509 certificates) and vouches for the
binding between the data items in a certificate.
An authority trusted by one or more users to create and assign certificates. Optionally, the
certification authority may create the user's keys.
X509 Certificate users depend on the validity of information provided by a certificate. Thus,
a CA should be someone that certificate users trust, and usually holds an official position
created and granted power by a government, a corporation, or some other organization. A
CA is responsible for managing the life cycle of certificates and, depending on the type of
certificate and the CPS that applies, may be responsible for the life cycle of key pairs
associated with the certificates
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
and http://en.wikipedia.org/wiki/Public_key_certificate


質問 # 434
Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements?

  • A. Validation
  • B. Verification
  • C. Assessment
  • D. Accuracy

正解:B

解説:
Verification vs. Validation:
Verification determines if the product accurately represents and meets the specifications. A product can be developed that does not match the original specifications. This step ensures that the specifications are properly met.
Validation determines if the product provides the necessary solution intended real-world problem. In large projects, it is easy to lose sight of overall goal. This exercise ensures that the main goal of the project is met.
From DITSCAP:
6.3.2. Phase 2, Verification. The Verification phase shall include activities to verify compliance of the system with previously agreed security requirements. For each life-cycle development activity, DoD Directive 5000.1 (reference (i)), there is a corresponding set of security activities, enclosure 3, that shall verify compliance with the security requirements and evaluate vulnerabilities.
6.3.3. Phase 3, Validation. The Validation phase shall include activities to evaluate the fully integrated system to validate system operation in a specified computing environment with an acceptable level of residual risk. Validation shall culminate in an approval to operate.
You must also be familiar with Verification and Validation for the purpose of the exam. A simple definition for Verification would be whether or not the developers followed the design specifications along with the security requirements. A simple definition for Validation would be whether or not the final product meets the end user needs and can be use for a specific purpose.
Wikipedia has an informal description that is currently written as: Validation can be expressed by the query "Are you building the right thing?" and Verification by "Are you building it right?
NOTE: DITSCAP was replaced by DIACAP some time ago (2007). While DITSCAP had defined both a verification and a validation phase, the DIACAP only has a validation phase. It may not make a difference in the answer for the exam; however, DIACAP is the cornerstone policy of DOD C&A and IA efforts today. Be familiar with both terms just in case all of a sudden the exam becomes updated with the new term.
Reference(s) used for this question:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 1106). McGraw-Hill. Kindle Edition.
http://iase.disa.mil/ditscap/DITSCAP.html https://en.wikipedia.org/wiki/Verification_and_validation For the definition of "validation" in DIACAP, Click Here Further sources for the phases in DIACAP, Click Here


質問 # 435
Which of the following exemplifies proper separation of duties?

  • A. Tape operators are permitted to use the system console.
  • B. Operators are not permitted modify the system time.
  • C. Console operators are permitted to mount tapes and disks.
  • D. Programmers are permitted to use the system console.

正解:B

解説:
This is an example of Separation of Duties because operators are prevented from modifying the system time which could lead to fraud. Tasks of this nature should be performed by they system administrators.
AIO defines Separation of Duties as a security principle that splits up a critical task among two or more individuals to ensure that one person cannot complete a risky task by himself.
The following answers are incorrect: Programmers are permitted to use the system console. Is incorrect because programmers should not be permitted to use the system console, this task should be performed by operators. Allowing programmers access to the system console could allow fraud to occur so this is not an example of Separation of Duties..
Console operators are permitted to mount tapes and disks. Is incorrect because operators
should be able to mount tapes and disks so this is not an example of Separation of Duties.
Tape operators are permitted to use the system console. Is incorrect because operators
should be able to use the system console so this is not an example of Separation of Duties.
References:
OIG CBK Access Control (page 98 - 101)
AIOv3 Access Control (page 182)


質問 # 436
Which of the following is NOT a common category/classification of threat to an IT system?

  • A. Technological
  • B. Human
  • C. Natural
  • D. Hackers

正解:D

解説:
Section: Risk, Response and Recovery
Explanation/Reference:
Hackers are classified as a human threat and not a classification by itself.
All the other answers are incorrect. Threats result from a variety of factors, although they are classified in three types: Natural (e.g., hurricane, tornado, flood and fire), human (e.g. operator error, sabotage, malicious code) or technological (e.g. equipment failure, software error, telecommunications network outage, electric power failure).
Reference:
SWANSON, Marianne, & al., National Institute of Standards and Technology (NIST), http://csrc.nist.gov/ publications/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov11-2010.pdf, June 2002 (page 6).


質問 # 437
Which of the following statements pertaining to packet filtering is incorrect?

  • A. It keeps track of the state of a connection.
  • B. It operates at the network layer.
  • C. It is based on ACLs.
  • D. It is not application dependant.

正解:A

解説:
Packet filtering is used in the first generation of firewalls and does not keep
track of the state of a connection. Stateful packet filtering does.
Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#2
Telecommunications and Network Security (page 6)


質問 # 438
An access system that grants users only those rights necessary for them to perform their work is operating on which security principle?

  • A. Least Privilege
  • B. Mandatory Access
  • C. Discretionary Access
  • D. Separation of Duties

正解:A

解説:
Section: Access Control
Explanation/Reference:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.


質問 # 439
To protect and/or restore lost, corrupted, or deleted information, thereby preserving the data integrity and availability is the purpose of:

  • A. Mirroring.
  • B. Remote journaling.
  • C. A tape backup method.
  • D. Database shadowing.

正解:C

解説:
Explanation/Reference:
The purpose of a tape backup method is to protect and/or restore lost, corrupted, or deleted information, thereby preserving the data integrity and ensuring availability.
All other choices could suffer from corruption and it might not be possible to restore the data without proper backups being done.
This is a tricky question, if the information is lost, corrupted, or deleted only a good backup could be use to restore the information. Any synchronization mechanism would update the mirror copy and the data could not be recovered.
With backups there could be a large gap where your latest data may not be available. You would have to look at your Recovery Point Objective and see if this is acceptable for your company recovery objectives.
The following are incorrect answers:
Mirroring will preserve integrity and restore points in all cases of drive failure. However, if you have corrupted data on the primary set of drives you may get corrupted data on the secondary set as well.
Remote Journaling provides Continuous or periodic synchronized recording of transaction data at a remote location as a backup strategy. (http://www.businessdictionary.com/definition/remote- journaling.html) With journaling there might be a gap of time between the data updates being send in batch at regular interval. So some of the data could be lost.
Database shadowing is synonymous with Mirroring but it only applies to databases, but not to information and data as a whole.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 68.


質問 # 440
Which of the following is BEST defined as a physical control?

  • A. Logical access control mechanisms
  • B. Fencing
  • C. Monitoring of system activity
  • D. Identification and authentication methods

正解:B

解説:
Section: Security Operation Adimnistration
Explanation/Reference:
Physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting.
The following answers are incorrect answers:
Monitoring of system activity is considered to be administrative control.
Identification and authentication methods are considered to be a technical control.
Logical access control mechanisms is also considered to be a technical control.
Reference(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 1280-1282). McGraw- Hill. Kindle Edition.


質問 # 441
Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)?

  • A. TCP is connection-oriented, UDP is not.
  • B. TCP does not guarantee delivery of data, while UDP does guarantee data delivery.
  • C. UDP provides for Error Correction, TCP does not.
  • D. UDP is useful for longer messages, rather than TCP.

正解:A

解説:
TCP is a reliable connection-oriented transport for guaranteed delivery of data.
Protocols represent certain rules and regulations that are essential in order to have data communication between two entities. Internet Protocols work in sending and receiving data packets. This type of communication may be either connection-less or connection-oriented.
In a connection-oriented scenario, an acknowledgement is being received by the sender from the receiver in support of a perfect transfer. Transmission Control Protocol or TCP is such a protocol.
On the other hand, UDP or User Datagram Protocol is of the connection-less type where no feedback is being forwarded to the sender after delivery and the data transfer have taken place or not. Though, it's not a guaranteed method, but, once a connection is established, UDP works much faster than TCP as TCP has to rely on a feedback and accordingly, the entire 3-way handshaking takes place.
The following answers are incorrect:
UDP provides for Error Correction, TCP does not: UDP does not provide for error
correction, while TCP does.
UDP is useful for longer messages, rather than TCP: UDP is useful for shorter messages
due to its connectionless nature.
TCP does not guarantee delivery of data, while UDP does guarantee data delivery: The
opposite is true.
References Used for this question:
http://www.cyberciti.biz/faq/key-differences-between-tcp-and-udp-protocols/
http://www.skullbox.net/tcpudp.php
James's TCP-IP FAQ - Understanding Port Numbers.


質問 # 442
Which of the following methods of providing telecommunications continuity involves the use of an alternative media?

  • A. Diverse routing
  • B. Last mile circuit protection
  • C. Long haul network diversity
  • D. Alternative routing

正解:D

解説:
Alternative routing is a method of routing information via an alternate medium such as copper cable or fiber optics. This involves use of different networks, circuits or end points should the normal network be unavailable. Diverse routing routes traffic through split cable facilities or duplicate cable facilities. This can be accomplished with different and/or duplicate cable sheaths. If different cable sheaths are used, the cable may be in the same conduit and therefore subject to the same interruptions as the cable it is backing up. The communication service subscriber can duplicate the facilities by having alternate routes, although the entrance to and from the customer premises may be in the same conduit. The subscriber can obtain diverse routing and alternate routing from the local carrier, including dual entrance facilities. This type of access is time-consuming and costly. Long haul network diversity is a diverse long-distance network utilizing T1 circuits among the major long-distance carriers. It ensures long-distance access should any one carrier experience a network failure. Last mile circuit protection is a redundant combination of local carrier T1s microwave and/or coaxial cable access to the local communications loop. This enables the facility to have access during a local carrier communication disaster. Alternate local carrier routing is also utilized. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 5: Disaster Recovery and Business Continuity (page 259).


質問 # 443
Which of the following focuses on sustaining an organization's business functions during and after a disruption?

  • A. Disaster recovery plan
  • B. Business continuity plan
  • C. Business recovery plan
  • D. Continuity of operations plan

正解:B

解説:
A business continuity plan (BCP) focuses on sustaining an organization's business functions during and after a disruption. Information systems are considered in the BCP only in terms of their support to the larger business processes. The business recovery plan (BRP) addresses the restoration of business processes after an emergency. The BRP is similar to the BCP, but it typically lacks procedures to ensure continuity of critical processes throughout an emergency or disruption. The continuity of operations plan (COOP) focuses on restoring an organization's essential functions at an alternate site and performing those functions for up to 30 days before returning to normal operations. The disaster recovery plan (DRP) applies to major, usually catastrophic events that deny access to the normal facility for an extended period. A DRP is narrower in scope than an IT contingency plan in that it does not address minor disruptions that do not require relocation.
Source: SWANSON, Marianne, & al., National Institute of Standards and Technology (NIST), NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems, December 2001 (page 8).


質問 # 444
Which of the following statements regarding an off-site information processing facility is TRUE?

  • A. It should be easily identified from the outside so in the event of an emergency it can be easily found.
  • B. It should be located in proximity to the originating site so that it can quickly be made operational.
  • C. It should have the same amount of physical access restrictions as the primary processing site.
  • D. Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.

正解:C

解説:
Explanation/Reference:
It is very important that the offsite has the same restrictions in order to avoide misuse.
The following answers are incorrect because:
It should be located in proximity to the originating site so that it can quickly be made operational is incorrect as the offsite is also subject to the same disaster as of the primary site.
It should be easily identified from the outside so in the event of an emergency it can be easily found is also incorrect as it should not be easily identified to prevent intentional sabotage.
Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive is also incorrect as it should be like its primary site.
Reference : Information Systems Audit and Control Association, Certified Information Systems Auditor
2002 review manual, chapter 5: Disaster Recovery and Business Continuity (page 265).


質問 # 445
Which of the following is not a preventive login control?

  • A. Password aging
  • B. Last login message
  • C. Minimum password length
  • D. Account expiration

正解:B

解説:
Explanation/Reference:
The last login message displays the last login date and time, allowing a user to discover if their account was used by someone else. Hence, this is rather a detective control.
Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, July 1992 (page
63).


質問 # 446
Which of the following types of Intrusion Detection Systems uses behavioral characteristics of a system's operation or network traffic to draw conclusions on whether the traffic represents a risk to the network or host?

  • A. Network-based ID systems.
  • B. Signature Analysis.
  • C. Host-based ID systems.
  • D. Anomaly Detection.

正解:D

解説:
There are two basic IDS analysis methods: pattern matching (also called signature analysis) and anomaly detection.
Anomaly detection uses behavioral characteristics of a system's operation or network traffic to draw conclusions on whether the traffic represents a risk to the network or host. Anomalies may include but are not limited to:
Multiple failed log-on attempts Users logging in at strange hours Unexplained changes to system clocks Unusual error messages
The following are incorrect answers: Network-based ID Systems (NIDS) are usually incorporated into the network in a passive architecture, taking advantage of promiscuous mode access to the network. This means that it has visibility into every packet traversing the network segment. This allows the system to inspect packets and monitor sessions without impacting the network or the systems and applications utilizing the network.
Host-based ID Systems (HIDS) is the implementation of IDS capabilities at the host level. Its most significant difference from NIDS is that related processes are limited to the boundaries of a single-host system. However, this presents advantages in effectively detecting objectionable activities because the IDS process is running directly on the host system, not just observing it from the network. This offers unfettered access to system logs, processes, system information, and device information, and virtually eliminates limits associated with encryption. The level of integration represented by HIDS increases the level of visibility and control at the disposal of the HIDS application.
Signature Analysis Some of the first IDS products used signature analysis as their detection method and simply looked for known characteristics of an attack (such as specific packet sequences or text in the data stream) to produce an alert if that pattern was detected. For example, an attacker manipulating an FTP server may use a tool that sends a specially constructed packet. If that particular packet pattern is known, it can be represented in the form of a signature that IDS can then compare to incoming packets. Pattern-based IDS will have a database of hundreds, if not thousands, of signatures that are compared to traffic streams. As new attack signatures are produced, the system is updated, much like antivirus solutions. There are drawbacks to pattern-based IDS. Most importantly, signatures can only exist for known attacks. If a new or different attack vector is used, it will not match a known signature and, thus, slip past the IDS. Additionally, if an attacker knows that the IDS is present, he or she can alter his or her methods to avoid detection. Changing packets and data streams, even slightly, from known signatures can cause an IDS to miss the attack. As with some antivirus systems, the IDS is only as good as the latest signature database on the system.
For additional information on Intrusion Detection Systems http://en.wikipedia.org/wiki/Intrusion_detection_system
Reference(s) used for this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 3623-3625, 3649-3654, 3666-3686). Auerbach Publications. Kindle Edition.


質問 # 447
Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?

  • A. 172.12.42.5
  • B. 172.140.42.5
  • C. 172.31.42.5
  • D. 172.15.42.5

正解:C

解説:
Section: Network and Telecommunications
Explanation/Reference:
This is a valid Class B reserved address. For Class B networks, the reserved addresses are 172.16.0.0 -
172.31.255.255.
The private IP address ranges are defined within RFC 1918:
RFC 1918 private ip address range

The following answers are incorrect:
172.12.42.5 Is incorrect because it is not a Class B reserved address.
172.140.42.5 Is incorrect because it is not a Class B reserved address.
172.15.42.5 Is incorrect because it is not a Class B reserved address.


質問 # 448
......

SSCP問題集100合保証には最新のサンプル:https://www.goshiken.com/ISC/SSCP-mondaishu.html

準備SSCP問題解答無料更新には100%試験合格保証 [2024年更新]:https://drive.google.com/open?id=14I8xG5Q5C6IdYNG5hat6j2unNNNN8vhp