[Nov-2024] Download Real ISC SSCP Exam Dumps Test Engine Exam Questions [Q206-Q226]

[Nov-2024] Download Real ISC SSCP Exam Dumps Test Engine Exam Questions

New SSCP exam dumps Use Updated ISC Exam

Certification topics of ISC SSCP Exam

ISC SSCP Dumps of ISC SSCP Certification Exam covers the following topics:

• InfoSec incident response and cleanup.
• Preparing an information security risk assessment for security architecture and design.
• Documenting all security-relevant activities within an organization.
• Using tools such as ethical hacking to assess network vulnerabilities.
• Risk management: considerations in selecting the appropriate controls, keeping them in place, monitoring them across an organization's network infrastructure.
• Preparing an information security architecture for secure systems, applications, and networks.
• Security controls, risk management, compliance, and governance.
• Managing the cybersecurity of the organization including compliance with laws and regulations (federal, state, and international).
• Developing an information security policy and standards to guide all organization's IT activities, reports, and documentation.

SSCP Dumps covers the following Domains of the exam ISC SSCP:

• Understanding of Cryptography hold 10%
• Network and Communications Security 16%
• Percentage for Access Controls in the exam is 16%
• Monitoring, Analysis, and Risk Identification, holds, 15%

Which is the best resource to study for the ISC SSCP Certification Exam?

After scheduling the exam you need to start prep for the exam. For the Preparation for the exam, there are many resources which you can use as a prerequisite.

A few of them are as follows:

• Arrange notes related to the exam. You also need to revise the notes before the exam.
• Also do Mock tests for having real-time exam experience of the actual exam.
• Reading Latest edition Books and official study guides.
• Watching free videos from YouTube to seek sufficient knowledge and skill. You can also subscribe to them for the latest updates.

Reading from books, Watching videos, doing mock exams, learning from notes and all other resources will be very much helpful in the preparation of the exam, but it demands time, focus, research, most relevant resources discovery, Arrangement of topics for the preparation of exam. Sometimes it becomes very hard to find material and arranging topics and Candidates do not know how to start and where to start preparing for the SSCP exam. Smart students practice for the exam through the blend of all these resources. And the blend of all the resources, Preparation by this can not only consume less time but also help to cover all the topics in the syllabus. A blend of the resources is the practice exam.

Here I am going to introduce you that SSCP Dumps. These Dumps. I recommend you prepare for your exam from SSCP Dumps. It is arranged by our Knowledgeable team, These Dumps have almost all relevant and real data related to all topics of the exam. These practice exams are designed to make candidates familiar with the real exam environment. These free exam dumps are designed for the ease of candidates. It has mock tests, practice & Simulator tests. I am confident in my words that if you prepare for the exam from these exam dumps, you will surely score good marks.

There are two ways to get access to these Dumps. The first is a website and the other is a Mobile app. If you want to access these free exam dumps from your desktop or laptop, you just need to turn on the window, open any search engine, and access these exam dumps through our official website. If you want to access it from your mobile phone or iPad, you just need to open your app store or play store from your IOS or android phone. Download our Dumps app. Get access to the practice exams by logging in. You can download PDF files, but we do not offer VCE exam dumps files. You guys can take benefits from PDF downloads in offline mode. If you purchased exam dumps and do not feel any improvement in the preparation of the SSCP exam, you can get a refund of your dump purchasing fee. Now, this is the time to take a step to your career growth and achievement of your ultimate goals.

 

NEW QUESTION # 206
In stateful inspection firewalls, packets are:

• A. Inspected at all Open System Interconnection (OSI) layers
• B. Inspected at only one layer of the Open System Interconnection (OSI) model
• C. Decapsulated at all Open Systems Interconnect (OSI) layers.
• D. Encapsulated at all Open Systems Interconnect (OSI) layers.

Answer: A

Explanation:
Explanation/Reference:
Many times when a connection is opened, the firewall will inspect all layers of the packet. While this inspection is scaled back for subsequent packets to improve performance, this is the best of the four answers.
When packet filtering is used, a packet arrives at the firewall, and it runs through its ACLs to determine whether this packet should be allowed or denied. If the packet is allowed, it is passed on to the destination host, or to another network device, and the packet filtering device forgets about the packet. This is different from stateful inspection, which remembers and keeps track of what packets went where until each particular connection is closed. A stateful firewall is like a nosy neighbor who gets into people's business and conversations. She keeps track of the suspicious cars that come into the neighborhood, who is out of town for the week, and the postman who stays a little too long at the neighbor lady's house. This can be annoying until your house is burglarized. Then you and the police will want to talk to the nosy neighbor, because she knows everything going on in the neighborhood and would be the one most likely to know something unusual happened.
"Inspected at only one Open Systems Interconnetion (OSI) layer" is incorrect. To perform stateful packet inspection, the firewall must consider at least the network and transport layers.
"Decapsulated at all Open Systems Interconnection (OSI) layers" is incorrect. The headers are not stripped ("decapsulated" if there is such a word) and are passed through in their entirety IF the packet is passed.
"Encapsulated at all Open Systems Interconnect (OSI) layers" is incorrect. Encapsulation refers to the adding of a layer's header/trailer to the information received from the above level. This is done when the packet is assembled not at the firewall.
Reference(s) used for this question:
CBK, p. 466
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (pp. 632-633). McGraw-Hill. Kindle Edition.

NEW QUESTION # 207
Which of the following organizations can be a valid Certificate Authority (CA)?

• A. Verisign
• B. Netscape
• C. All of the entities listed could be valid Certificate Authorities
• D. Dell
• E. Microsoft

Answer: C

NEW QUESTION # 208
Which of the following categories of hackers poses the greatest threat?

• A. Criminal hackers
• B. Student hackers
• C. Corporate spies
• D. Disgruntled employees

Answer: D

Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
According to the authors, hackers fall in these categories, in increasing threat order: security experts, students, underemployed adults, criminal hackers, corporate spies and disgruntled employees.
Disgruntled employees are the most dangerous security problem of all because they are most likely to have a good knowledge of the organization's IT systems and security measures.
Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 2: Hackers.

NEW QUESTION # 209
Which auditing practice relates to the controlling of hardware, software, firmware, and documentation to insure it has not been improperly modified?

• A. Certification / Accreditation
• B. Consequence Assessment
• C. Configuration Control
• D. System Control

Answer: C

NEW QUESTION # 210
Kerberos depends upon what encryption method?

• A. El Gamal cryptography.
• B. Public Key cryptography.
• C. Secret Key cryptography.
• D. Blowfish cryptography.

Answer: C

Explanation:
Kerberos depends on Secret Keys or Symmetric Key cryptography.
Kerberos a third party authentication protocol. It was designed and developed in the mid
1980's by MIT. It is considered open source but is copyrighted and owned by MIT. It relies
on the user's secret keys. The password is used to encrypt and decrypt the keys.
This question asked specifically about encryption methods. Encryption methods can be
SYMMETRIC (or secret key) in which encryption and decryption keys are the same, or
ASYMMETRIC (aka 'Public Key') in which encryption and decryption keys differ.
'Public Key' methods must be asymmetric, to the extent that the decryption key CANNOT
be easily derived from the encryption key. Symmetric keys, however, usually encrypt more
efficiently, so they lend themselves to encrypting large amounts of data. Asymmetric
encryption is often limited to ONLY encrypting a symmetric key and other information that
is needed in order to decrypt a data stream, and the remainder of the encrypted data uses
the symmetric key method for performance reasons. This does not in any way diminish the
security nor the ability to use a public key to encrypt the data, since the symmetric key
method is likely to be even MORE secure than the asymmetric method.
For symmetric key ciphers, there are basically two types: BLOCK CIPHERS, in which a
fixed length block is encrypted, and STREAM CIPHERS, in which the data is encrypted
one 'data unit' (typically 1 byte) at a time, in the same order it was received in.
The following answers are incorrect:
Public Key cryptography. Is incorrect because Kerberos depends on Secret Keys or
Symmetric Key cryptography and not Public Key or Asymmetric Key cryptography.
El Gamal cryptography. Is incorrect because El Gamal is an Asymmetric Key encryption
algorithm.
Blowfish cryptography. Is incorrect because Blowfish is a Symmetric Key encryption
algorithm.
References:
OIG CBK Access Control (pages 181 - 184) AIOv3 Access Control (pages 151 - 155)
Wikipedia http://en.wikipedia.org/wiki/Blowfish_%28cipher%29 ; http://en.wikipedia.org/wiki/El_Gamal http://www.mrp3.com/encrypt.html

NEW QUESTION # 211
Which of the following protocols that provide integrity and authentication for IPSec, can also provide non- repudiation in IPSec?

• A. Encapsulating Security Payload (ESP)
• B. Secure Sockets Layer (SSL)
• C. Authentication Header (AH)
• D. Secure Shell (SSH-2)

Answer: C

Explanation:
Explanation/Reference:
As per the RFC in reference, the Authentication Header (AH) protocol is a mechanism for providing strong integrity and authentication for IP datagrams. It might also provide non-repudiation, depending on which cryptographic algorithm is used and how keying is performed. For example, use of an asymmetric digital signature algorithm, such as RSA, could provide non-repudiation.
from a cryptography point of view, so we will cover it from a VPN point of view here. IPSec is a suite of protocols that was developed to specifically protect IP traffic. IPv4 does not have any integrated security, so IPSec was developed to bolt onto IP and secure the data the protocol transmits. Where PPTP and L2TP work at the data link layer, IPSec works at the network layer of the OSI model. The main protocols that make up the IPSec suite and their basic functionality are as follows: A. Authentication Header (AH) provides data integrity, data origin authentication, and protection from replay attacks. B. Encapsulating Security Payload (ESP) provides confidentiality, data-origin authentication, and data integrity. C. Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for security association creation and key exchange. D. Internet Key Exchange (IKE) provides authenticated keying material for use with ISAKMP.
The following are incorrect answers:
ESP is a mechanism for providing integrity and confidentiality to IP datagrams. It may also provide authentication, depending on which lgorithm and algorithm mode are used. Non-repudiation and protection from traffic analysis are not provided by ESP (RFC 1827).
SSL is a secure protocol used for transmitting private information over the Internet. It works by using a public key to encrypt data that is transferred of the SSL connection. OIG 2007, page 976 SSH-2 is a secure, efficient, and portable version of SSH (Secure Shell) which is a secure replacement for telnet.
Reference(s) used for this question:
Shon Harris, CISSP All In One, 6th Edition , Page 705
and
RFC 1826, http://tools.ietf.org/html/rfc1826, paragraph 1.

NEW QUESTION # 212
Which of the following is NOT a property of the Rijndael block cipher algorithm?

• A. Maximum key size is 512 bits
• B. The key size does not have to match the block size
• C. The key sizes must be a multiple of 32 bits
• D. Maximum block size is 256 bits

Answer: A

Explanation:
Section: Cryptography
Explanation/Reference:
The above statement is NOT true and thus the correct answer. The maximum key size on Rijndael is 256 bits.
There are some differences between Rijndael and the official FIPS-197 specification for AES.
Rijndael specification per se is specified with block and key sizes that must be a multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits. Namely, Rijndael allows for both key and block sizes to be chosen independently from the set of { 128, 160, 192, 224, 256 } bits. (And the key size does not in fact have to match the block size).
However, FIPS-197 specifies that the block size must always be 128 bits in AES, and that the key size may be either 128, 192, or 256 bits. Therefore AES-128, AES-192, and AES-256 are actually:
Key Size (bits) Block Size (bits)
AES-128 128 128
AES-192 192 128
AES-256 256 128
So in short:
Rijndael and AES differ only in the range of supported values for the block length and cipher key length.
For Rijndael, the block length and the key length can be independently specified to any multiple of 32 bits, with a minimum of 128 bits, and a maximum of 256 bits.
AES fixes the block length to 128 bits, and supports key lengths of 128, 192 or 256 bits only.
References used for this question:
http://blogs.msdn.com/b/shawnfa/archive/2006/10/09/the-differences-between-rijndael-and-aes.aspx and
http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf

NEW QUESTION # 213
Guards are appropriate whenever the function required by the security program involves which of the following?

• A. The need to detect unauthorized access
• B. The use of discriminating judgment
• C. The use of physical force
• D. The operation of access control devices

Answer: B

Explanation:
The use of discriminating judgment, a guard can make the
determinations that hardware or other automated security devices cannot make due to its
ability to adjust to rapidly changing conditions, to learn and alter recognizable patterns, and
to respond to various conditions in the environment. Guards are better at making value
decisions at times of incidents. They are appropriate whenever immediate, discriminating
judgment is required by the security entity.
The following answers are incorrect:
The use of physical force This is not the best answer. A guard provides discriminating
judgment, and the ability to discern the need for physical force.
The operation of access control devices A guard is often uninvolved in the operations of an
automated access control device such as a biometric reader, a smart lock, mantrap, etc.
The need to detect unauthorized access The primary function of a guard is not to detect
unauthorized access, but to prevent unauthorized physical access attempts and may deter
social engineering attempts.
The following reference(s) were/was used to create this question:
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: Physical
security (page 339).
Source: ISC2 Offical Guide to the CBK page 288-289.

NEW QUESTION # 214
CORRECT TEXT
__________ is a tool used by network administrators to capture packets from a network.

Answer:

NEW QUESTION # 215
What is the main objective of proper separation of duties?

• A. To ensure access controls are in place.
• B. To ensure that no single individual can compromise a system.
• C. To ensure that audit trails are not tampered with.
• D. To prevent employees from disclosing sensitive information.

Answer: B

Explanation:
Section: Access Control
Explanation/Reference:
The primary objective of proper separation of duties is to ensure that one person acting alone cannot compromise the company's security in any way. A proper separation of duties does not prevent employees from disclosing information, nor does it ensure that access controls are in place or that audit trails are not tampered with.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 12:
Operations Security (Page 808).

NEW QUESTION # 216
Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?

• A. Layers 5, 6, & 7 - Session, Presentation, and Application Layers
• B. Layers 2, 3, & 4 - Data Link, Network, and Transport Layers
• C. Layer 3 - Network Layer
• D. Layer 7 - Application Layer

Answer: A

NEW QUESTION # 217
Qualitative loss resulting from the business interruption does NOT usually include:

• A. Loss of revenue
• B. Loss of market leadership
• C. Loss of competitive advantage or market share
• D. Loss of public confidence and credibility

Answer: A

Explanation:
This question is testing your ability to evaluate whether items on the list are Qualitative or Quantitative. All of the items listed were Qualitative except Lost of Revenue which is Quantitative.
Those are mainly two approaches to risk analysis, see a description of each below:
A quantitative risk analysis is used to assign monetary and numeric values to all elements of the risk analysis process. Each element within the analysis (asset value, threat frequency, severity of vulnerability, impact damage, safeguard costs, safeguard effectiveness, uncertainty, and probability items) is quantified and entered into equations to determine total and residual risks. It is more of a scientific or mathematical approach to risk analysis compared to qualitative.
A qualitative risk analysis uses a "softer" approach to the data elements of a risk analysis . It does not quantify that data, which means that it does not assign numeric values to the data so that they can be used in equations.
Qualitative and quantitative impact information should be gathered and then properly analyzed and interpreted. The goal is to see exactly how a business will be affected by different threats.
The effects can be economical, operational, or both. Upon completion of the data analysis, it should be reviewed with the most knowledgeable people within the company to ensure that the findings are appropriate and that it describes the real risks and impacts the organization faces.
This will help flush out any additional data points not originally obtained and will give a fuller understanding of all the possible business impacts.
Loss criteria must be applied to the individual threats that were identified.
The criteria may include the following:
Loss in reputation and public confidence
Loss of competitive advantages
Increase in operational expenses
Violations of contract agreements
Violations of legal and regulatory requirements
Delayed income costs
Loss in revenue
Loss in productivity

NEW QUESTION # 218
Which of following is not a service provided by AAA servers (Radius, TACACS and DIAMETER)?

• A. Administration
• B. Authentication
• C. Accounting
• D. Authorization

Answer: A

Explanation:
Section: Access Control
Explanation/Reference:
Radius, TACACS and DIAMETER are classified as authentication, authorization, and accounting (AAA) servers.
Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, 2001, CRC Press, NY, Page 33.
also see:
The term "AAA" is often used, describing cornerstone concepts [of the AIC triad] Authentication, Authorization, and Accountability. Left out of the AAA acronym is Identification which is required before the three "A's" can follow. Identity is a claim, Authentication proves an identity, Authorization describes the action you can perform on a system once you have been identified and authenticated, and accountability holds users accountable for their actions.
Reference: CISSP Study Guide, Conrad Misenar, Feldman p. 10-11, (c) 2010 Elsevier.

NEW QUESTION # 219
Which of the following statements pertaining to packet filtering is incorrect?

• A. It keeps track of the state of a connection.
• B. It operates at the network layer.
• C. It is not application dependant.
• D. It is based on ACLs.

Answer: A

Explanation:
Packet filtering is used in the first generation of firewalls and does not keep
track of the state of a connection. Stateful packet filtering does.
Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#2
Telecommunications and Network Security (page 6)

NEW QUESTION # 220
What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)?

• A. They have an increased level of visibility and control compared to NIDS
• B. It can be very invasive to the host operating system
• C. Monitors all processes and activities on the host system only
• D. Virtually eliminates limits associated with encryption

Answer: B

Explanation:
Section: Analysis and Monitoring
Explanation
Explanation/Reference:
The biggest drawback of HIDS, and the reason many organizations resist its use, is that it can be very invasive to the host operating system. HIDS must have the capability to monitor all processes and activities on the host system and this can sometimes interfere with normal system processing.
HIDS versus NIDS
A host-based IDS (HIDS) can be installed on individual workstations and/ or servers to watch for inappropriate or anomalous activity. HIDSs are usually used to make sure users do not delete system files, reconfigure important settings, or put the system at risk in any other way.
So, whereas the NIDS understands and monitors the network traffic, a HIDS's universe is limited to the computer itself. A HIDS does not understand or review network traffic, and a NIDS does not "look in" and monitor a system's activity. Each has its own job and stays out of the other's way.
The ISC2 official study book defines an IDS as:
An intrusion detection system (IDS) is a technology that alerts organizations to adverse or unwanted activity.
An IDS can be implemented as part of a network device, such as a router, switch, or firewall, or it can be a dedicated IDS device monitoring traffic as it traverses the network. When used in this way, it is referred to as a network IDS, or NIDS. IDS can also be used on individual host systems to monitor and report on file, disk, and process activity on that host. When used in this way it is referred to as a host-based IDS, or HIDS.
An IDS is informative by nature and provides real-time information when suspicious activities are identified. It is primarily a detective device and, acting in this traditional role, is not used to directly prevent the suspected attack.
What about IPS?
In contrast, an intrusion prevention system (IPS), is a technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity. An IPS permits a predetermined set of functions and actions to occur on a network or system; anything that is not permitted is considered unwanted activity and blocked. IPS is engineered specifically to respond in real time to an event at the system or network layer. By proactively enforcing policy, IPS can thwart not only attackers, but also authorized users attempting to perform an action that is not within policy. Fundamentally, IPS is considered an access control and policy enforcement technology, whereas IDS is considered network monitoring and audit technology.
The following answers were incorrect:
All of the other answer were advantages and not drawback of using HIDS
TIP FOR THE EXAM:
Be familiar with the differences that exists between an HIDS, NIDS, and IPS. Know that IDS's are mostly detective but IPS are preventive. IPS's are considered an access control and policy enforcement technology, whereas IDS's are considered network monitoring and audit technology.
Reference(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 5817-5822). McGraw- Hill. Kindle Edition.
and
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Access Control ((ISC)
2 Press), Domain1, Page 180-188 or on the kindle version look for Kindle Locations 3199-3203. Auerbach Publications.

NEW QUESTION # 221
What is the primary role of cross certification?

• A. Build an overall PKI hierarchy
• B. Prevent the nullification of user certificates by CA certificate revocation
• C. set up direct trust to a second root CA
• D. Creating trust between different PKIs

Answer: D

Explanation:
Explanation/Reference:
More and more organizations are setting up their own internal PKIs. When these independent PKIs need to interconnect to allow for secure communication to take place (either between departments or different companies), there must be a way for the two root CAs to trust each other.
These two CAs do not have a CA above them they can both trust, so they must carry out cross certification. A cross certification is the process undertaken by CAs to establish a trust relationship in which they rely upon each other's digital certificates and public keys as if they had issued them themselves.
When this is set up, a CA for one company can validate digital certificates from the other company and vice versa.
Reference(s) used for this question:
For more information and illustration on Cross certification: http://www.microsoft.com/technet/prodtechnol/ windowsserver2003/technologies/security/ws03qswp.mspx http://www.entrust.com/resources/pdf/ cross_certification.pdf
also see:
Shon Harris, CISSP All in one book, 4th Edition, Page 727
and
RFC 2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile; FORD, Warwick & BAUM, Michael S., Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption (2nd Edition), 2000, Prentice Hall PTR, Page 254.

NEW QUESTION # 222
In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the:

• A. Data Link Layer.
• B. Inspection Layer.
• C. Network or Transport Layer.
• D. Application Layer.

Answer: C

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
Most stateful packet inspection firewalls work at the network or transport layers. For the TCP/IP protcol, this allows the firewall to make decisions both on IP addresses, protocols and TCP/UDP port numbers Application layer is incorrect. This is too high in the OSI stack for this type of firewall.
Inspection layer is incorrect. There is no such layer in the OSI stack.
"Data link layer" is incorrect. This is too low in the OSI stack for this type of firewall.
References:
CBK, p. 466
AIO3, pp. 485 - 486

NEW QUESTION # 223
Which of the following is a trusted, third party authentication protocol that was developed under Project Athena at MIT?

• A. KryptoKnight
• B. SESAME
• C. NetSP
• D. Kerberos

Answer: D

Explanation:
Kerberos is a trusted, third party authentication protocol that was developed under Project Athena at MIT.
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.
The Internet is an insecure place. Many of the protocols used in the Internet do not provide any security. Tools to "sniff" passwords off of the network are in common use by systems crackers.
Thus, applications which send an unencrypted password over the network are extremely vulnerable. Worse yet, other client/server applications rely on the client program to be "honest" about the identity of the user who is using it. Other applications rely on the client to restrict its activities to those which it is allowed to do, with no other enforcement by the server.
Some sites attempt to use firewalls to solve their network security problems. Unfortunately, firewalls assume that "the bad guys" are on the outside, which is often a very bad assumption.
Most of the really damaging incidents of computer crime are carried out by insiders. Firewalls also have a significant disadvantage in that they restrict how your users can use the Internet. (After all, firewalls are simply a less extreme example of the dictum that there is nothing more secure then a computer which is not connected to the network --- and powered off!) In many places, these restrictions are simply unrealistic and unacceptable.
Kerberos was created by MIT as a solution to these network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server have used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.
Kerberos is freely available from MIT, under a copyright permission notice very similar to the one used for the BSD operating and X11 Windowing system. MIT provides Kerberos in source form, so that anyone who wishes to use it may look over the code for themselves and assure themselves that the code is trustworthy. In addition, for those who prefer to rely on a professional supported product, Kerberos is available as a product from many different vendors.
In summary, Kerberos is a solution to your network security problems. It provides the tools of authentication and strong cryptography over the network to help you secure your information systems across your entire enterprise. We hope you find Kerberos as useful as it has been to us.
At MIT, Kerberos has been invaluable to our Information/Technology architecture.
KryptoKnight is a Peer to Peer authentication protocol incorporated into the NetSP product from IBM.
SESAME is an authentication and access control protocol, that also supports communication confidentiality and integrity. It provides public key based authentication along with the Kerberos style authentication, that uses symmetric key cryptography. Sesame supports the Kerberos protocol and adds some security extensions like public key based authentication and an ECMA- style Privilege Attribute Service. The complete Sesame protocol is a two step process. In the first step, the client successfully authenticates itself to the Authentication Server and obtains a ticket that can be presented to the Privilege Attribute Server. In the second step, the initiator obtains proof of his access rights in the form of Privilege Attributes Certificate (PAC). The PAC is a specific form of Access Control Certificate as defined in the ECMA-219 document. This document describes the extensions to Kerberos for public key based authentication as adopted in Sesame.
SESAME, KryptoKnight, and NetSP never took off and the protocols are no longer commonly used.

NEW QUESTION # 224
Which of the following questions are least likely to help in assessing controls covering audit trails?

• A. Is access to online logs strictly controlled?
• B. Are incidents monitored and tracked until resolved?
• C. Does the audit trail provide a trace of user actions?
• D. Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?

Answer: B

Explanation:
Explanation/Reference:
Audit trails maintain a record of system activity by system or application processes and by user activity. In conjunction with appropriate tools and procedures, audit trails can provide individual accountability, a means to reconstruct events, detect intrusions, and identify problems. Audit trail controls are considered technical controls. Monitoring and tracking of incidents is more an operational control related to incident response capability.
Reference(s) used for this question:
SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Pages A-50 to A-51).
NOTE: NIST SP 800-26 has been superceded By: FIPS 200, SP 800-53, SP 800-53A You can find the new replacement at: http://csrc.nist.gov/publications/PubsSPs.html However, if you really wish to see the old standard, it is listed as an archived document at:
http://csrc.nist.gov/publications/PubsSPArch.html

NEW QUESTION # 225
Risk assessment deals with constant monitoring?

• A. False
• B. True

Answer: A

NEW QUESTION # 226
......

Pass Your SSCP Dumps as PDF Updated on 2024 With 1338 Questions: https://easytest.exams4collection.com/SSCP-latest-braindumps.html