• Home
  • Articles
  • 2024 SSCP dumps review - Professional Quiz Study Materials [Q479-Q496]

2024 SSCP dumps review - Professional Quiz Study Materials [Q479-Q496]

Share

2024 SSCP dumps review - Professional Quiz Study Materials

SSCP Test Prep Training Practice Exam Questions Practice Tests

NEW QUESTION # 479
Which xDSL flavour delivers both downstream and upstream speeds of 1.544 Mbps over two copper twisted pairs?

  • A. ADSL
  • B. HDSL
  • C. SDSL
  • D. VDSL

Answer: B

Explanation:
High-rate Digital Subscriber Line (HDSL) delivers 1.544 Mbps of bandwidth each way over two copper twisted pairs. SDSL also delivers 1.544 Mbps but over a single copper twisted pair. ADSL and VDSL offer a higher bandwidth downstream than upstream.


NEW QUESTION # 480
Which of the following steps is NOT one of the eight detailed steps of a Business Impact Assessment (BIA):

  • A. Creating data gathering techniques.
  • B. Identifying critical business functions.
  • C. Notifying senior management of the start of the assessment.
  • D. Calculating the risk for each different business function.

Answer: C

Explanation:
Source: HARRIS, S., CISSP All- In-One Exam Guide, 3rd. Edition, 2005, Chapter 9, Page 701.
There have been much discussion about the steps of the BIA and I struggled with this before deciding to scrape the question about "the four steps," and re-write the question using the AIO for a reference. This question should be easy.... if you know all eight steps.
The eight detailed and granular steps of the BIA are:
1.Select Individuals to interview for the data gathering.
2.Create data gathering techniques (surveys, questionnaires, qualitative and quantitative approaches).
3.Identify the company's critical business functions.
4.Identify the resources that these functions depend upon.
5.Calculate how long these functions can survive without these resources.
6.Identify vulnerabilities and the threats to these functions.
7.Calculate risk for each of the different business functions.
8.Document findings and report them to management.
Shon goes on to cover each step in Chapter 9.


NEW QUESTION # 481
It is a violation of the "separation of duties" principle when which of the following individuals access the software on systems implementing security?

  • A. systems auditor
  • B. security administrator
  • C. security analyst
  • D. systems programmer

Answer: D

Explanation:
Explanation/Reference:
Reason: The security administrator, security analysis, and the system auditor need access to portions of the security systems to accomplish their jobs. The system programmer does not need access to the working (AKA: Production) security systems.
Programmers should not be allowed to have ongoing direct access to computers running production systems (systems used by the organization to operate its business). To maintain system integrity, any changes they make to production systems should be tracked by the organization's change management control system.
Because the security administrator's job is to perform security functions, the performance of non-security tasks must be strictly limited. This separation of duties reduces the likelihood of loss that results from users abusing their authority by taking actions outside of their assigned functional responsibilities.
References:
OFFICIAL (ISC)2® GUIDE TO THE CISSP® EXAM (2003), Hansche, S., Berti, J., Hare, H., Auerbach Publication, FL, Chapter 5 - Operations Security, section 5.3,"Security Technology and Tools," Personnel section (page 32).
KRUTZ, R. & VINES, R. The CISSP Prep Guide: Gold Edition (2003), Wiley Publishing Inc., Chapter 6:
Operations Security, Separations of Duties (page 303).


NEW QUESTION # 482
Which of the following is NOT a common category/classification of threat to an IT system?

  • A. Hackers
  • B. Human
  • C. Technological
  • D. Natural

Answer: A

Explanation:
Hackers are classified as a human threat and not a classification by itself.
All the other answers are incorrect. Threats result from a variety of factors, although they are classified in three types: Natural (e.g., hurricane, tornado, flood and fire), human (e.g. operator error, sabotage, malicious code) or technological (e.g. equipment failure, software error, telecommunications network outage, electric power failure).
Reference:
SWANSON, Marianne, & al., National Institute of Standards and Technology (NIST), http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov112010.pdf, June 2002 (page 6).


NEW QUESTION # 483
The most common source of attack against companies comes from:

  • A. Hackers
  • B. Spies
  • C. Crackers
  • D. Script kiddies
  • E. Insiders

Answer: E

Explanation:
Insiders are the most dangerous and often overlooked group of attackers.


NEW QUESTION # 484
All following observations about IPSec are correct except:

  • A. Support two communication modes - Tunnel mode and Transport mode
  • B. Default Hashing protocols are HMAC-MD5 or HMAC-SHA-1
  • C. Default Encryption protocol is Cipher Block Chaining mode DES, but other algorithms like ECC (Elliptic curve cryptosystem) can be used
  • D. Works only with Secret Key Cryptography

Answer: D


NEW QUESTION # 485
Degaussing is used to clear data from all of the following medias except:

  • A. Magnetic Hard Disks
  • B. Read-Only Media
  • C. Video Tapes
  • D. Floppy Disks

Answer: B

Explanation:
Atoms and Data
Shon Harris says: "A device that performs degaussing generates a coercive magnetic force that reduces the magnetic flux density of the storage media to zero. This magnetic force is what properly erases data from media. Data are stored on magnetic media by the representation of the polarization of the atoms. Degaussing changes" The latest ISC2 book says:
"Degaussing can also be a form of media destruction. High-power degaussers are so strong in some cases that they can literally bend and warp the platters in a hard drive. Shredding and burning are effective destruction methods for non-rigid magnetic media. Indeed, some shredders are capable of shredding some rigid media such as an optical disk. This may be an effective alternative for any optical media containing nonsensitive information due to the residue size remaining after feeding the disk into the machine. However, the residue size might be too large for media containing sensitive information. Alternatively, grinding and pulverizing are acceptable choices for rigid and solid-state media. Specialized devices are available for grinding the face of optical media that either sufficiently scratches the surface to render the media unreadable or actually grinds off the data layer of the disk. Several services also exist which will collect drives, destroy them on site if requested and provide certification of completion. It will be the responsibility of the security professional to help, select, and maintain the most appropriate solutions for media cleansing and disposal." Degaussing is achieved by passing the magnetic media through a powerful magnet field to rearrange the metallic particles, completely removing any resemblance of the previously recorded signal (from the "all about degaussers link below). Therefore, degaussing will work on any electronic based media such as floppy disks, or hard disks - all of these are examples of electronic storage. However, "read-only media" includes items such as paper printouts and CD- ROM wich do not store data in an electronic form or is not magnetic storage. Passing them through a magnet field has no effect on them.
Not all clearing/ purging methods are applicable to all media-- for example, optical media is not susceptible to degaussing, and overwriting may not be effective against Flash devices. The degree to which information may be recoverable by a sufficiently motivated and capable adversary must not be underestimated or guessed at in ignorance. For the highest-value commercial data, and for all data regulated by government or military classification rules, read and follow the rules and standards.
I will admit that this is a bit of a trick question. Determining the difference between "read-only media" and "read-only memory" is difficult for the question taker. However, I believe it is representative of the type of question you might one day see on an exam.
The other answers are incorrect because:
Floppy Disks, Magnetic Tapes, and Magnetic Hard Disks are all examples of magnetic storage, and therefore are erased by degaussing.
A videotape is a recording of images and sounds on to magnetic tape as opposed to film stock used in filmmaking or random access digital media. Videotapes are also used for storing scientific or medical data, such as the data produced by an electrocardiogram. In most cases, a helical scan video head rotates against the moving tape to record the data in two dimensions, because video signals have a very high bandwidth, and static heads would require extremely high tape speeds. Videotape is used in both video tape recorders (VTRs) or, more commonly and more recently, videocassette recorder (VCR) and camcorders. A Tape use a linear method of storing information and since nearly all video recordings made nowadays are digital direct to disk recording (DDR), videotape is expected to gradually lose importance as non-linear/random- access methods of storing digital video data become more common.


NEW QUESTION # 486
Because all the secret keys are held and authentication is performed on the Kerberos TGS and the authentication servers, these servers are vulnerable to:

  • A. neither physical attacks nor attacks from malicious code.
  • B. physical attacks but not attacks from malicious code.
  • C. physical attacks only
  • D. both physical attacks and attacks from malicious code.

Answer: D

Explanation:
Since all the secret keys are held and authentication is performed on the Kerberos TGS and the authentication servers, these servers are vulnerable to both physical attacks and attacks from malicious code.
Because a client's password is used in the initiation of the Kerberos request for the service protocol, password guessing can be used to impersonate a client.


NEW QUESTION # 487
Which layer of the OSI model handles encryption?

  • A. Presentation Layer - L6
  • B. Session Layer - L5
  • C. Data Link Layer - L2
  • D. Application Layer - L7

Answer: A


NEW QUESTION # 488
Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the OSI model?

  • A. Network Layer.
  • B. Session Layer.
  • C. Application Layer.
  • D. Transport Layer.

Answer: C

Explanation:
The Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at the Application Layer of the Open Systems Interconnect (OSI) model.


NEW QUESTION # 489
Which of the following is NOT an administrative control?

  • A. Development of policies, standards, procedures and guidelines
  • B. Change control procedures
  • C. Screening of personnel
  • D. Logical access control mechanisms

Answer: D

Explanation:
It is considered to be a technical control.
Logical is synonymous with Technical Control. That was the easy answer.
There are three broad categories of access control: Administrative, Technical, and Physical.
Each category has different access control mechanisms that can be carried out manually or automatically. All of these access control mechanisms should work in concert with each other to protect an infrastructure and its data.
Each category of access control has several components that fall within it, as shown here:
Administrative Controls
Policy and procedures
Personnel controls
Supervisory structure
Security-awareness training
Testing
Physical Controls
Network segregation Perimeter security Computer controls Work area separation Data backups
Technical Controls
System access Network architecture Network access Encryption and protocols Control zone Auditing
The following answers are incorrect :
Screening of personnel is considered to be an administrative control
Development of policies, standards, procedures and guidelines is considered to be an administrative control
Change control procedures is considered to be an administrative control. Reference : Shon Harris AIO v3 , Chapter - 3 : Security Management Practices , Page : 5254


NEW QUESTION # 490
Which type of firewall can be used to track connectionless protocols such as UDP and RPC?

  • A. Packet filtering firewalls
  • B. Stateful inspection firewalls
  • C. Application level firewalls
  • D. Circuit level firewalls

Answer: B

Explanation:
Packets in a stateful inspection firewall are queued and then analyzed at all OSI layers, providing a more complete inspection of the data. By examining the state and context of the incoming data packets, it helps to track the protocols that are considered "connectionless", such as UDP-based applications and Remote Procedure Calls (RPC).


NEW QUESTION # 491
Who should direct short-term recovery actions immediately following a disaster?

  • A. Chief Executive Officer.
  • B. Chief Operating Officer.
  • C. Disaster Recovery Manager.
  • D. Chief Information Officer.

Answer: C

Explanation:
Explanation/Reference:
The Disaster Recovery Manager should also be a member of the team that assisted in the development of the Disaster Recovery Plan. Senior-level management need to support the process but would not be involved with the initial process.
The following answers are incorrect:
Chief Information Officer. Is incorrect because the Senior-level management are the ones to authorize the recovery plan and process but during the initial recovery process they will most likely be heavily involved in other matters.
Chief Operating Officer. Is incorrect because the Senior-level management are the ones to authorize the recovery plan and process but during the initial recovery process they will most likely be heavily involved in other matters.
Chief Executive Officer. Is incorrect because the Senior-level management are the ones to authorize the recovery plan and process but during the initial recovery process they will most likely be heavily involved in other matters.


NEW QUESTION # 492
The main difference between MD5 and SHA is what?

  • A. MD5 has 160 bit signature and SHA has a 128 bit signature
  • B. SHA has 160 bit signature and MD5 has a 128 bit signature
  • C. Security - SHA can be forged and MD5 cannot
  • D. Security - MD5 can be forged and SHA cannot

Answer: B


NEW QUESTION # 493
What is the PRIMARY use of a password?

  • A. Authenticate the user.
  • B. Identify the user.
  • C. Allow access to files.
  • D. Segregate various user's accesses.

Answer: A

Explanation:
Section: Access Control
Explanation/Reference:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.


NEW QUESTION # 494
How often should tests and disaster recovery drills be performed?

  • A. At least once a year
  • B. At least once every 6 months
  • C. At least once a quarter
  • D. At least once every 2 years

Answer: A

Explanation:
Explanation/Reference:
Tests and disaster recovery drills should be performed at least once a year. The company should have no confidence in an untested plan. Since systems and processes can change, frequent testing will aid in ensuring a plan will succeed.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter
9: Disaster Recovery and Business continuity (page 621).


NEW QUESTION # 495
What is the most correct choice below when talking about the steps to resume normal operation at the primary site after the green light has been given by the salvage team?

  • A. The most critical operations are moved from alternate site to primary site before others
  • B. The least critical functions should be moved back first
  • C. You moves items back in the same order as the categories document in your plan or exactly in the same order as you did on your way to the alternate site
  • D. Operation may be carried by a completely different team than disaster recovery team

Answer: B

Explanation:
It's interesting to note that the steps to resume normal processing operations will be different than the steps of the recovery plan; that is, the least critical work should be brought back first to the primary site.
The most important point above in the steps would be to move the least critical items or resources back to the primary site first. This way you can ensure that the site was really
well prepared and that all is working fine.
Before that first step would be done, you would get the green light from the salvage team
that it is fine to move back to the primary site. The first step after getting the green light
would be to move the least critical elements first.
As stated in the Shon Harris book:
The least critical functions should be moved back first, so if there are issues in network
configurations or connectivity, or important steps were not carried out, the critical
operations of the company are not negatively affected. Why go through the trouble of
moving the most critical systems and operations to a safe and stable site, only to return it to
a main site that is untested? Let the less critical departments act as the canary. If they
survive, then move over the more critical components of the company.
When it is time for the company to move back into its original site or a new site, the
company enters the reconstitution phase. A company is not out of an emergency state until
it is back in operation at the original primary site or a new site that was constructed to
replace the primary site, because the company is always vulnerable while operating in a
backup facility.
Many logistical issues need to be considered as to when a company must return from the
alternate site to the original site. The following lists a few of these issues:
Ensuring the safety of employees
Ensuring an adequate environment is provided (power, facility infrastructure, water, HVAC)
Ensuring that the necessary equipment and supplies are present and in working order
Ensuring proper communications and connectivity methods are working
Properly testing the new environment
Once the coordinator, management, and salvage team sign off on the readiness of the
facility, the salvage team should carry out the following steps:
Back up data from the alternate site and restore it within the new facility.
Carefully terminate contingency operations.
Securely transport equipment and personnel to the new facility.
All other choices are not the correct answer.
Reference(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Location 19389). McGraw-Hill. Kindle Edition. and KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Page 290.


NEW QUESTION # 496
......


The SSCP certification exam covers seven domains of security operations and administration, including access controls, security operations and administration, risk identification, monitoring and analysis, cryptography, network and communications security, and security assessment and testing. SSCP exam is intended for professionals with one year of experience in one or more of these domains.

 

Exam Questions Answers Braindumps SSCP Exam Dumps PDF Questions: https://www.test4engine.com/SSCP_exam-latest-braindumps.html

SSCP Exam Dumps, SSCP Practice Test Questions: https://drive.google.com/open?id=1yEZRCvqf17NHc8vYb7tWxNZO4roO8YkF

Related Articles

more
ISC SSCP Certification Practice Exam

Test4Engine are providing the latest test engine versions for all IT certification exams. Besides for the common PDF test dumps, exam simulator engine is necessary for you to clear test questions and answers.

Contact Us

Our Working Time: ( GMT 0:00-15:00 )   From Monday to Saturday

Contact now

Copyright © 2026 Test4Engine NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
Test4Engine doesn't offer Real (ISC)² Exam Questions. Test4Engine doesn't offer Real CompTIA Exam Questions. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Test4Engine material do not contain actual actual Oracle Exam Questions or material. Test4Engine doesn't offer Real Microsoft Exam Questions. Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation. Test4Engine Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Test4Engine does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Test4Engine does not own or claim any ownership on any of the brands.