• Home
  • Articles
  • [UPDATED 2025] SSCP dumps Free Test Engine Verified By Certified Experts [Q73-Q92]

[UPDATED 2025] SSCP dumps Free Test Engine Verified By Certified Experts [Q73-Q92]

Share

[UPDATED 2025] SSCP dumps Free Test Engine Verified By Certified Experts

Realistic SSCP Accurate & Verified Answers As Experienced in the Actual Test!

NEW QUESTION # 73
What can be defined as secret communications where the very existence of the message is hidden?

  • A. Steganography
  • B. Vernam cipher
  • C. Clustering
  • D. Cryptology

Answer: A

Explanation:
Explanation/Reference:
Steganography is a secret communication where the very existence of the message is hidden. For example, in a digital image, the least significant bit of each word can be used to comprise a message without causing any significant change in the image. Key clustering is a situation in which a plaintext message generates identical ciphertext messages using the same transformation algorithm but with different keys. Cryptology encompasses cryptography and cryptanalysis. The Vernam Cipher, also called a one-time pad, is an encryption scheme using a random key of the same size as the message and is used only once. It is said to be unbreakable, even with infinite resources.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 134).


NEW QUESTION # 74
What type of attack involves IP spoofing, ICMP ECHO and a bounce site?

  • A. SYN attack
  • B. Teardrop attack
  • C. Smurf attack
  • D. IP spoofing attack

Answer: C

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
A smurf attack occurs when an attacker sends a spoofed (IP spoofing) PING (ICMP ECHO) packet to the broadcast address of a large network (the bounce site). The modified packet containing the address of the target system, all devices on its local network respond with a ICMP REPLY to the target system, which is then saturated with those replies. An IP spoofing attack is used to convince a system that it is communication with a known entity that gives an intruder access. It involves modifying the source address of a packet for a trusted source's address. A teardrop attack consists of modifying the length and fragmentation offset fields in sequential IP packets so the target system becomes confused and crashes after it receives contradictory instructions on how the fragments are offset on these packets. A SYN attack is when an attacker floods a system with connection requests but does not respond when the target system replies to those requests.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page
76).


NEW QUESTION # 75
The security of a computer application is most effective and economical in which of the following cases?

  • A. The system is customized to meet the specific security threat.
  • B. The system is procured off-the-shelf.
  • C. The system is optimized prior to the addition of security.
  • D. The system is originally designed to provide the necessary security.

Answer: D

Explanation:
The earlier in the process that security is planned for and implement the cheaper it is. It is also much more efficient if security is addressed in each phase of the development cycle rather than an add-on because it gets more complicated to add at the end. If security plan is developed at the beginning it ensures that security won't be overlooked.
The following answers are incorrect:
The system is optimized prior to the addition of security. Is incorrect because if you wait to implement security after a system is completed the cost of adding security increases dramtically and can become much more complex.
The system is procured off-the-shelf. Is incorrect because it is often difficult to add security to off-the shelf systems.
The system is customized to meet the specific security threat. Is incorrect because this is a distractor. This implies only a single threat.


NEW QUESTION # 76
Who is ultimately responsible for the security of computer based information systems within an organization?

  • A. The tech support team
  • B. The management team.
  • C. The Operation Team.
  • D. The training team.

Answer: B

Explanation:
If there is no support by management to implement, execute, and enforce security policies and procedure, then they won't work. Senior management must be involved in this because they have an obligation to the organization to protect the assests . The requirement here is for management to show "due diligence" in establishing an effective compliance, or security program.
The following answers are incorrect:
The tech support team. Is incorrect because the ultimate responsibility is with management for the security of computer-based information systems.
The Operation Team. Is incorrect because the ultimate responsibility is with management for the security of computer-based information systems.
The Training Team. Is incorrect because the ultimate responsibility is with management for the security of computer-based information systems.


NEW QUESTION # 77
A Wide Area Network (WAN) is basically everything outside of:

  • A. the Internet.
  • B. a Campus Area Network (CAN).
  • C. a Metropolitan Area Network (MAN).
  • D. a Local Area Network (LAN).

Answer: D

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
A WAN is basically everything outside of a LAN.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 99.


NEW QUESTION # 78
Which of the following will a Business Impact Analysis NOT identify?

  • A. Systems critical to the survival of the enterprise.
  • B. The outage time that can be tolerated by the enterprise as a result of a disaster.
  • C. Areas that would suffer the greatest financial or operational loss in the event of a disaster.
  • D. The names of individuals to be contacted during a disaster.

Answer: D

Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.


NEW QUESTION # 79
Business Continuity and Disaster Recovery Planning (Primarily) addresses the:

  • A. Availability, Confidentiality and Integrity of the CIA triad
  • B. Integrity of the CIA triad
  • C. Availability of the CIA triad
  • D. Confidentiality of the CIA triad

Answer: C

Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
The Information Technology (IT) department plays a very important role in identifying and protecting the company's internal and external information dependencies. Also, the information technology elements of the BCP should address several vital issue, including:
Ensuring that the company employs sufficient physical security mechanisms to preserve vital network and hardware components. including file and print servers.
Ensuring that the organization uses sufficient logical security methodologies (authentication, authorization, etc.) for sensitive data.
Reference: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, page 279.


NEW QUESTION # 80
Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access?

  • A. Symmetric Ciphers
  • B. Single Sign-On (SSO)
  • C. Smart cards
  • D. Public Key Infrastructure (PKI)

Answer: B

Explanation:
Explanation/Reference:
The advantages of SSO include having the ability to use stronger passwords, easier administration as far as changing or deleting the passwords, minimize the risks of orphan accounts, and requiring less time to access resources.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 39.


NEW QUESTION # 81
________ ___________ refers to the act of requiring more than on type of authentication to be used and is considered more secure than any single type of authentication.<br> (Choose two)

  • A. Factor
  • B. One
  • C. Three
  • D. Method
  • E. Exponent
  • F. Two

Answer: A,F


NEW QUESTION # 82
Which of the following is NOT a known type of Message Authentication Code (MAC)?

  • A. DES-CBC
  • B. Signature-based MAC (SMAC)
  • C. Universal Hashing Based MAC (UMAC)
  • D. Keyed-hash message authentication code (HMAC)

Answer: B

Explanation:
There is no such thing as a Signature-Based MAC. Being the wrong choice in the list, it is the best answer to this question.
WHAT IS A Message Authentication Code (MAC)?
In Cryptography, a MAC (Message Authentication Code) also known as a cryptographic
checksum, is a small block of data that is generated using a secret key and then appended
to the message. When the message is received, the recipient can generate their own MAC
using the secret key, and thereby know that the message has not changed either
accidentally or intentionally in transit. Of course, this assurance is only as strong as the
trust that the two parties have that no one else has access to the secret key.
A MAC is a small representation of a message and has the following characteristics:
A MAC is much smaller than the message generating it.
Given a MAC, it is impractical to compute the message that generated it.
Given a MAC and the message that generated it, it is impractical to find another message
generating the same MAC.
See the graphic below from Wikipedia showing the creation of a MAC value:

Message Authentication Code MAC HMAC In the example above, the sender of a message runs it through a MAC algorithm to produce a MAC data tag. The message and the MAC tag are then sent to the receiver. The receiver in turn runs the message portion of the transmission through the same MAC algorithm using the same key, producing a second MAC data tag. The receiver then compares the first MAC tag received in the transmission to the second generated MAC tag. If they are identical, the receiver can safely assume that the integrity of the message was not compromised, and the message was not altered or tampered with during transmission.
However, to allow the receiver to be able to detect replay attacks, the message itself must contain data that assures that this same message can only be sent once (e.g. time stamp, sequence number or use of a one-time MAC). Otherwise an attacker could - without even understanding its content - record this message and play it back at a later time, producing the same result as the original sender. NOTE: There are many ways of producing a MAC value. Below you have a short list of some implementation.
The following were incorrect answers for this question:
They were all incorrect answers because they are all real type of MAC implementation. In the case of DES-CBC, a MAC is generated using the DES algorithm in CBC mode, and the secret DES key is shared by the sender and the receiver. The MAC is actually just the last block of ciphertext generated by the algorithm. This block of data (64 bits) is attached to the unencrypted message and transmitted to the far end. All previous blocks of encrypted data are discarded to prevent any attack on the MAC itself. The receiver can just generate his own MAC using the secret DES key he shares to ensure message integrity and authentication. He knows that the message has not changed because the chaining function of CBC would significantly alter the last block of data if any bit had changed anywhere in the message. He knows the source of the message (authentication) because only one other person holds the secret key.
A Keyed-hash message authentication code (HMAC) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authentication of a message. Any cryptographic hash function, such as MD5, SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and on the size and quality of the key.
A message authentication code based on universal hashing, or UMAC, is a type of message authentication code (MAC) calculated choosing a hash function from a class of hash functions according to some secret (random) process and applying it to the message. The resulting digest or fingerprint is then encrypted to hide the identity of the hash function used. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. UMAC is specified in RFC 4418, it has provable cryptographic strength and is usually a lot less computationally intensive than other MACs.
What is the MicMac (confusion) with MIC and MAC?
The term message integrity code (MIC) is frequently substituted for the term MAC, especially in communications, where the acronym MAC traditionally stands for Media Access Control when referring to Networking. However, some authors use MIC as a distinctly different term from a MAC; in their usage of the term the MIC operation does not use secret keys. This lack of security means that any MIC intended for use gauging message integrity should be encrypted or otherwise be protected against tampering. MIC algorithms are created such that a given message will always produce the same MIC assuming the same algorithm is used to generate both. Conversely, MAC algorithms are designed to produce matching MACs only if the same message, secret key and initialization vector are input to the same algorithm. MICs do not use secret keys and, when taken on their own, are therefore a much less reliable gauge of message integrity than MACs. Because MACs use secret keys, they do not necessarily need to be encrypted to provide the same level of assurance.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 15799-15815). Auerbach Publications. Kindle Edition. and http://en.wikipedia.org/wiki/Message_authentication_code and http://tools.ietf.org/html/rfc4418


NEW QUESTION # 83
Which type of firewall can be used to track connectionless protocols such as UDP and RPC?

  • A. Packet filtering firewalls
  • B. Stateful inspection firewalls
  • C. Application level firewalls
  • D. Circuit level firewalls

Answer: B

Explanation:
Packets in a stateful inspection firewall are queued and then analyzed at all OSI layers, providing a more complete inspection of the data. By examining the state and context of the incoming data packets, it helps to track the protocols that are considered "connectionless", such as UDP-based applications and Remote Procedure Calls (RPC). Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 91).


NEW QUESTION # 84
What is the PRIMARY reason to maintain the chain of custody on evidence that has been collected?

  • A. To ensure that no evidence is lost.
  • B. To ensure that all possible evidence is gathered.
  • C. To ensure that incidents were handled with due care and due diligence.
  • D. To ensure that it will be admissible in court

Answer: D

Explanation:
Explanation/Reference:
This is the PRIMARY reason for the chain of custody of evidence. Evidence must be controlled every step of the way. If it is not, the evidence can be tampered with and ruled inadmissable. The Chain of Custody will include a detailed record of:
Who obtained the evidence
What was the evidence
Where and when the evidence was obtained
Who secured the evidence
Who had control or possession of the evidence
The following answers are incorrect because :
To ensure that no evidence is lost is incorrect as it is not the PRIMARY reason.
To ensure that all possible evidence is gathered is also incorrect as it is not the PRIMARY reason.
To ensure that incidents were handled with due care and due diligence is also incorrect as it is also not the PRIMARY reason.
The chain of custody is a history that shows how evidence was collected, analyzed, transported, and preserved in order to establish that it is sufficiently trustworthy to be presented as evidence in court.
Because electronic evidence can be easily modified, a clearly defined chain of custody demonstrates that the evidence is trustworthy which would make it admissible in court.
Reference : Shon Harris AIO v3 , Chapter-10: Law, Investigation, and Ethics , Page : 727


NEW QUESTION # 85
Which of the following does not apply to system-generated passwords?

  • A. If the password-generating algorithm gets to be known, the entire system is in jeopardy.
  • B. Passwords are harder to guess for attackers.
  • C. Passwords are harder to remember for users.
  • D. Passwords are more vulnerable to brute force and dictionary attacks.

Answer: D

Explanation:
Section: Access Control
Explanation/Reference:
Users tend to choose easier to remember passwords. System-generated passwords can provide stronger, harder to guess passwords. Since they are based on rules provided by the administrator, they can include combinations of uppercase/lowercase letters, numbers and special characters, making them less vulnerable to brute force and dictionary attacks. One danger is that they are also harder to remember for users, who will tend to write them down, making them more vulnerable to anyone having access to the user's desk. Another danger with system-generated passwords is that if the password-generating algorithm gets to be known, the entire system is in jeopardy.
Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, July 1992 (page 64).


NEW QUESTION # 86
What is the 802.11 standard related to?

  • A. The OSI/ISO model
  • B. Packet-switching technology
  • C. Wireless network communications
  • D. Public Key Infrastructure (PKI)

Answer: C

Explanation:
The 802.11 standard outlines how wireless clients and APs communicate, lays out the specifications of their interfaces, dictates how signal transmission should take place, and describes how authentication, association, and security should be implemeted.
The following answers are incorrect:
Public Key Infrastructure (PKI) Public Key Infrastructure is a supporting infrastructure to manage public keys. It is not part of the IEEE 802 Working Group standard.
Packet-switching technology A packet-switching technology is not included in the IEEE 802 Working Group standard. It is a technology where-in messages are broken up into packets, which then travel along different routes to the destination.
The OSI/ISO model The Open System Interconnect model is a sevel-layer model defined as an international standard describing network communications.
The following reference(s) were/was used to create this question:
Source: Shon Harris - "All-in-One CISSP Exam Guide" Fourth Edition; Chapter 7 Telecommunications and Network Security: pg. 624.
802.11 refers to a family of specifications developed by the IEEE for Wireless LAN technology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. The IEEE accepted the specification in 1997. There are several specifications in the 802.11 family:
802.11 # applies to wireless LANs and provides 1 or 2 Mbps transmission in the 2.4 GHz band using either frequency hopping spread spectrum (FHSS) or direct sequence spread spectrum (DSSS). 802.11a # an extension to 802.11 that applies to wireless LANs and provides up to 54 Mbps in the 5GHz band. 802.11a uses an orthogonal frequency division multiplexing encoding scheme rather than FHSS or DSSS. 802.11b (also referred to as 802.11 High Rate or Wi-Fi) # an extension to 802.11 that applies to wireless LANS and provides 11 Mbps transmission (with a fallback to 5.5, 2 and 1 Mbps) in the 2.4 GHz band. 802.11b uses only DSSS. 802.11b was a 1999 ratification to the original 802.11 standard, allowing wireless functionality comparable to Ethernet. 802.11g # applies to wireless LANs and provides 20+ Mbps in the 2.4 GHz band.
Source: 802.11 Planet's web site.


NEW QUESTION # 87
Which of the following is NOT a property of the Rijndael block cipher algorithm?

  • A. The key size does not have to match the block size
  • B. The key sizes must be a multiple of 32 bits
  • C. Maximum block size is 256 bits
  • D. Maximum key size is 512 bits

Answer: D

Explanation:
The above statement is NOT true and thus the correct answer. The
maximum key size on Rijndael is 256 bits.
There are some differences between Rijndael and the official FIPS-197 specification for
AES.
Rijndael specification per se is specified with block and key sizes that must be a multiple of
32 bits, both with a minimum of 128 and a maximum of 256 bits. Namely, Rijndael allows
for both key and block sizes to be chosen independently from the set of { 128, 160, 192,
224, 256 } bits. (And the key size does not in fact have to match the block size).
However, FIPS-197 specifies that the block size must always be 128 bits in AES, and that
the key size may be either 128, 192, or 256 bits. Therefore AES-128, AES-192, and AES-
256 are actually: Key Size (bits) Block Size (bits) AES-128 128 128 AES-192 192 128 AES-256 256 128
So in short:
Rijndael and AES differ only in the range of supported values for the block length and cipher key length.
For Rijndael, the block length and the key length can be independently specified to any multiple of 32 bits, with a minimum of 128 bits, and a maximum of 256 bits.
AES fixes the block length to 128 bits, and supports key lengths of 128, 192 or 256 bits only.
References used for this question:
http://blogs.msdn.com/b/shawnfa/archive/2006/10/09/the-differences-between-rijndael-andaes.aspx and http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf


NEW QUESTION # 88
Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic?

  • A. passwords.
  • B. a firewall.
  • C. fiber optics.
  • D. dial-up.

Answer: B

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
The use of a firewall is a requirement to protect a local area network (LAN) that has external connections without that you have no real protection from fraudsters.
The following answers are incorrect:
dial-up. This is incorrect because this offers little protection once the connection has been established.
passwords. This is incorrect because there are tools to crack passwords and once a user has been authenticated and connects to the external connections, passwords do not offer protection against incoming TCP packets.
fiber optics. This is incorrect because this offers no protection from the external connection.


NEW QUESTION # 89
If your property Insurance has Replacement Cost Valuation (RCV) clause your damaged property will be compensated:

  • A. Based on the value listed on the Ebay auction web site
  • B. Based on value of item one month before the loss
  • C. Based on new, comparable, or identical item for old regardless of condition of lost item
  • D. Based on the value of item on the date of loss

Answer: C

Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
RCV is the maximum amount your insurance company will pay you for damage to covered property before deducting for depreciation. The RCV payment is based on the current cost to replace your property with new, identical or comparable property.
The other choices were detractor:
Application and definition of the insurance terms Replacement Cost Value (RCV), Actual Cash Value (ACV) and depreciation can be confusing. It's important that you understand the terms to help settle your claim fairly.
An easy way to understand RCV and ACV is to think in terms of "new" and "used." Replacement cost is the item's current price, new. "What will it cost when I replace it?" Actual cash is the item's used price, old. "How much money is it worth since I used it for five years?" Hold Back Most policies only pay the Actual Cash Value upfront, and then they pay you the "held back" depreciation after you incur the expense to repair or replace your personal property items.
NOTE: You must remember to send documentation to the insurance company proving you've incurred the additional expense you will be reimbursed.
Actual Cash Value (ACV)
ACV is the amount your insurance company will pay you for damage to covered property after deducting for depreciation. ACV is the replacement cost of a new item, minus depreciation. If stated as a simple equation, ACV could be defined as follows: ACV=RCV-Depreciation Unfortunately, ACV is not always as easy to agree upon as a simple math equation. The ACV can also be calculated as the price a willing buyer would pay for your used item.
Depreciation
Depreciation (sometimes called "hold back") is defined as the "loss in value from all causes, including age, and wear and tear." Although the definition seems to be clear, in our experience, value" as a real-world application is clearly subjective and varies widely. We have seen the same adjuster apply NO depreciation (100 percent value) on one claim and 40 percent depreciation almost half value) on an almost identical claim.
This shows that the process of applying depreciation is subjective and clearly negotiable.
Excessive Depreciation
When the insurance company depreciates more than they should, it is called "Excessive depreciation." Although not ethical, it is very common. Note any items that have excessive depreciation and write a letter to your insurance company.
References:
http://carehelp.org/downloads/category/1-insurance-handouts.html?download=17%3Ahandout08-rcv-and-acv and
http://www.schirickinsurance.com/resources/value2005.pdf
and
TIPTON, Harold F. & KRAUSE, MICKI, information Security Management Handbook, 4th Edition, Volume 1 Property Insurance overview, Page 587.


NEW QUESTION # 90
What is the essential difference between a self-audit and an independent audit?

  • A. Tools used
  • B. Competence
  • C. Objectivity
  • D. Results

Answer: C

Explanation:
Explanation/Reference:
To maintain operational assurance, organizations use two basic methods: system audits and monitoring.
Monitoring refers to an ongoing activity whereas audits are one-time or periodic events and can be either internal or external. The essential difference between a self-audit and an independent audit is objectivity, thus indirectly affecting the results of the audit. Internal and external auditors should have the same level of competence and can use the same tools.
Source: SWANSON, Marianne & GUTTMAN, Barbara, National Institute of Standards and Technology (NIST), NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, September 1996 (page 25).


NEW QUESTION # 91
A proxy is considered a:

  • A. second generation firewall.
  • B. fourth generation firewall.
  • C. third generation firewall.
  • D. first generation firewall.

Answer: A

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
The proxy (application layer firewall, circuit level proxy, or application proxy ) is a second generation firewall
"First generation firewall" incorrect. A packet filtering firewall is a first generation firewall.
"Third generation firewall" is incorrect. Stateful Firewall are considered third generation firewalls
"Fourth generation firewall" is incorrect. Dynamic packet filtering firewalls are fourth generation firewalls References:
CBK, p. 464
AIO3, pp. 482 - 484
Neither CBK or AIO3 use the generation terminology for firewall types but you will encounter it frequently as a practicing security professional. See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/centri4/user/ scf4ch3.htm for a general discussion of the different generations.


NEW QUESTION # 92
......

Latest ISC SSCP Practice Test Questions: https://actualtests.passsureexam.com/SSCP-pass4sure-exam-dumps.html

Related Articles

more
ISC SSCP Certification Practice Exam