SSCP : System Security Certified Practitioner (SSCP) : Part 43

SSCP : System Security Certified Practitioner (SSCP) : Part 43

1. Whose role is it to assign classification level to information?

   • Security Administrator
   • User
   • Owner
   • Auditor

   Explanation:

   The Data/Information Owner is ultimately responsible for the protection of the data. It is the Data/Information Owner that decides upon the classifications of that data they are responsible for.

   The data owner decides upon the classification of the data he is responsible for and alters that classification if the business need arises.

   The following answers are incorrect:

   Security Administrator. Is incorrect because this individual is responsible for ensuring that the access right granted are correct and support the polices and directives that the Data/Information Owner defines.

   User. Is Incorrect because the user uses/access the data according to how the Data/Information Owner defined their access.

   Auditor. Is incorrect because the Auditor is responsible for ensuring that the access levels are appropriate. The Auditor would verify that the Owner classified the data properly.

   References:
   CISSP All In One Third Edition, Shon Harris, Page 121

2. Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data?

   • Limiting the local access of operations personnel
   • Job rotation of operations personnel
   • Management monitoring of audit logs
   • Enforcing regular password changes
   Explanation:

   The questions specifically said: “within a different function” which eliminate Job Rotation as a choice.

   Management monitoring of audit logs is a detective control and it would not prevent collusion.
   Changing passwords regularly would not prevent such attack.

   This question validates if you understand the concept of separation of duties and least privilege. By having operators that have only the minimum access level they need and only what they need to do their duties within a company, the operations personnel would be force to use collusion to defeat those security mechanism.
   Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

3. Step-by-step instructions used to satisfy control requirements is called a:

   • policy
   • standard
   • guideline
   • procedure
   Explanation:
   Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 

4. One purpose of a security awareness program is to modify:

   • employee’s attitudes and behaviors towards enterprise’s security posture
   • management’s approach towards enterprise’s security posture
   • attitudes of employees with sensitive data
   • corporate attitudes about safeguarding data
   Explanation:

   The Answer: security awareness training is to modify employees behaviour and attitude towards towards enterprise’s security posture.

   Security-awareness training is performed to modify employees’ behavior and attitude toward security. This can best be achieved through a formalized process of security-awareness training.

   It is used to increase the overall awareness of security throughout the company. It is targeted to every single employee and not only to one group of users.

   Unfortunately you cannot apply a patch to a human being, the only thing you can do is to educate employees and make them more aware of security issues and threats. Never underestimate human stupidity.

   Reference(s) used for this question:

   TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
   also see:
   Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 130). McGraw-Hill. Kindle Edition.

5. Which of the following describes a logical form of separation used by secure computing systems?

   • Processes use different levels of security for input and output devices.
   • Processes are constrained so that each cannot access objects outside its permitted domain.
   • Processes conceal data and computations to inhibit access by outside processes.
   • Processes are granted access based on granularity of controlled objects.
   Explanation:
   Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 

6. What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects?

   • Disclosure of residual data.
   • Unauthorized obtaining of a privileged execution state.
   • Denial of service through a deadly embrace.
   • Data leakage through covert channels.
   Explanation:

   This question is asking you to consider the effects of object reuse. Object reuse is “reassigning to subject media that previously contained information. Object reuse is a security concern because if insufficient measures were taken to erase the information on the media, the information may be disclosed to unauthorized personnel.”

   This concept relates to Security Architecture and Design, because it is in level C2: Controlled Access Protection, of the Orange Book, where “The object reuse concept must be invoked, meaning that any medium holding data must not contain any remnants of information after it is release for another subject to use.”

   REFERENCE:

   AIO Version 5 (Shon Harris), page 360
   and
   TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

7. What is the most secure way to dispose of information on a CD-ROM?

   • Sanitizing
   • Physical damage
   • Degaussing
   • Physical destruction
   Explanation:

   First you have to realize that the question is specifically talking about a CDROM. The information stored on a CDROM is not in electro magnetic format, so a degausser woud be inneffective.

   You cannot sanitize a CDROM but you might be able to sanitize a RW/CDROM. A CDROM is a write once device and cannot be overwritten like a hard disk or other magnetic device.

   Physical Damage would not be enough as information could still be extracted in a lab from the undamaged portion of the media or even from the pieces after the physical damage has been done.

   Physical Destruction using a shredder, your microwave oven, melting it, would be very effective and the best choice for a non magnetic media such as a CDROM.
   Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

8. The Reference Validation Mechanism that ensures the authorized access relationships between subjects and objects is implementing which of the following concept:

   • The reference monitor.
   • Discretionary Access Control.
   • The Security Kernel.
   • Mandatory Access Control.
   Explanation:

   The reference monitor concept is an abstract machine that ensures that all subjects have the necessary access rights before accessing objects. Therefore, the kernel will mediates all accesses to objects by subjects and will do so by validating through the reference monitor concept.

   The kernel does not decide whether or not the access will be granted, it will be the Reference Monitor which is a subset of the kernel that will say YES or NO.

   All access requests will be intercepted by the Kernel, validated through the reference monitor, and then access will either be denied or granted according to the request and the subject privileges within the system.

   1. The reference monitor must be small enough to be full tested and valided
   2. The Kernel must MEDIATE all access request from subjects to objects
   3. The processes implementing the reference monitor must be protected
   4. The reference monitor must be tamperproof

   The following answers are incorrect:

   The security kernel is the mechanism that actually enforces the rules of the reference monitor concept.

   The other answers are distractors.

   Shon Harris, All In One, 5th Edition, Security Architecture and Design, Page 330
   also see
   http://en.wikipedia.org/wiki/Reference_monitor

9. Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes?

   • Key escrow
   • Rotation of duties
   • Principle of need-to-know
   • Principle of least privilege
   Explanation:

   Job rotations reduce the risk of collusion of activities between individuals. Companies with individuals working with sensitive information or systems where there might be the opportunity for personal gain through collusion can benefit by integrating job rotation with segregation of duties. Rotating the position may uncover activities that the individual is performing outside of the normal operating procedures, highlighting errors or fraudulent behavior.

   Rotation of duties is a method of reducing the risk associated with a subject performing a (sensitive) task by limiting the amount of time the subject is assigned to perform the task before being moved to a different task.

   The following are incorrect answers:
   Key escrow is related to the protection of keys in storage by splitting the key in pieces that will be controlled by different departments. Key escrow is the process of ensuring a third party maintains a copy of a private key or key needed to decrypt information. Key escrow also should be considered mandatory for most organization’s use of cryptography as encrypted information belongs to the organization and not the individual; however often an individual’s key is used to encrypt the information.

   Separation of duties is a basic control that prevents or detects errors and irregularities by assigning responsibility for different parts of critical tasks to separate individuals, thus limiting the effect a single person can have on a system. One individual should not have the capability to execute all of the steps of a particular process. This is especially important in critical business areas, where individuals may have greater access and capability to modify, delete, or add data to the system. Failure to separate duties could result in individuals embezzling money from the company without the involvement of others.

   The need-to-know principle specifies that a person must not only be cleared to access classified or other sensitive information, but have requirement for such information to carry out assigned job duties. Ordinary or limited user accounts are what most users are assigned. They should be restricted only to those privileges that are strictly required, following the principle of least privilege. Access should be limited to specific objects following the principle of need-to-know.

   The principle of least privilege requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. Least privilege refers to granting users only the accesses that are required to perform their job functions. Some employees will require greater access than others based upon their job functions. For example, an individual performing data entry on a mainframe system may have no need for Internet access or the ability to run reports regarding the information that they are entering into the system. Conversely, a supervisor may have the need to run reports, but should not be provided the capability to change information in the database.

   Reference(s) used for this question:

   Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 10628-10631). Auerbach Publications. Kindle Edition.
   and
   Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 10635-10638). Auerbach Publications. Kindle Edition.
   and
   Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 10693-10697). Auerbach Publications. Kindle Edition.
   and
   Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 16338-16341). Auerbach Publications. Kindle Edition.

10. Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards?

    • Certification
    • Declaration
    • Audit
    • Accreditation
    Explanation:

    Accreditation: is an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards. It is usually based on a technical certification of the system’s security mechanisms.

    Certification: Technical evaluation (usually made in support of an accreditation action) of an information system\’s security features and other safeguards to establish the extent to which the system\’s design and implementation meet specified security requirements.
    Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

11. Which of the following rules is least likely to support the concept of least privilege?

    • The number of administrative accounts should be kept to a minimum.
    • Administrators should use regular accounts when performing routine operations like reading mail.
    • Permissions on tools that are likely to be used by hackers should be as restrictive as possible.
    • Only data to and from critical systems and applications should be allowed through the firewall.
    Explanation:

    Only data to and from critical systems and applications should be allowed through the firewall is a detractor. Critical systems or applications do not necessarily need to have traffic go through a firewall. Even if they did, only the minimum required services should be allowed. Systems that are not deemed critical may also need to have traffic go through the firewall.

    Least privilege is a basic tenet of computer security that means users should be given only those rights required to do their jobs or tasks. Least privilege is ensuring that you have the minimum privileges necessary to do a task. An admin NOT using his admin account to check email is a clear example of this.

    Reference(s) used for this question:
    National Security Agency, Systems and Network Attack Center (SNAC), The 60 Minute Network Security Guide, February 2002, page 9.

12. Which of the following is an unintended communication path that is NOT protected by the system’s normal security mechanisms?

    • A trusted path
    • A protection domain
    • A covert channel
    • A maintenance hook
    Explanation:

    A covert channel is an unintended communication path within a system, therefore it is not protected by the system’s normal security mechanisms. Covert channels are a secret way to convey information.

    Covert channels are addressed from TCSEC level B2.

    The following are incorrect answers:

    A trusted path is the protected channel that allows a user to access the Trusted Computing Base (TCB) without being compromised by other processes or users.

    A protection domain consists of the execution and memory space assigned to each process.

    A maintenance hook is a hardware or software mechanism that was installed to permit system maintenance and to bypass the system’s security protections.

    Reference used for this question:
    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 6: Operations Security (page 219).

13. Which of the following is best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in a system?

    • Fail proof
    • Fail soft
    • Fail safe
    • Fail Over
    Explanation:

    NOTE: This question is referring to a system which is Logical/Technical, so it is in the context of a system that you must choose the right answer. This is very important to read the question carefully and to identify the context whether it is in the Physical world or in the Technical/Logical world.

    RFC 2828 (Internet Security Glossary) defines fail safe as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system.

    A secure state means in the Logical/Technical world that no access would be granted or no packets would be allowed to flow through the system inspecting the packets such as a firewall for example.

    If the question would have made reference to a building or something specific to the Physical world then the answer would have been different. In the Physical World everything becomes open and full access would be granted. See the valid choices below for the Physical context.

    Fail-safe in the physical security world is when doors are unlocked automatically in case of emergency. Used in environment where humans work around. As human safety is prime concern during Fire or other hazards.

    The following were all wrong choices:

    Fail-secure in the physical security world is when doors are locked automatically in case of emergency. Can be in an area like Cash Locker Room provided there should be alternative manually operated exit door in case of emergency.

    Fail soft is selective termination of affected non-essential system functions and processes when a failure occurs or is detected in the system.

    Fail Over is a redundancy mechanism and does not apply to this question.
    There is a great post within the CCCure Forums on this specific Q:

    saintrockz who is a long term contributor to the forums did outstanding research and you have the results below. The CCCure forum is a gold mine where thousands of Qs related to the CBK have been discussed.

    According to the Official ISC2 Study Guide (OIG):
    Fault Tolerance is defined as built-in capability of a system to provide continued correct execution in the presence of a limited number of hardware or software faults. It means a system can operate in the presence of hardware component failures. A single component failure in a fault-tolerant system will not cause a system interruption because the alternate component will take over the task transparently. As the cost of components continues to drop, and the demand for system availability increases, many non-fault-tolerant systems have redundancy built-in at the subsystem level. As a result, many non-fault-tolerant systems can tolerate hardware faults – consequently, the line between a fault-tolerant system and a non-fault-tolerant system becomes increasingly blurred.

    According to Common Criteria:
    Fail Secure – Failure with preservation of secure state, which requires that the TSF (TOE security functions) preserve a secure state in the face of the identified failures.

    Acc. to The CISSP Prep Guide, Gold Ed.:
    Fail over – When one system/application fails, operations will automatically switch to the backup system.
    Fail safe – Pertaining to the automatic protection of programs and/or processing systems to maintain safety when a hardware or software failure is detected in a system.
    Fail secure – The system preserves a secure state during and after identified failures occur.
    Fail soft – Pertaining to the selective termination of affected non-essential processing when a hardware or software failure is detected in a system.

    Acc. to CISSP for Dummies:
    Fail closed – A control failure that results all accesses blocked.
    Fail open – A control failure that results in all accesses permitted.
    Failover – A failure mode where, if a hardware or software failure is detected, the system automatically transfers processing to a hot backup component, such as a clustered server.
    Fail-safe – A failure mode where, if a hardware or software failure is detected, program execution is terminated, and the system is protected from compromise.
    Fail-soft (or resilient) – A failure mode where, if a hardware or software failure is detected, certain, noncritical processing is terminated, and the computer or network continues to function in a degraded mode.
    Fault-tolerant – A system that continues to operate following failure of a computer or network component.

    It’s good to differentiate this concept in Physical Security as well:

    Fail-safe
    • Door defaults to being unlocked
    • Dictated by fire codes

    Fail-secure
    • Door defaults to being locked

    Reference(s) used for this question:

    SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

14. The preliminary steps to security planning include all of the following EXCEPT which of the following?

    • Establish objectives.
    • List planning assumptions.
    • Establish a security audit function.
    • Determine alternate courses of action
    Explanation:

    The keyword within the question is: preliminary

    This means that you are starting your effort, you cannot audit if your infrastructure is not even in place.

    Reference used for this question:

    TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

15. Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it?

    • Aggregation
    • Inference
    • Clustering
    • Collision
    Explanation:
    The Internet Security Glossary (RFC2828) defines aggregation as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it.
    Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

16. Which of the following best defines add-on security?

    • Physical security complementing logical security measures.
    • Protection mechanisms implemented as an integral part of an information system.
    • Layer security.
    • Protection mechanisms implemented after an information system has become operational.
    Explanation:
    The Internet Security Glossary (RFC2828) defines add-on security as “The retrofitting of protection mechanisms, implemented by hardware or software, after the [automatic data processing] system has become operational.”
    Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

17. At what stage of the applications development process should the security department become involved?

    • Prior to the implementation
    • Prior to systems testing
    • During unit testing
    • During requirements development
    Explanation:
    Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 

18. Which of the following monitors network traffic in real time?

    • network-based IDS
    • host-based IDS
    • application-based IDS
    • firewall-based IDS
    Explanation:
    This type of IDS is called a network-based IDS because monitors network traffic in real time.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 48.

19. A host-based IDS is resident on which of the following?

    • On each of the critical hosts
    • decentralized hosts
    • central hosts
    • bastion hosts
    Explanation:

    A host-based IDS is resident on a host and reviews the system and event logs in order to detect an attack on the host and to determine if the attack was successful. All critical serves should have a Host Based Intrusion Detection System (HIDS) installed. As you are well aware, network based IDS cannot make sense or detect pattern of attacks within encrypted traffic. A HIDS might be able to detect such attack after the traffic has been decrypted on the host. This is why critical servers should have both NIDS and HIDS.

    FROM WIKIPEDIA:
    A HIDS will monitor all or part of the dynamic behavior and of the state of a computer system. Much as a NIDS will dynamically inspect network packets, a HIDS might detect which program accesses what resources and assure that (say) a word-processor hasn\’t suddenly and inexplicably started modifying the system password-database. Similarly a HIDS might look at the state of a system, its stored information, whether in RAM, in the file-system, or elsewhere; and check that the contents of these appear as expected.

    One can think of a HIDS as an agent that monitors whether anything/anyone – internal or external – has circumvented the security policy that the operating system tries to enforce.
    http://en.wikipedia.org/wiki/Host-based_intrusion_detection_system

20. Which of the following best describes signature-based detection?

    • Compare source code, looking for events or sets of events that could cause damage to a system or network.
    • Compare system activity for the behaviour patterns of new attacks.
    • Compare system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack.
    • Compare network nodes looking for objects or sets of objects that match a predefined pattern of objects that may describe a known attack.
    Explanation:

    Misuse detectors compare system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack. As the patterns corresponding to known attacks are called signatures, misuse detection is sometimes called “signature-based detection.”

    The most common form of misuse detection used in commercial products specifies each pattern of events corresponding to an attack as a separate signature. However, there are more sophisticated approaches to doing misuse detection (called “state-based” analysis techniques) that can leverage a single signature to detect groups of attacks.

    Reference:

    Old Document:
    BACE, Rebecca & MELL, Peter, NIST Special Publication 800-31 on Intrusion Detection Systems, Page 16.

    The publication above has been replaced by 800-94 on page 2-4
    The Updated URL is: http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf