C Certs Club
Home
Oracle SAP Microsoft Cisco CompTIA Fortinet Salesforce Nutanix Linux Foundation Amazon View All Vendors →
Login Register

ISC2 SSCP - ISC2 Systems Security Certified Practitioner Certification Exam

Download Exam View Entire Exam
Page: 1 / 2
Question #1 (Topic: Demo Questions)

In Mandatory Access Control, sensitivity labels attached to object contain what information? 

A.
The item's classification 
B.
The item's classification and category set
C.
The item's category 
D.
The items's need to know
Correct Answer: B
Explanation:
A Sensitivity label must contain at least one classification and one category set.
Category set and Compartment set are synonyms, they mean the same thing. The sensitivity label
must contain at least one Classification and at least one Category. It is common in some
environments for a single item to belong to multiple categories. The list of all the categories to which
an itembelongs is called a compartment set or category set. The following answers are incorrect: the item's classification. Is incorrect because you need a category set as well. the item's category. Is incorrect because category set and classification would be both be required. The item's need to know. Is incorrect because there is no such thing. The need to know is indicated by the catergories the object belongs to.
Question #2 (Topic: Demo Questions)

Which of the following is needed for System Accountability? 

A.
Audit mechanisms
B.
Documented design as laid out in the Common Criteria
C.
Authorization. 
D.
Formal verification ofsystem design.
Correct Answer: A
Explanation:
Is a means of being able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed. Accountability is the ability to identify users and to be able to track user actions. The following answers are incorrect: Documented design as laid out in the Common Criteria. Is incorrect because the Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability. Authorization. Is incorrect because Authorization is granting access to subjects, just because you have authorization does not hold the subject accountable for their actions. Formal verification of system design. Is incorrect because all you have done is to verify the system design and have not taken any steps toward system accountability.
Question #3 (Topic: Demo Questions)

What is Kerberos? 

A.
A three-headed dog from the egyptian mythology.
B.
A trusted third-party authentication protocol.
C.
A security model.
D.
A remote authentication dial in user server.
Correct Answer: B
Explanation:
B Is correct because that is exactly what Kerberos is. The following answers are incorrect: A three-headed dog from Egyptian mythology. Is incorrect because we are dealing with Information Security and not the Egyptian mythology but the Greek Mythology. A security model. Is incorrect because Kerberos is an authentication protocol and not just a security model. A remote authentication dial in user server. Is incorrect because Kerberos is not a remote authentication dial in user server that would be called RADIUS. 
Question #4 (Topic: Demo Questions)

The type of discretionary access control (DAC) that is based on an individual ' s identity is also called:

A.
Identity-based Access control
B.
Rule-based Access control
C.
Non-Discretionary Access Control
D.
Lattice-based Access control
Correct Answer: A
Explanation:
An identity-based access control is a type of Discretionary Access Control (DAC) that is based on an individual ' s identity.
DAC is good for low level security environment. The owner of the file decides who has access to the file.
If a user creates a file, he is the owner of that file. An identifier for this user is placed in the file header and/or in an access control matrix within the operating system.
Ownership might also be granted to a specific individual. For example, a manager for a certain department might be made the owner of the files and resources within her department. A system that uses discretionary access control (DAC) enables the owner of the resource to specify which subjects can access specific resources.
This model is called discretionary because the control of access is based on the discretion of the owner. Many times department managers, or business unit managers , are the owners of the data within their specific department. Being the owner, they can specify who should have access and who should not.
Question #5 (Topic: Demo Questions)

Like the Kerberos protocol, SESAME is also subject to which of the following?

A.
timeslot replay
B.
password guessing
C.
symmetric key guessing
D.
asymmetric key guessing
Next Question
Correct Answer: B
Explanation:
Sesame is an authentication and access control protocol, that also supports communication confidentiality and integrity. It provides public key based authentication along with the Kerberos style authentication, that uses symmetric key cryptography. Sesame supports the Kerberos protocol and adds some security extensions like public key based authentication and an ECMA-style Privilege Attribute Service.
The users under SESAME can authenticate using either symmetric encryption as in Kerberos or Public Key authentication. When using Symmetric Key authentication as in Kerberos, SESAME is also vulnerable to password guessing just like Kerberos would be. The Symmetric key being used is based on the password used by the user when he logged on the system. If the user has a simple password it could be guessed or compromise. Even thou Kerberos or SESAME may be use, there is still a need to have strong password discipline.
The Basic Mechanism in Sesame for strong authentication is as follow:
The user sends a request for authentication to the Authentication Server as in Kerberos, except that SESAME is making use of public key cryptography for authentication where the client will present his digital certificate and the request will be signed using a digital signature. The signature is communicated to the authentication server through the preauthentication fields. Upon receipt of this request, the authentication server will verifies the certificate, then validate the signature, and if all is fine the AS will issue a ticket granting ticket (TGT) as in Kerberos. This TGT will be use to communicate with the privilage attribute server (PAS) when access to a resource is needed.
Users may authenticate using either a public key pair or a conventional (symmetric) key. If public key cryptography is used, public key data is transported in preauthentication data fields to help establish identity.
Kerberos uses tickets for authenticating subjects to objects and SESAME uses Privileged Attribute Certificates (PAC), which contain the subject’s identity, access capabilities for the object, access time period, and lifetime of the PAC. The PAC is digitally signed so that the object can validate that it came from the trusted authentication server, which is referred to as the privilege attribute server (PAS). The PAS holds a similar role as the KDC within Kerberos. After a user successfully authenticates to the authentication service (AS), he is presented with a token to give to the PAS. The PAS then creates a PAC for the user to present to the resource he is trying to access.