ISC2 SYSTEMS SECURITY CERTIFIED
PRACTITIONER (SSCP) EXAM
QUESTIONS AND ANSWERS (GRADED
A+)
Does DHCP work the same on IPv4 as it does on IPv6? - ANSWER-No. DHCPv6, a
protocol new in IPv6, supports devices that generate their own 48‐bit privacy address
field; this plus a prefix is used instead of the MAC address. DHCPv6 also has to use
other protocols such as Duplicate Address Detection and Neighbor Discovery Protocol,
which are not required in IPv4.
How do asymmetric and symmetric encryption compare with each other? - ANSWER-
Asymmetric uses a different key and algorithm for encryption than it does for decryption;
these one‐way (or trapdoor) functions are what make it almost impossible to reverse
either process to attack the system. It's very slow and not suited to large files. Keys are
exchanged (mutually generated), not distributed. Symmetric uses same key and
algorithm for encryption and decryption, runs very fast, and is suitable for very large
files. It requires key distribution and management process to protect keys and data
encrypted with them.
What is discretionary access control? - ANSWER-Allows subjects (users) to modify
access control system constraints, rules, or policies
Domain Name System (DNS) uses which port and protocol? - ANSWER-UDP port 53
for name queries; TCP port 53 for zone transfers
Cryptographic System - ANSWER-The full set of components necessary to use
encryption to achieve security needs.
Cryptographic Algorithm - ANSWER-Provides the process for transforming plaintext into
ciphertext (encryption) or the reverse (decryption)
Cryptographic Protocol - ANSWER-Process that uses encryption in order to achieve a
specific purpose, such as digitally signing a file or an email.
Which layer does IPSec operate at? - ANSWER-Layer 3, the internetworking (or
network) layer
What is an orphan? - ANSWER-A device or software program no longer supported by
its vendor or manufacturer; no more upgrades, updates, or support to migrate to a new
operating system is available.
,What is * (star) security? - ANSWER-A security model property that prohibits writing
down to a process at a lower security level; from the Bell‐LaPadula model
How does shared responsibility for cloud security work? - ANSWER-Depending upon
the cloud service model in use (SaaS, PaaS, IaaS, etc.), the service level agreement
(SLA) specifies what services the cloud services provider (CSP) is responsible for and
what services the user organization must take responsibility for. The SLA will (or should)
specify what security tasks, functions, and support are provided by each party, what
limits on testing are imposed, and what notification requirements are in force, among
other aspects.
What is annualized rate of occurrence (ARO)? - ANSWER-Number of times a risk event
is anticipated to occur within a calendar year. ARO = 0.1 indicates a once‐every‐10‐year
event.
What is the AAA of access control? - ANSWER-Authentication (validate a subject is
legitimate); authorization (validate that the access request itself is permitted for that
subject, object, and conditions); and accounting (keep records of every attempt and
what it resulted in)
What is eradication? - ANSWER-Finding and eliminating all copies of causal agents
such as malware files or unauthorized user/subject IDs
What is the difference between security classification and categorization? - ANSWER-
Classification determines the type and severity of the impact or loss of any aspect of the
security of an information asset; categorization groups together assets with the same
classification or that share the same compliance requirements for security.
What is access control based on job functions or duties? - ANSWER-Role‐based
access control
What are POP, SNMP, and IMAP, and what ports do they use? - ANSWER-These are
different email protocols. Post Office Protocol (POP), typically version 3 (POP3), uses
either TCP port 110 via Secure Socket Layer (SSL) or Transport Layer Security (TLS)
over port 995. Internet Mail Protocol (IMAP), typically version 4 (IMAP4) runs over TCP
port 143. IMAP4 can also run over SSL or TLS using port 993. Simple Mail Transfer
Protocol (SMTP) uses port 25, but if using SSL or TLS uses port 465. Note that all email
ports can be changed if both parties agree.
What is ARP, what layer does it run at, and what does it use for addressing? -
ANSWER-Address Resolution Protocol (ARP) provides a way to query other network
devices so as to resolve a device's media access control (MAC) address into its
corresponding Internet Protocol (IP) address. It is a cross‐layer protocol and can work
across Layers 2, 3, and 4.
, What is PII? - ANSWER-Personally identifiable information; this is information about a
specific person that if disclosed to the wrong parties could allow for fraudulent misuse of
the person's identity
What is a separation of duties? - ANSWER-Policies that allocate parts of sensitive or
critical job functions to different systems elements (people, systems, or processes) so
that no one single element performs all tasks and can see or modify all data associated
with it.
What is an acceptable use policy? - ANSWER-Administrative statement of what uses of
company‐provided information systems and assets are allowed and what uses are
prohibited
What are cryptographic protocols? - ANSWER-Agreed‐to processes or procedures for
users of a cryptosystem to properly establish and use that cryptosystem for securing
data
What is the most common attack technique used against business or private sector use
of encryption? - ANSWER-Social engineering
What is MPLS, what layer does it run at, and what does it use for addressing? -
ANSWER-MultiProtocol Label Switching (MPLS) provides routing based on shortest
paths within a network and is often used in virtual private network (VPN)
implementations. It uses Internet Protocol (IP) addresses and thus runs at Layer 3.
Which wireless security protocols should no longer be used? - ANSWER-Wired
Equivalency Protocol (WEP), Wi‐Fi Protected Access (WPA)
What is a drive‐by download attack? - ANSWER-Attack in which users of a website are
tricked into triggering the download of malware or other harmful content
What is the difference between a credential and an identity? - ANSWER-An identity is a
label assigned to an entity, by a system (or another such entity), for the purpose of
managing and tracking that entity's access and use of that system or assets under the
identity‐granting entity's control. A credential is a document or dataset that asserts and
attests the correctness, completeness, and validity of an identity at a given moment in
time, and for the purposes associated with that identity by the identity‐granting system.
(Your Twitter account does not go away when you log off, but your access credential to
use Twitter during a particular session does expire.)
What are MAO, MTO, and MTPOD? - ANSWER-Maximum allowable outage, maximum
tolerable outage, and maximum tolerable period of disruption all refer to the longest time
that systems can be inoperable before intolerable disruption or damage is done to the
business
PRACTITIONER (SSCP) EXAM
QUESTIONS AND ANSWERS (GRADED
A+)
Does DHCP work the same on IPv4 as it does on IPv6? - ANSWER-No. DHCPv6, a
protocol new in IPv6, supports devices that generate their own 48‐bit privacy address
field; this plus a prefix is used instead of the MAC address. DHCPv6 also has to use
other protocols such as Duplicate Address Detection and Neighbor Discovery Protocol,
which are not required in IPv4.
How do asymmetric and symmetric encryption compare with each other? - ANSWER-
Asymmetric uses a different key and algorithm for encryption than it does for decryption;
these one‐way (or trapdoor) functions are what make it almost impossible to reverse
either process to attack the system. It's very slow and not suited to large files. Keys are
exchanged (mutually generated), not distributed. Symmetric uses same key and
algorithm for encryption and decryption, runs very fast, and is suitable for very large
files. It requires key distribution and management process to protect keys and data
encrypted with them.
What is discretionary access control? - ANSWER-Allows subjects (users) to modify
access control system constraints, rules, or policies
Domain Name System (DNS) uses which port and protocol? - ANSWER-UDP port 53
for name queries; TCP port 53 for zone transfers
Cryptographic System - ANSWER-The full set of components necessary to use
encryption to achieve security needs.
Cryptographic Algorithm - ANSWER-Provides the process for transforming plaintext into
ciphertext (encryption) or the reverse (decryption)
Cryptographic Protocol - ANSWER-Process that uses encryption in order to achieve a
specific purpose, such as digitally signing a file or an email.
Which layer does IPSec operate at? - ANSWER-Layer 3, the internetworking (or
network) layer
What is an orphan? - ANSWER-A device or software program no longer supported by
its vendor or manufacturer; no more upgrades, updates, or support to migrate to a new
operating system is available.
,What is * (star) security? - ANSWER-A security model property that prohibits writing
down to a process at a lower security level; from the Bell‐LaPadula model
How does shared responsibility for cloud security work? - ANSWER-Depending upon
the cloud service model in use (SaaS, PaaS, IaaS, etc.), the service level agreement
(SLA) specifies what services the cloud services provider (CSP) is responsible for and
what services the user organization must take responsibility for. The SLA will (or should)
specify what security tasks, functions, and support are provided by each party, what
limits on testing are imposed, and what notification requirements are in force, among
other aspects.
What is annualized rate of occurrence (ARO)? - ANSWER-Number of times a risk event
is anticipated to occur within a calendar year. ARO = 0.1 indicates a once‐every‐10‐year
event.
What is the AAA of access control? - ANSWER-Authentication (validate a subject is
legitimate); authorization (validate that the access request itself is permitted for that
subject, object, and conditions); and accounting (keep records of every attempt and
what it resulted in)
What is eradication? - ANSWER-Finding and eliminating all copies of causal agents
such as malware files or unauthorized user/subject IDs
What is the difference between security classification and categorization? - ANSWER-
Classification determines the type and severity of the impact or loss of any aspect of the
security of an information asset; categorization groups together assets with the same
classification or that share the same compliance requirements for security.
What is access control based on job functions or duties? - ANSWER-Role‐based
access control
What are POP, SNMP, and IMAP, and what ports do they use? - ANSWER-These are
different email protocols. Post Office Protocol (POP), typically version 3 (POP3), uses
either TCP port 110 via Secure Socket Layer (SSL) or Transport Layer Security (TLS)
over port 995. Internet Mail Protocol (IMAP), typically version 4 (IMAP4) runs over TCP
port 143. IMAP4 can also run over SSL or TLS using port 993. Simple Mail Transfer
Protocol (SMTP) uses port 25, but if using SSL or TLS uses port 465. Note that all email
ports can be changed if both parties agree.
What is ARP, what layer does it run at, and what does it use for addressing? -
ANSWER-Address Resolution Protocol (ARP) provides a way to query other network
devices so as to resolve a device's media access control (MAC) address into its
corresponding Internet Protocol (IP) address. It is a cross‐layer protocol and can work
across Layers 2, 3, and 4.
, What is PII? - ANSWER-Personally identifiable information; this is information about a
specific person that if disclosed to the wrong parties could allow for fraudulent misuse of
the person's identity
What is a separation of duties? - ANSWER-Policies that allocate parts of sensitive or
critical job functions to different systems elements (people, systems, or processes) so
that no one single element performs all tasks and can see or modify all data associated
with it.
What is an acceptable use policy? - ANSWER-Administrative statement of what uses of
company‐provided information systems and assets are allowed and what uses are
prohibited
What are cryptographic protocols? - ANSWER-Agreed‐to processes or procedures for
users of a cryptosystem to properly establish and use that cryptosystem for securing
data
What is the most common attack technique used against business or private sector use
of encryption? - ANSWER-Social engineering
What is MPLS, what layer does it run at, and what does it use for addressing? -
ANSWER-MultiProtocol Label Switching (MPLS) provides routing based on shortest
paths within a network and is often used in virtual private network (VPN)
implementations. It uses Internet Protocol (IP) addresses and thus runs at Layer 3.
Which wireless security protocols should no longer be used? - ANSWER-Wired
Equivalency Protocol (WEP), Wi‐Fi Protected Access (WPA)
What is a drive‐by download attack? - ANSWER-Attack in which users of a website are
tricked into triggering the download of malware or other harmful content
What is the difference between a credential and an identity? - ANSWER-An identity is a
label assigned to an entity, by a system (or another such entity), for the purpose of
managing and tracking that entity's access and use of that system or assets under the
identity‐granting entity's control. A credential is a document or dataset that asserts and
attests the correctness, completeness, and validity of an identity at a given moment in
time, and for the purposes associated with that identity by the identity‐granting system.
(Your Twitter account does not go away when you log off, but your access credential to
use Twitter during a particular session does expire.)
What are MAO, MTO, and MTPOD? - ANSWER-Maximum allowable outage, maximum
tolerable outage, and maximum tolerable period of disruption all refer to the longest time
that systems can be inoperable before intolerable disruption or damage is done to the
business
