SSCP Sticking Points
What type of forensic acquisition only focuses on specific files?
A logical acquisition focuses on specific files of interest, such as a specific type of file, or files from a specific location. In Eric's case, a logical acquisition meets his needs. A sparse acquisition also collects data from unallocated space. A bit-by-bit acquisition is typically performed for a full drive and will take longer
During a penetration test, Lauren is asked to test the organization's Bluetooth security. Which of the following is not a concern she should explain to her employers?
Bluetooth active scans can determine both the strength of the PIN and what security mode the device is operating in. Unfortunately, Bluetooth scans can be challenging because of the limited range of Bluetooth and the prevalence of personally owned Bluetooth-enabled devices. Passive Bluetooth scanning only detects active connections and typically requires multiple visits to have a chance of identifying all devices.
Harold recently added an input validation routine to a web application that is designed to remove any instances of the ˂SCRIPT˃ tag in user input. What type of attack is Harold attempting to mitigate?
Cross-site scripting (XSS) attacks seek to inject script code into a web application through unvalidated input. By removing the ˂SCRIPT˃ tag from that input, Harold is seeking to prevent this type of attack from succeeding.
Who should receive initial business continuity plan training in an organization?
Everyone in the organization should receive a basic awareness training for the business continuity program. Those with specific roles, such as first responders and senior executives, should also receive detailed, role-specific training.
Fred's company wants to ensure the integrity of email messages sent via its central email servers. If the confidentiality of the messages is not critical, what solution should Fred suggest?
Fred's company needs to protect integrity, which can be accomplished by digitally signing messages. Any change will cause the signature to be invalid. Encrypting isn't necessary because the company does not want to protect confidentiality. TLS can provide in-transit protection but won't protect integrity of the messages, and of course a hash used without a way to verify that the hash wasn't changed won't ensure integrity either.
Why would a signature be part of a retention requirement?
It validates who approved the data.
MAC models use three types of environments. Which of the following is not a mandatory access control design?
Mandatory access control systems can be hierarchical, where each domain is ordered and related to other domains above and below it; compartmentalized, where there is no relationship between each domain; or hybrid, where both hierarchy and compartments are used. There is no concept of bracketing in mandatory access control design.
What should be allowed through an egress filter?
Packets with public IP addresses will routinely be allowed to enter the network, so you should not create a rule to block them. Packets with internal source addresses should never originate from outside the network, so they should be blocked from entering the network. Packets with external source addresses should never be found on the internal network, so they should be blocked from leaving the network. Finally, private IP addresses should never be used on the Internet, so packets containing private IP addresses should be blocked from leaving the network.
What technology is likely to be involved when Ben's organization needs to provide authentication and authorization assertions to their cloud e-commerce application?
SAML, the Security Assertion Markup Language is frequently used to integrate cloud services, and provides the ability to make authentication and authorization assertions.
What message logging standard is commonly used by network devices, Linux and Unix systems, and many other enterprise devices?
Syslog is a widely used protocol for event and message logging. Eventlog, netlog, and Remote Log Protocol are all made-up terms.
During a port scan, Susan discovers a system running services on TCP and UDP 137-139 and TCP 445, as well as TCP 1433. What type of system is she likely to find if she connects to the machine?
TCP and UDP ports 137-139 are used for NetBIOS services, whereas 445 is used for Active Directory. TCP 1433 is the default port for Microsoft SQL, indicating that this is probably a Windows server providing SQL services.
What is the longest encryption key supported by the Advanced Encryption Standard (AES) algorithm?
The Advanced Encryption Standard (AES) supports the use of encryption keys that are 128 bits, 192 bits, or 256 bits in length.
What key lengths are supported by AES?
The Advanced Encryption Standard supports encryption with 128-bit keys, 192-bit keys, and 256-bit keys.
Norm is configuring an RSA cryptosystem for use within his organization and is selecting the key lengths that he will support. Which one of the following key lengths is not both supported by the RSA algorithm and generally considered secure?
The RSA algorithm supports key lengths between 1,024 and 4,096 bits
Which GDPR principle states that the individual should have the right to receive personal information concerning himself or herself and share it with another data controller?
The principle of data integrity states that data should be reliable and that information should not be used for purposes other than those that users are made aware of by notice and that they have accepted through choice. Enforcement is aimed at ensuring that compliance with principles is assured. Access allows individuals to correct, change, or delete their information, while onward transfer limits transfers to other organizations that comply with the principles of notice and choice.
What does the scope and planning phase of making a BCP include?
The project scope and planning phase includes four actions: a structured analysis of the organization, the creation of a BCP team, an assessment of available resources, and an analysis of the legal and regulatory landscape.
Which one of the following traffic types should not be blocked by an organization's egress filtering policy?
Traffic with a destination address on an external network. Egress filtering scans outbound traffic for potential security policy violations. This includes traffic with a private IP address as the destination, traffic with a broadcast address as the destination, and traffic that has a falsified source address not belonging to the organization.
How does an individual verify the authenticity of a digital certificate?
When an individual receives a copy of a digital certificate, he or she verifies the authenticity of that certificate by using the CA's public key to validate the digital signature contained on the certificate.
What system shown does not natively have support for syslog events?
Windows systems. Windows systems generate logs in the Windows native logging format. To send syslog events, Windows systems require a helper application or tool. Enterprise wireless access points, firewalls, and Linux systems all typically support syslog.
