ISC2 SSCP Exam Questions

Correct answer: Deterrent

Deterrent security controls attempt to dissuade an attacker from carrying out an attack, making them proactive.

Correct answer: Write up

The * (star) integrity property prevents write up or writing data to an object with a higher classification level. This is designed to protect higher integrity data from being corrupted by potentially less trustworthy sources. In other words, it enforces that information cannot be written "up" to a higher integrity level, thereby maintaining the integrity of the higher-level data.

In the Biba model, writing down to a lower integrity level is generally allowed because it does not compromise the integrity of higher-level data.

Read up is a concept from the Bell-LaPadula model, which deals with confidentiality rather than integrity. It prevents reading data from a higher confidentiality level.

Read down is also a concept from the Bell-LaPadula model, where reading down from a lower confidentiality level is allowed to ensure confidentiality.

Correct answer: Conceptual/Lexicon

Data Loss Prevention (DLP) systems can use various techniques to identify data exfiltration, including:

• Rule-Based: Uses regular expressions (regexes) or Boolean expressions to define data types of interest. For example, credit card numbers are well-structured data, making them well suited to rule-based detection.
• Database Fingerprinting: Searches for subsets of data from a particular source, such as a set of records from a database.
• Exact File Matching: Uses file digests/hashes to detect the exfiltration of complete, sensitive files from an organization.
• Partial Document Matching: Defines some of the content for a restricted document, such as the template used to create sensitive forms, reports, etc.
• Conceptual/Lexicon: Combines restricted wordlists, rules, and regular expressions to identify exfiltration of data likely to be restricted. This approach can be used to identify classified data based on labels of SECRET, TOP SECRET, etc.
• Machine Learning: Helps to identify the use of non-standard encryption algorithms for data exfiltration based on entropy, etc.
• Predefined Patterns/Categories: Used to identify particular types of structured data within a given field, such as payment card or healthcare information.

Correct answer: Natural causes

Natural causes, such as earthquakes, floods, or hurricanes, can lead to severe disruptions that necessitate the activation of a business continuity plan. These events often impact a wide range of operations, requiring immediate action to maintain or restore critical business functions.

Events of interest can be classified as the following:

• Natural Causes: Triggers business continuity plan
• Accidental: Triggers safety, training procedures
• Systems Failure: Triggers maintenance and recovery
• Intrusion: Triggers incident response activities

Correct answer: Uptime Institute

The Uptime Institute has a four-tier standard that describes the capabilities and requirements of data centers. These tiers range from Tier 1, which is capable of supporting an office environment, to Tier 4, which is a highly redundant and fault-tolerant data center.

ASHRAE (American Society of Heating, Refrigerating, and Air-Conditioning Engineers) publishes standards related to HVAC systems, including guidelines for data center cooling, but it does not focus on the overall requirements and capabilities of data centers.

IEEE (Institute of Electrical and Electronics Engineers) develops standards for a wide range of technologies, including networking and power systems, but it does not specifically publish standards for describing data center requirements and capabilities.

IEC (International Electrotechnical Commission) publishes international standards for electrical, electronic, and related technologies, but it does not specifically focus on data center requirements in the way the Uptime Institute does.

Correct answer: Database Fingerprinting

Data Loss Prevention (DLP) systems can use various techniques to identify data exfiltration, including:

• Rule-Based: Uses regular expressions (regexes) or Boolean expressions to define data types of interest. For example, credit card numbers are well-structured data, making them well suited to rule-based detection.
• Database Fingerprinting: Searches for subsets of data from a particular source, such as a set of records from a database.
• Exact File Matching: Uses file digests/hashes to detect the exfiltration of complete, sensitive files from an organization.
• Partial Document Matching: Defines some of the content for a restricted document, such as the template used to create sensitive forms, reports, etc.
• Conceptual/Lexicon: Combines restricted wordlists, rules, and regular expressions to identify exfiltration of data likely to be restricted.
• Machine Learning: Helps to identify the use of non-standard encryption algorithms for data exfiltration based on entropy, etc.
• Predefined Patterns/Categories: Used to identify particular types of structured data within a given field, such as payment card or healthcare information.

Correct answer: DES

DES is a symmetric-key block cipher that uses a Feistel network structure, which involves dividing the block of plaintext into two halves and applying a series of transformations, including substitution and permutation, in multiple rounds.

AES is a symmetric-key block cipher using a substitution-permutation network rather than a Feistel network.

RSA is an asymmetric encryption algorithm and does not use a Feistel network structure. It is based on the mathematical properties of prime numbers.

RC4 is a stream cipher and does not use a block structure or a Feistel network. It encrypts data one byte at a time.

Correct answer: Network

The three planes of network engineering are the data, control, and management planes.

Correct answer: Predefined Patterns/Categories

Data Loss Prevention (DLP) systems can use various techniques to identify data exfiltration, including:

• Rule-Based: Uses regular expressions (regexes) or Boolean expressions to define data types of interest. For example, credit card numbers are well-structured data, making them well suited to rule-based detection.
• Database Fingerprinting: Searches for subsets of data from a particular source, such as a set of records from a database.
• Exact File Matching: Uses file digests/hashes to detect the exfiltration of complete, sensitive files from an organization.
• Partial Document Matching: Defines some of the content for a restricted document, such as the template used to create sensitive forms, reports, etc.
• Conceptual/Lexicon: Combines restricted wordlists, rules, and regular expressions to identify exfiltration of data likely to be restricted.
• Machine Learning: Helps to identify the use of non-standard encryption algorithms for data exfiltration based on entropy, etc.
• Predefined Patterns/Categories: Used to identify particular types of structured data within a given field, such as payment card or healthcare information.

Correct answer: Data validation

Data validation is crucial for ensuring that data is accurate and conforms to expected formats, but it is not a core process within data modeling. Data modeling primarily focuses on the structure and organization of data, rather than validating the data itself.

Data typing is a core process in data modeling because it involves defining the type of data (e.g., integer, string) that will be stored in each field. This is essential for designing a robust and functional data model.

Defining relationships between different data entities (e.g., one-to-one, one-to-many) is a fundamental aspect of data modeling. This process helps ensure the data model accurately reflects the real-world relationships between different types of data.

Creating data structures, such as tables, fields, and indexes, is central to data modeling. This process involves organizing data in a way that is efficient, logical, and aligned with the requirements of the system being designed.

Correct answer: Simple Security Property

The Simple Security Property rule states that a subject (such as a user or process) at a lower security level is not permitted to read data at a higher security level. This property enforces confidentiality by ensuring that sensitive information is not accessible to individuals without the appropriate clearance

The Star Security Property rule prevents subjects from writing information to a lower security level, ensuring that sensitive information is not downgraded and inadvertently exposed to unauthorized subjects.

Discretionary Security Property refers to the use of access control lists (ACLs) or similar mechanisms to grant or restrict access based on user identities or groups, not specifically addressing the "read up" restriction.

Mandatory Security Property is a general term encompassing policies like those in the Bell-LaPadula model, but it does not specifically refer to preventing "read up" access.

Correct answer: Jurisdiction

Some attributes of cloud computing that make digital forensics more difficult include:

• Virtualization: Cloud-based virtual machines may be difficult to track to a particular physical server and may be converted from a live instance to a file on another system upon shutdown. This makes chain of custody more complex.
• Access: The cloud shared responsibility model may mean that a cloud customer has limited access to parts of their infrastructure stack, which can make collection of evidence more difficult.
• Jurisdiction: Cloud-based data and applications may be hosted in a data center within another jurisdiction, which may have legal implications and create challenges for evidence collection.
• Tools and Techniques: The differences between on-prem and cloud-based infrastructure mean that forensics tools designed for on-prem environments may not be effective in the cloud.

Correct answer: System failure

Implementing redundancy is a key strategy for managing system failures. Redundancy involves having backup systems or components in place so that if one system fails, another can take over, ensuring continuous operation and minimizing downtime. This approach is particularly effective in critical systems where maintaining availability is essential.

Redundancy is not typically a primary method for managing intrusions. Instead, security measures such as firewalls, intrusion detection systems (IDS), and regular monitoring are more appropriate for preventing and responding to intrusions.

While redundancy can help in some scenarios, such as having geographically dispersed data centers to handle natural disasters, other strategies like disaster recovery planning and environmental controls are more focused on addressing natural causes.

Accidents might be mitigated by redundancy in certain situations, but prevention, safety protocols, and regular training are often more directly relevant in managing accidents.

Correct answer: Many-to-one

An identity should uniquely identify an entity, but an entity may have many identities (professional, personal, etc.). Therefore, it is a many-to-one relationship.

One-to-many would imply that a single identity is associated with multiple entities, which can lead to confusion and security risks as it becomes difficult to track and manage access permissions accurately.

While each identity should uniquely identify an entity, a single entity can have multiple identities for different purposes so one-to-one is incorrect.

Many-to-many would imply that multiple entities can have multiple identities, which is not typically the case in identity and access control systems.

Correct answer: Platform as a Service

Cloud services can be deployed under different service models, where responsibility for managing and securing the cloud infrastructure stack is divided in various ways. Some of the common cloud service models include:

• Infrastructure as a Service (IaaS): The cloud service provider essentially provides the hardware that a customer's data center is hosted on. Responsibility for networking is shared, and everything from the operating system on up is the customer's responsibility.
• Platform as a Service (PaaS): The cloud service provider manages an environment (including databases), where a customer can develop and deploy applications. The customer configures databases and creates the apps, and the CSP manages everything else.
• Software as a Service (SaaS): The cloud service provider provides customers with access to CSP-developed applications. Webmail systems such as G-Suite and Microsoft 365 are an example of SaaS solutions.
• Function as a Service (FaaS)/Serverless: Serverless platforms enable individual functions to be defined as standalone services. These functions can then be chained together to implement desired functionality or event flows.

Correct answer: Layer 2

ISO's Open Systems Interconnect Reference Model has seven layers. From bottom to top, they are the following:

• Physical (Layer 1): The Physical layer performs the transmission of bits over the network using electricity, photons, radio waves, or other means.  Network topologies are defined at the Physical layer based on the connections via physical links between different systems' NICs.
• Data Link (Layer 2): The Data Link layer converts between packets and bits and sends traffic over the physical layer while providing error control, flow control, synchronization, and alerting. MAC addresses work at Layer 2, and Layer 2 devices include modems, bridges, NICs, layer 2 switches, and firewalls.
• Network (Layer 3): The Network layer performs routing and switching of packets using IP addresses and provides congestion control, error handling, and packet sequencing. Routers, layer 3 switches, and firewalls operate at Layer 3.
• Transport (Layer 4): The Transport layer moves streams of data from source to destination. The TCP and UDP protocols are defined at the Transport layer.
• Session (Layer 5): The Session layer manages a complete communication session between two systems, including performing synchronization and remembering session credentials.
• Presentation (Layer 6): The Presentation layer translates the data and formats used by Layer 7 applications into the formats needed by lower levels of the OSI stack. This includes serialization and deserialization of data from independent fields to a stream of data.
• Application (Layer 7): The Application layer is where the two applications at the end of a network session communicate with one another. Protocols like HTTP(S), FTP, and SSH operate at the Application layer.

Correct answer: Mandatory Security Property

The security properties of the Bell-LaPadula model are:

• Simple Security Property (SS): Prevents a subject from reading up
• * (star) Security Property: Prevents a subject from writing down
• Discretionary Security Property: Requires the use of an access matrix to enforce discretionary access control when implementing Bell-LaPadula

Mandatory Security Property is a fabricated term.

Correct answer: Root certificate

Root Certificate Authorities (CAs) self-sign their digital certificate and are implicitly trusted by a computer. A root CA will sign intermediate CAs' certificates, and the last intermediate CA in the chain will sign an end-entity certificate.

Correct answer: BGP

The Border Gateway Protocol (BGP) is an example of an exterior gateway protocol. RIPv3, EIGRP, and OSPF are all IGPs.

Correct answer: Testing

Testing verifies that a system can meet operational, performance, or security requirements.

Exercises are controlled simulations of realistic scenarios designed to build skills or familiarity. Drills are shorter simulations performed without notice to test reactions to a particular event. Walk-throughs are a type of exercise in which participants work through a predefined scenario.