Free SSCP Exam Dumps

Question 76

- (Topic 6)
Telnet and rlogin use which protocol?

A. UDP.
B. SNMP.
C. TCP.
D. IGP.

Correct Answer:C
TCP allows for reliabilty in connections which would be required for terminal emulation.
The following answers are incorrect:
UDP. Is incorrect because with User Datagram Protocol (UDP) you don't have a reliable transmission, datagrams could arrive out of sequence.
SNMP. Is incorrect because it is a network management protocol, Simple Network Management Protocol (SNMP).
IGP. Is incorrect because Interior Gateway Protocol (IGP) is used interally on a network.

Question 77

- (Topic 1)
What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values?

A. Mandatory model
B. Discretionary model
C. Lattice model
D. Rule model

Correct Answer:C
In a lattice model, there are pairs of elements that have the least upper bound of values and greatest lower bound of values.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.

Question 78

- (Topic 6)
Proxies works by transferring a copy of each accepted data packet from one network to another, thereby masking the:

A. data's payload
B. data's details
C. data's owner
D. data's origin

Correct Answer:D
The application firewall (proxy) relays the traffic from a trusted host running a specific application to an untrusted server. It will appear to the untrusted server as if the request originated from the proxy server.
"Data's payload" is incorrect. Only the origin is changed. "Data's details" is incorrect. Only the origin is changed.
"Data's owner" is incorrect. Only the origin is changed. References:
CBK, p. 467
AIO3, pp. 486 - 490

Question 79

- (Topic 1)
Which of the following control pairings include: organizational policies and procedures, pre- employment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks?

A. Preventive/Administrative Pairing
B. Preventive/Technical Pairing
C. Preventive/Physical Pairing
D. Detective/Administrative Pairing

Correct Answer:A
The Answer: Preventive/Administrative Pairing: These mechanisms include organizational policies and procedures, pre-employment background checks, strict hiring practices, employment agreements, friendly and unfriendly employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.

Question 80

- (Topic 3)
Which of the following is not a preventive operational control?

A. Protecting laptops, personal computers and workstations.
B. Controlling software viruses.
C. Controlling data media access and disposal.
D. Conducting security awareness and technical training.

Correct Answer:D
Conducting security awareness and technical training to ensure that end users and system users are aware of the rules of behaviour and their responsibilities in protecting the organization's mission is an example of a preventive management control, therefore not an operational control.
Source: STONEBURNER, Gary et al., NIST Special publication 800-30, Risk management Guide for Information Technology Systems, 2001 (page 37).